standalone erlang

Thomas Lindgren thomasl_erlang@REDACTED
Mon Feb 21 12:15:48 CET 2005


--- "Joe Armstrong (AL/EAB)"
<joe.armstrong@REDACTED> wrote:

> But surely this is easily solved :-)
>
> Let's suppose "joe" was the origonal creater of a
> program.
> Joe compiles his public key into the distribution.
/.../

Sure, issue a certificate, sign the modules, and 
package them up like your garden variety conscientous
tar package. However, I don't believe this is
supported in the actual Erlang distribution. E.g., the
compiler does not generate an appropriate hash,
systools and .rel/.app/... do not support it, and
erl_prim_loader does not verify such signatures. 

But maybe someone could add it?

Bytecode verification could also ensure that your code
is not doing disreputable things. (Though Erlang has a
lot of holes in that regard.)

An even safer option is certifying the actual code
(proof-carrying code); you don't even have to trust
the word of the originator. I'm not sure PCC is mature
enough yet, though.

Best,
Thomas



		
__________________________________ 
Do you Yahoo!? 
The all-new My Yahoo! - What will yours do?
http://my.yahoo.com 



More information about the erlang-questions mailing list