Re: Script codes

From: charlie strauss <cems_at_earthlink_dot_net>
Date: Thu Jan 05 2006 - 22:09:30 CST

-----Original Message-----
>From: Scott Brown <scott@rsbrown.net>
>Sent: Jan 5, 2006 10:42 PM
>To: Open Voting Consortium discussion list <ovc-discuss@listman.sonic.net>
>Subject: Re: [OVC-discuss] Script codes
>
>The quoted section doesn't unconditionally prohibit anything. It simply
>prohibits certain types of development environments unless proper
>precuations are taken.

yes, okay I grant you that interpretation for the quoted section. But the prior sentence (quoted earlier but not in the section you are refering to) seems unequivocal:

namely:
">> 4.2.2 Software Integrity
>> Self-modifying, dynamically loaded, or interpreted code is
>> prohibited, except under the
>> security provisions outlined in section 6.4.e."

I'm not sure what is is 6.4.e (I'm guess it's an exception for COTs or something)

>
>-- Scott
>
>On 1/5/06, David Jefferson <d_jefferson@yahoo.com> wrote:
>>
>> I am not facile with Python. But my reading of these lines is that they
>> require strong typing, including bounds checked arrays and strings, and
>> disciplined object references (e.g. Java). Also, my personal
>> interpretation is that whatever the main body of code is writen in, there
>> cannot be a *second* level of interpretation, i.e. Python and Java would
>> be OK by me as primary languages even though they are interpreted, as long
>> as there were not another level of interpretation of some other language.
>> But, of course, I am not an ITA.
>> And if it were up to me these lines would seem to preclude C, because of
>> the confusion between integers and pointers in that language does not allow
>> any strong way of controlling pointer references; but I doubt the ITAs
>> interpret it that way, or enforce it.
>>
>> David
>>
>>
>>
>> On Jan 5, 2006, at 7:52 PM, charlie strauss wrote:
>>
>>
>>
>> -----Original Message-----
>>
>> From: David Jefferson <d_jefferson@yahoo.com>
>> The prohibition on interpreted code is in section 4.2.2 of the 2002
>> FEC standards.
>>
>> 4.2.2 Software Integrity
>> Where the development environment (programming language and
>> development tools)
>> includes the following features, the software shall provide controls
>> to prevent accidental or deliberate attempts to replace executable code:
>> Unbounded arrays or strings (includes buffers used to move data);
>> Pointer variables; and
>> Dynamic memory allocation and management.
>>
>>

_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Mon Jan 8 20:24:35 2007

This archive was generated by hypermail 2.1.8 : Mon Jan 08 2007 - 20:24:39 CST