Good point, thanks.
[image: PrestaShop] <https://www.prestashop.com/?utm_source=signature&utm_medium=e-mail&utm_campaign=emails-signatures> Antoine Thomas aka ttoine Developer Advocate t: +33 (0)6 63 13 79 06 antoine.tho...@prestashop.com On Fri, 23 Nov 2018 at 13:34, Kevin P. Fleming <kevin+...@km6g.us> wrote: > Having been down this road in a previous life, you should understand that > any attempt to 'validate' the installation of open source software will > eventually be defeated if the value of doing so is sufficiently high. In > this case, the person who wants to cheat on VAT collection/remittance would > find a way to do so if their revenue is moderately large, I suspect, and > others in the community will sell services to defeat the checking. > > In addition such validation means that users of the plugin would be unable > to operate modified versions of the core and the VAT module, when the OSL > would otherwise permit them to do so. Granted, this is an obligation placed > on them by a government entity and not the licensor. > > On Thu, Nov 22, 2018 at 10:44 AM Antoine Thomas < > antoine.tho...@prestashop.com> wrote: > >> Mike, >> I agree, this is a strange request from Infocert. Currently, they think >> that an obfuscated code will be more complicated to modify if a merchant >> wants to cheat on VAT. However, we understand that they are not really >> expert of open source. At this stage we don't want to share the source code >> in OSL or AFL (our modules are usually distributed on AFL), for the risk is >> to lose the certification. This is something we need to clarify with them. >> >> David, >> Thanks for the reminder. So instead of obfuscation, maybe the plugin >> could check that the PrestaShop core and the VAT module are original and >> have no modification, comparing them with a digital signature, right? >> I will check that option with the developers and see if this could be >> possible to do that in a future version. Also, of course, Infocert will >> have to validate this idea too. >> >> >> >> [image: PrestaShop] >> <https://www.prestashop.com/?utm_source=signature&utm_medium=e-mail&utm_campaign=emails-signatures> >> >> Antoine Thomas aka ttoine >> >> Developer Advocate >> >> t: +33 (0)6 63 13 79 06 >> >> antoine.tho...@prestashop.com >> >> >> >> >> On Wed, 21 Nov 2018 at 22:29, David Woolley <for...@david-woolley.me.uk> >> wrote: >> >>> On 21/11/2018 19:35, Mike Linksvayer wrote: >>> > >>> > I wonder whether INFOCERT's request is justifiable? I imagine they >>> think >>> > obfuscated code is less likely to be modified, any modification >>> > potentially making the software non-compliant with the regulation, >>> > risking INFOCERT's reputation? Why isn't it good enough to have a >>> > warning that only unmodified versions are certified and that any >>> >>> Obfuscating makes it more work to modify, but if you actually want to >>> avoid modifications, you should digitally sign. >>> >>> Obfuscation, to the extent that it makes it impossible to change, goes >>> way beyond the level that makes it impossible to verify for security. >>> >>> _______________________________________________ >>> License-discuss mailing list >>> License-discuss@lists.opensource.org >>> >>> http://lists.opensource.org/mailman/listinfo/license-discuss_lists.opensource.org >>> >> _______________________________________________ >> License-discuss mailing list >> License-discuss@lists.opensource.org >> >> http://lists.opensource.org/mailman/listinfo/license-discuss_lists.opensource.org >> > _______________________________________________ > License-discuss mailing list > License-discuss@lists.opensource.org > > http://lists.opensource.org/mailman/listinfo/license-discuss_lists.opensource.org >
_______________________________________________ License-discuss mailing list License-discuss@lists.opensource.org http://lists.opensource.org/mailman/listinfo/license-discuss_lists.opensource.org
