[License-discuss] OSL and obfuscated code

Antoine Thomas antoine.thomas at prestashop.com
Thu Nov 22 09:43:34 UTC 2018


Mike,
I agree, this is a strange request from Infocert. Currently, they think
that an obfuscated code will be more complicated to modify if a merchant
wants to cheat on VAT. However, we understand that they are not really
expert of open source. At this stage we don't want to share the source code
in OSL or AFL (our modules are usually distributed on AFL), for the risk is
to lose the certification. This is something we need to clarify with them.

David,
Thanks for the reminder. So instead of obfuscation, maybe the plugin could
check that the PrestaShop core and the VAT module are original and have no
modification, comparing them with a digital signature, right?
I will check that option with the developers and see if this could be
possible to do that in a future version. Also, of course, Infocert will
have to validate this idea too.



[image: PrestaShop]
<https://www.prestashop.com/?utm_source=signature&utm_medium=e-mail&utm_campaign=emails-signatures>

Antoine Thomas aka ttoine

Developer Advocate

t: +33 (0)6 63 13 79 06

antoine.thomas at prestashop.com




On Wed, 21 Nov 2018 at 22:29, David Woolley <forums at david-woolley.me.uk>
wrote:

> On 21/11/2018 19:35, Mike Linksvayer wrote:
> >
> > I wonder whether INFOCERT's request is justifiable? I imagine they think
> > obfuscated code is less likely to be modified, any modification
> > potentially making the software non-compliant with the regulation,
> > risking INFOCERT's reputation? Why isn't it good enough to have a
> > warning that only unmodified versions are certified and that any
>
> Obfuscating makes it more work to modify, but if you actually want to
> avoid modifications, you should digitally sign.
>
> Obfuscation, to the extent that it makes it impossible to change, goes
> way beyond the level that makes it impossible to verify for security.
>
> _______________________________________________
> License-discuss mailing list
> License-discuss at lists.opensource.org
>
> http://lists.opensource.org/mailman/listinfo/license-discuss_lists.opensource.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-discuss_lists.opensource.org/attachments/20181122/be1ef541/attachment.html>


More information about the License-discuss mailing list