[sword-devel] Doctrinal Statement

Jerry Hastings sword-devel@crosswire.org
Fri, 28 Jul 2000 23:38:58 -0700

At 05:48 PM 7/28/2000 -0700, Chris Little wrote:

>I think some kind of signing system is needed, possibly built into the
>module format itself.  It may be time to update the sword module format to
>include some new features.  Perhaps all modules should be encrypted such
>that they are only properly readable if they are unaltered, something like
>using their own checksum as an encryption key.

Yes. Something like that should be done. It should include some kind of 
revision info also, so one can tell if one has a copy that is behind in 
corrections/revisions. All of this kind of stuff should be in the module 
data, not in a separate file. One should not be able to remove this info 
without destroying the module. Also, a list of revisions for all known 
Sword modules should be shipped with Sword, so the install program can 
check previously installed modules to see if a better version exists. 
Unknown modules could still be used they just wouldn't produce any message 
about updates.

But, all of this is open source. Can't anyone take a text edit it and build 
a module that will have valid security features at the local level? This 
why I think some optional remote security data is also good. Not required 
to run, but there for those that want to do a check.