savannah-hackers
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Savannah-hackers] submission of Peer Agent - savannah.nongnu.org

From: Robert Fischer, PhD
Subject: Re: [Savannah-hackers] submission of Peer Agent - savannah.nongnu.org
Date: Thu, 07 Oct 2004 16:39:10 -0400 
Elfyn,

> You must determine whether your project can run on a Free Software Java suite
> (see http://www.gnu.org/software/java/ for more information).  
> 
> We recommend you to test your project against GCJ+Classpath, and ensure that
> your Java code runs on this Free Software Java suite.  If it does not run with
> a free Java suite, we cannot host your project, as it would have non-free
> dependencies.
> 
> GCJ is the GNU Compiler for Java, part of the GCC (GNU Compiler Collection).
> The Classpath project aims to develop a free and portable implementation of
> the Java API (the classes in the 'java' package).  More information at
> http://gcc.gnu.org and http://www.gnu.org/software/classpath/.

The peeragent system needs to run untrusted mobile code in a sandbox. 
Unlike many (most?) desktop Java applications, this is one that really
could not have been written in C++.  It needs a Java system with a
bytecode verifier and security manager in place.  As far as I can tell,
neither GCJ nor Kaffe provides a bytecode verifier.  Please correct me
if I'm wrong.

Other than Java, the only other system that might provide safe execution
functionality and is mature enough for this project is .NET.  In theory,
I suppose that one could try rewriting peer agents in C#.NET on Mono. 
However, that is probably premature right now.  Mono is not at all a
mature system and presents problems.  For example, unlike Java, there is
no common cross-platform GUI API for .NET.  The Windows.Forms library
runs only on MS Windows; C#-GTK runs on Linux.

The result seems to be that as of today, the FSF will not support
applications that require the safe execution of untrusted code because
there are no free virtual machines with the required verifiers and
security architecture.

In the past, the FSF made exceptions to the all-free-software policy in
cases that no viable non-free alternative existed for a particular
task.  For example, the FSF hosted GCC and Emacs even before there was a
free UNIX-like system to run them on.  Maybe a similar exception could
be made for applications, such as peer agents, that require the safe
execution of untrusted mobile code.  Then we can look forward to the
time that there ARE quality free virtual machines with security
managers, just as we looked forward to the time of a complete free
operating system in the past.

Sincerely,
-- Bob
reply via email to
[Prev in Thread] Current Thread [Next in Thread]