A poll about digital trusting

[TsT]

I wonder to add some checksum on the library ... and why not using GnuGP (GPG or PGP) to check and trust the libraries.
I can do that for my game and my libraries without asking... but I think, if there are enought people that are using it, it would be good to have this check.

I create this poll to evaluate the number of people that are know or use PGP or GPG.

Best Regards,

[osgeld]

im at work and im lazy, care to provide some easily obtainable information?

[bartbes]

Apparently I'm still the only one who voted (yes, I'm the 100% 2), somehow I never cared about PGP, or similar technologies.

[TsT]

PGP is Pretty Good Privacy software ( http://en.wikipedia.org/wiki/Pretty_Good_Privacy )
GPG is GnuPG, Gnu Privacy Guard ( http://en.wikipedia.org/wiki/GNU_Privacy_Guard )

The both software are similar (except PGP is more commercial than GnuPG).
They are usually used to :
- send secret (encrypted) message between 2 persons.
- send a signed message and the reader can check and be sure the message has not been changed.

This last feature can be interesting for lua/love.
This kind of software are massively used on linux distributions. Each software (packages) are signed with the author(s) keys and the distribution team key.

Even Microsoft started to use PGP signature in his security newsletter to allow people to check that the content of the newletter is not changed.

In the case of love ...

Currently you can check the content of a .love file before running it.
But in some case (for example : LUBE) when you run the game, it download some update, and automatically load them.
By this way you can not check if something is bad inside the updated files.

This feature don't protected again bad authors, but it protected you if the remote server (where the game try to download the updates) are hacked.

Another advantage is when every developers sign their files, you can always know who is the autor, where report a bug and must of all, who is the legal owner of the code (who choose the licence).


If you want sell, or distribute freely your game, you normally only able to do that if you know and respect the whole licences of every part of the code. The worst case is having a good game with some part built over unknow part of code.

I'm almost sure I'm the only one game author that is thinking about the licence... but it's not a problem

For my last argument, if nobody is afraid, I can build a virus with love, for demonstration

Best Regards

[rude]

Do you want trusting from me (the LÖVE binaries and source) or do you want trusting for .love files? If the latter, how do you imagine it will work?

[TsT]

Do you want trusting from me (the LÖVE binaries and source) or do you want trusting for .love files? If the latter, how do you imagine it will work?

My first goal is trusting every file contains in a .love file.
And let the user choose if he want :
- running the game without trusting at all
- running the game only if every file are signed
- running the game only if every file are signed by a list of known autors (if I want only run code from a limited authors)

I particulary think about intercepting the require() and love.filesystem.include() function to check before loading.
I'm affraid about loading of code that comes from remote unkwnow site...

I don't think about the love binary itself because I'm under linux, I compilate my own love, then I think my love binary is safe (even I don't check the source at all, but I have trust on you Rude )

Regards,

[whitebear]

Well why the heck not? Or are there some disadvantages such as newbie projects being completely rejected by love.exe

[TsT]

Well why the heck not? Or are there some disadvantages such as newbie projects being completely rejected by love.exe

I think about the feature. I don't speak about set the "reject almost everything" by default.
I'm thinking about game makers, or people that want more control, more security.

A newbie want his game run, download automatically what it need, and be able to play as quick as possible.
Me, not. I want be able to launch a game and be sure that nothing bad will be done.

For exemple :
I launch a game, and play it if this game use simple love call or try to load files embeded in the .love it can, I will not see any difference than the current version of love.
But if the game need network support, and try to connect to a remote site, I want love pause the game and ask me to approve the connexion.
After that if the game download some files and try to load them I will be happy if these part can be checked with a trust feature, and show my "I'm trying to load this file created by Mr X, do you want load it or stop?".

I'm already working to have secure space before running the game. (I will release the alpha2 soon).

Regards,

[JamesGecko]

Honestly, I'd be hugely surprised if there are more than three end users who care about this. Everyone else is just going to click "approve everything!" because some games break if you don't. Training users to always approve useless security dialogs is bad, because once they get into the habit of doing that, they'll be more likely to approve real security dialogs for system-wide options.

Hasn't rude said in the past that the final version of LOVE is going to be sandboxed so it can't do any damage to the system? I want that, not this.

But if the game need network support, and try to connect to a remote site, I want love pause the game and ask me to approve the connexion.

I don't want that; it's disruptive and most Windows firewalls already do it. The end result will be users clicking through two approval dialogs. This seems like a complicated solution for a problem that has already been solved.

[Zorbatron]

It's pretty easy to avoid loading a virus, just check the source and determine whether you trust them or not.

Require released games with custom libraries to provide the library source and a md5 hash.