[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A license needed for authentic/consistency purposes



I'm not sure you are aware of the problem,
my idea is to include calls to GnuPG to verify the signature

the program will tell you that this of that file is authentic according to
someone who sign it.

imagine if me for example sign it to be authentic
here someone may trust me
and the software tell him that the file is from me.

the problem is not when other people wrote something

it's when they claim to be me
when they make a custom version of GnuPG
or a custom version of Thwab that don't call GPG properly
in away that give false impression that the files that are not signed
by me carrying my name

all kinds of programs tells you to trust or not to trust
our new license should regulate when the program tells you to trust
not who to trust, you tell the program who you trust

Have you heard about SPAM
I recieve millions of emails some of them appear to be coming from me!!
man-made laws don't prohibit all kinds of fraud, they only regulate frauds

many people recieve emails telling them that they won something
and to get the money them have to send some disposals and of course
there is not prise.


On Dec 26, 2007 12:59 PM, Mohammed Adnčne Trojette <adn at diwi dot org> wrote:
> On Wed, Dec 26, 2007, moayyad sadi wrote:
> > my idea, Imagine that some one develop his own version of GnuPG
> > that tells you that the signature is valid while it's not
>
> That has nothing to do with "telling". You can go and check that the
> code does what it says it does.
>
so, you are telling me that the regular user should understand the GnuPG code
in order to know whither this file is from that person or not
How many users do that ?

> The same goes with Islamic software. Who says libitl computes correctly
> prayer times? You have to check the code, the algorithms, the maths
> behind it or you have to trust its author.
>
> And such a code, while being authentic, can be buggy and lead to
> mistakes. Is what you want a certification authority that will say "this
> is authentic" and "this is not"?
>
Fine, we are fine with that,
the problem of such thing is a legal fraud praticed all over the world
for example, SAT channels here broad cast "send SMS to so and so and won a car"
in other places like EU they should say "to get a chance to won a car"

fraud is legal in all man-made law, lawers find holes to escape responsibility
I want to forbid fraud in the license for countries that have no
regulations for that

Imagine a company that redistribute inauthentic version of ITL
who takes responsibility, the user should know its the company
Imagine another company that redistribute authentic buggy version of ITL
who takes responsibility, the user should know its the original author.

the user has the right to know who to thank and who to blame
it's not about controlling people, it's about to let them know to let
them decide

the example I told you that the we Muslims do have books having inauthentic
saying of the prophet, but that are introduced as inauthentic

the problems is when they are introduced as authentic

This license is for software that have practical procedure to tell
what is authentic and what is not like GnuPG

my idea is that no one has the right to degrade the procedure,
not the list of who to trust, that list is done by users.

on my program, I say I get those files form so and so and I take
responsibility of that
I put my reputation on that  by putting my e-signature on it

no one should degrade GnuPG or my calls to GPG,
"GPG tells you this file have a valid signature of Alsadi"
image if someone modify the code to make this message appear
without a prober call to GPG

the user decide to trust me or not, but I decide the procedure (in my
software I write)
fair enough

> > it's about the false impression given to the user
> > my case to protect people from being victims of fraud
> > which could be legal because of some license issue
>