------art_245_15565996.1143697873956
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

It's not copy protection that I'm worried about. Nor is it someone being
able to look at the source code. What I'm worried about is someone
*tampering* with the source code. So what I'm interested in is code signing
of Ruby scripts combined with a policy enforcement mechanism (e.g. only an
admin can install the Ruby interpreter, which is signed and only an admin
can define the execution policy of the Ruby interpreter which can say things
like "run all scripts" to "run only scripts whose public keys are defined by
the admin").

Now, maybe rich client applications built using Ruby will be more like web
pages - the real business logic lives on the server with only lightweight
validation logic on the client. However, it would be a shame to limit Ruby
apps to just that.

-John
http://www.iunknown.com

On 3/30/06, listrecv / gmail.com <listrecv / gmail.com> wrote:
>
> Are you trying to address security concerns or copy protection /
> digital rights?
>
> In terms of copy protection, I see the issue as irrelevant - even
> without the ruby bridge, anyone can do whatever they want with the .NET
> assemblies (especially since they're so easy to disassemble).
>
> In terms of security, how is this different from the security of a
> compiled program?  The two standard methods used to allow users to run
> them securely are either a) trust of the author, often combined with
> code signing or b) running in a sandbox.  Both should work equally well
> for Ruby, even with full source access.
>
>
>

------art_245_15565996.1143697873956--