Re: readable source code [Re: OVC-discuss Digest, Vol 37, Issue 6]

From: Arthur Keller <voting_at_kellers_dot_org>
Date: Mon Nov 05 2007 - 00:44:22 CST

Open Source does not necessarily imply voluntarily contributed code
where anyone may contribute. There must be a vetting process to
accept the contributed code if code is to be contributed, as is done
for Linux, Apache, and other Open Source software systems.

However, the risk is there of someone maliciously contributing code
to an Open Source voting project, that surreptitiously creates an
Easter Egg or trap door. Ideally, the certification process should
catch the problem, but we know how effective the certification
process has been...NOT!

Thus, there is need to include full source code derivation history
showing where each line or group of lines comes from. So such an
Easter Egg can be traced to its origin (assuming it is discovered).

Even better would be paid staff developing requirements,
specifications, and software, as well as test harnesses, etc., that
are all made available as Open Source, but for which the official
version has lineage that is maintained and traceable. This idea was
expounded in a discussion in this list a few years ago about the
nature of the special GPL-like software license that added the
requirement for lineage recording.

Source code disclosure is a good thing and would be an improvement
over trade secret software. However, source code disclosure in and
of itself does not guarantee quality, reliability, security,
hack-resistance, etc. Those other desiderata must be built into the
design. Source code disclosure (of which open source is one flavor)
allows for independent determination the extent to which these
desiderata are met.

Best regards,
Arthur

At 7:53 AM -0800 11/4/07, Richard C. Johnson wrote:
>Danny, Fred,
>
>The custom in Open Source is to voluntarily fix the posted code you
>find defective. That is what is done in every other Open Source
>project, and that is what should happen to OpenScan. It may be
>easier to play the critic than to fix code, but the Open Source
>endeavor depends on both. Now that we know something is broken, who
>will volunteer to fix it?
>
>Seriously, that is the reason David Webber and I founded Open Voting
>Solutions over two years ago. We believed that the Open Source
>community contained sufficient volunteer talent to build a voting
>system around the standards of OASIS' Election Markup Language. Why
>not build one on the Open Source model? Why not use EML as a basis,
>with JAVA and XML?
>
>The choice is very simple: either help out in creating an Open
>Source voting system or bow low to the Secret Proprietary Election
>Lords, the Diebold (Premier Election Systems), ES&S, Sequoia, and
>Harts of the world. You who have the ability, now is the time to
>lend pro bono support. Speak up or hold your peace.
>
>There has been much cursing of the darkness...how about we now light a candle?
>
>-- Dick

-- 
-------------------------------------------------------------------------------
Arthur M. Keller, Ph.D., 3881 Corina Way, Palo Alto, CA  94303-4507
tel +1(650)424-0202, fax +1(650)424-0424
_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss
By sending email to the OVC-discuss  list, you thereby agree to release the content of your posts to the Public Domain--with the exception of copyrighted material quoted according to fair use, including publicly archiving at  http://gnosis.python-hosting.com/voting-project/
==================================================================
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
==================================================================
Received on Fri Nov 30 23:17:10 2007

This archive was generated by hypermail 2.1.8 : Fri Nov 30 2007 - 23:17:31 CST