- From: Dominique Hazael-Massieux <dom@w3.org>
- Date: Fri, 18 Oct 2013 10:17:52 +0200
- To: Tobie Langel <tobie@w3.org>
- Cc: Bruce Lawson <bruce@brucelawson.co.uk>, public-web-mobile@w3.org
Le vendredi 18 octobre 2013 à 10:04 +0200, Tobie Langel a écrit : > > I think there are 3 things people mean by "hiding the code": > > * they don't want others to steal their code; people often qualify this > > as meaning the Web force you to do open source (although that's a > > mischaracterization of what open source is) > > * they don't want to make it easy for others to find holes in their code > > * it's nearly impossible to embed a secret (e.g. a key) in the > > client-side part of the code > > 1. is already handled by copyright laws and patents, > 2. is a known bad-practice and shouldn't be encouraged, > 3. is (or should be) in scope of the WebCrypto WG. > > So as Dom said, 1 and 2 require education and 3 driving this as a > priority in the WebCrypto WG. While I don't disagree with your assessment that there are other ways to protect code assets (1) and the security of a given service (2), I think sweeping away the facts that many people are not in a position to rely solely on these other methods is unlikely to be sufficient to address this problem. I have had more than a few times conversations with developers where I try to point out the very same thing that Bruce and you are pointing to, but where the person I'm talking with will simply not be able to adopt the Web as a platform if they have to start with making these specific trade-offs. In fact, I think both of you guys have worked with proprietary code projects :), and I doubt that the fact that this code is protected by copyright and patent laws has been sufficient to make that code be publicly available. Dom
Received on Friday, 18 October 2013 08:18:09 UTC