DonationCoder.com Software > Borland C++ Builder Contest
Please explain ...
f0dder:
I can understand why people might not feel comfortable about letting other people see their source, even if it's not going to be distributed to the general public. For what it is worth, mouser has my full confidence, he's one of those few decent human beings out there. And besides, add a license.txt and license in all your source modules, and people would have a hard time abusing your source code.
I'm personally against using a sandbox for testing, as there's just too many ways to hide malicious code.
mouser:
what i meant about sandbox is that we might accept entries without sourcecode, and do testing within a sandbox, with the understanding that before we sanctioned official winners we'd have to be able to compile it ourselves or otherwise satisfy ourselves that the code was safe.
Smirf:
... add a license.txt and license in all your source modules ...-f0dder
--- End quote ---
a) one could interprete that, as if I would have intended the source to be seen by a lot of people;
b) I use to comment my sources using my own (German) language, not willing to translate it into every other relevant language;
... mouser has my full confidence ...-f0dder
--- End quote ---
that is fine, but where in the rules could I find the names of all people, who will be authorized to look into contributed program's sources? And why is in not sufficient to simply verify their compilability?
I still cannot see a need to look inside the sources. Contributors would be well known namely. Including bad code thus will not be possible anonymously. Instead object / runtime code easily could be qualified as been produced using BC Builder or BDS or not. Maybe elected winners' programs' sources could be revisited by a neutral trustee, whether they would compile and link with a Borland C++ Builder or not and be identical to the entered executables.
Maybe I have got the wrong impression from some postings, that the contest seems to be interested more in sources than in resulting programs. But there will be of course a lot of people who do not care at all about that question.
...what i meant about sandbox is that we might accept entries without sourcecode, and do testing within a sandbox, with the understanding that before we sanctioned official winners we'd have to be able to compile it ourselves or otherwise satisfy ourselves that the code was safe.-mouser
--- End quote ---
If after such a verification all transferred source code would be deleted and the people involved would be made known to the programmer it could be an acceptable compromise.
Regards, Reinhard.
f0dder:
a) one could interprete that, as if I would have intended the source to be seen by a lot of people;
b) I use to comment my sources using my own (German) language, not willing to translate it into every other relevant language;
--- End quote ---
a) not if you choose your words correctly. "Copyright by <you>, not intended for public distribution, see license.txt" - written a bit more verbose and in legalese.
b) you don't have to do that, just add an English copyright statement comment block at the top of all your source files.
that is fine, but where in the rules could I find the names of all people, who will be authorized to look into contributed program's sources? And why is in not sufficient to simply verify their compilability?
--- End quote ---
Good point, didn't think of that. But I assume that sources would only have to be looked through by one or two persons (mouser and perhaps a borland guy). And why not just verify their compilability? Because somebody might implement a backdoor or other malicious code in their program. Consider that the programs from this contest will probably reach a *lot* of users, that would be a perfect occasion to sneak in a backdoor. Paranoia? Perhaps. But better being a bit paranoid than risk legal problems.
I do see your point in contestants being named, though. Would probably be a bit too much trouble abusing this contest.
Maybe I have got the wrong impression from some postings, that the contest seems to be interested more in sources than in resulting programs.
--- End quote ---
I don't care about the sources, and my impression was that it's indeed about the resulting programs, with source screening just to avoid bad code.
If after such a verification all transferred source code would be deleted and the people involved would be made known to the programmer it could be an acceptable compromise.
--- End quote ---
That sounds fair to me as well. If I had a closed-source program I wouldn't accept other people looking at my source except under similar conditions.
mouser:
the only purpose of requiring people to submit source code is so that we don't end up running a program with viruses and trojans in it, and/or distributing a program widely that has viruses and trojans.
as much as it would be nice to believe no one would submit such a thing, in this day and age one has to be careful.
there may be other ways to be sure that this doesn't happen, perhaps with a phone call to author, or if the author is known in some other capacity (established author, etc.).
i'm happy to sign any non-disclosure contract you might want signed sayng that only one person will have access to the source, and for the sole purpose of compiling it for evaluation.
Maybe I have got the wrong impression from some postings, that the contest seems to be interested more in sources than in resulting programs.
--- End quote ---
i tried to make clear this this is not the case at all - we will not be judging programs based on source code.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version