A poll about digital trusting

Questions about the LÖVE API, installing LÖVE and other support related questions go here.
Forum rules
Before you make a thread asking for help, read this.

Are you interested in PGP/GPG use to trust the libraries/part of code ?

Poll ended at Tue Jul 14, 2009 4:47 pm

I don't know what is PGP :rofl:
3
23%
I know what is PGP but I don't use it :roll:
8
62%
I know what is PGP and I use it but not for Löve :)
1
8%
I know what is PGP and I use it, and I would like to be able to use it with Löve :megagrin:
1
8%
 
Total votes: 13

User avatar
TsT
Party member
Posts: 161
Joined: Thu Sep 25, 2008 7:04 pm
Location: France
Contact:

Re: A poll about digital trusting

Post by TsT »

I don't want keep a insecured love until the final released.
I don't want waiting about rude to implement all the security features that I want, because I'm sure he has enougth thing to do about engine/graphics/physics/...

I think of course love (in C++) must provide some security features, like the sandbox. And it's already done, it's good.

JamesGecko wrote:I don't want that; it's disruptive and most Windows firewalls already do it. The end result will be users clicking through two approval dialogs. This seems like a complicated solution for a problem that has already been solved.
But I'm not running over Windows. I want something better than Windows firewall :D

Using a trust system is a good solution to never have a repetitive boring dialog box.
But the trust system is only usefull if the most of library authors use it and provide the digital signature.

I just want more control, to see what love do, and allow and deny what I want.
The real solution is probably both in C++and lua.
Zorbatron wrote:Require released games with custom libraries to provide the library source and a md5 hash.
md5sum is simple way to trust (more easy, less powerfull).
But you don't catch the case of :
- download a code
- loading it

You can load it by using loadstring, or by writing to a file and loading with require/package or with love.filesystem.* ... and maybe by other solutions.
In the final version is it really a good idea to disable the loadstring/require/package lua functions ?
each dangerous function as unfortunately often real usefull usage...
I think it's more complicated but better to have the choice.

Regards,
My projects current projects : dragoon-framework (includes lua-newmodule, lua-provide, lovemodular, , classcommons2, and more ...)
User avatar
bartbes
Sex machine
Posts: 4946
Joined: Fri Aug 29, 2008 10:35 am
Location: The Netherlands
Contact:

Re: A poll about digital trusting

Post by bartbes »

Disabling require is just... insane, I can agree about package, but loadstring is always useful. In a way I think you're asking too much, you can't limit the developers too much, or the users (of the game, not LÖVE). If you're so paranoid then read the source, and if it downloads something, check what it downloads, but don't try and hold everyone back from creating anything.
User avatar
subrime
Citizen
Posts: 76
Joined: Thu Nov 13, 2008 6:18 pm
Location: Australia

Re: A poll about digital trusting

Post by subrime »

Love is for building applications.

If you worry about applications downloading and running code you trust or approve, you should be running all your applications on a vm (not just love) with restricted network access.
User avatar
TsT
Party member
Posts: 161
Joined: Thu Sep 25, 2008 7:04 pm
Location: France
Contact:

Re: A poll about digital trusting

Post by TsT »

bartbes wrote:(1) Disabling require is just... insane,
(2) I can agree about package, but loadstring is always useful.
(3) In a way I think you're asking too much, you can't limit the developers too much, or the users (of the game, not LÖVE).
(4) If you're so paranoid then read the source, and if it downloads something, check what it downloads, but don't try and hold everyone back from creating anything.
1) I'm agree, but I need to find a way to deny the load of some specific packages.
For exemple, about the os package, I'm trying to :
- load it (ok, love already load it)
- remove the dangerous function like os.remove() and os.execute() or
- backup them in a safe place to control their uses.
- most of all, found a way to deny the use of require to reload os
I don't want disable os completely because os.time() can be use without danger.

2) of course loadstring is useful, and can be use to do good things. but it's also the most simple way to run malicious downloaded data.

3) I don't want limit people, just find technical solution to allow paranoid people (like me) the limit them-self. For now it's not easy or not possible.

4) But I already try to read the source ... but it's boring, and I'm still a beginner in love, I'm not sure to understand every what I read.
And I prefer be able to run game and think "in the worst case, it can not be something dangerous".
And I can tell you, where can I read the source of LUBE-X ? before running it (when you only provide the binary version) :P
I don't blame you, it just a sample to show that is not always possible, and not often simple.
subrime wrote:(1)Love is for building applications.
(2)If you worry about applications downloading and running code you trust or approve, you should be running all your applications on a vm (not just love) with restricted network access.
1) I'm maybe not agree with you, Love is for building game, application and everyelse we want.
a) Creating a application is make .love file with your game inside and include the love binary, rename the result to mygame.exe and allow to run this file.
b) Creating a game is just make a .love file you game inside, and run it with your Love application.
c) Creating a love game that can be use to help us to check/develop/debug their games and improve security...

In the first case (a) yes of course if I want security, I can really trust the binary (.exe) part... So I'm must use some antivirus, firewall, ... and/or virtual machine.
But virtual machine is not very easy to have good performance and 3d acceleration...

Regards,
My projects current projects : dragoon-framework (includes lua-newmodule, lua-provide, lovemodular, , classcommons2, and more ...)
User avatar
bartbes
Sex machine
Posts: 4946
Joined: Fri Aug 29, 2008 10:35 am
Location: The Netherlands
Contact:

Re: A poll about digital trusting

Post by bartbes »

TsT wrote:And I can tell you, where can I read the source of LUBE-X ? before running it (when you only provide the binary version) :P
That's one hell of an example.. first of all it's a development version of LUBE, so it makes sense I wanted to prevent people from using it, but then.. it wasn't meant for people who wanted to be secure, it was for those bleeding-edge users. Anyway, if you only check it's version number you'll see it's useless now.
Post Reply

Who is online

Users browsing this forum: Ahrefs [Bot], Bing [Bot], Google [Bot], zingo and 5 guests