Compilation strategy

Rob T rob at ucora.com
Mon Dec 17 13:48:23 PST 2012 

On Monday, 17 December 2012 at 12:54:46 UTC, jerro wrote:
>> If we want to allow D to fit into various niche markets 
>> overlooked by C++, for added security, encryption could be 
>> added, where the person compiling encrypted .di files would 
>> have to supply a key. That would work only for certain 
>> situations, not for mass distribution, but it may be useful to 
>> enough people.
>
> I can't imagine a situation where encrypting .di files would 
> make any sense. Such files would be completely useless without 
> the key, so you would have to either distribute the key along 
> with the files or the compiler would need to contain the key. 
> The former obviously makes encryption pointless and you could 
> only make the latter work by attempting to hide the key inside 
> the compiler. The fact that the compiler is open source would 
> make that harder and someone would eventually manage to extract 
> the key in any case. This whole DRM business would also prevent 
> D from ever being added to GCC.

Of course open source code would never be encrypted, I was 
suggesting an entirely optional convenience feature for users of 
the compiler and not a general method of storing library files or 
for providing a fool proof method for the mass distribution of 
hidden content.

Having such a feature would allow a company or individual to 
package up their source code in a way that no one could look at 
with out a specific key. It does not matter if the compiler is 
open source or not, only a user with the correct key could 
potentially decrypt the contents in a way that was unintended.

Obviously anyone who has enough skills and the correct key to a 
specific encrypted package could decrypt the contents of that 
specific package (and then post it on usenet or bt or in a 
million+1 other ways), but you would still need access to the key 
and you would need access to a tool that decrypts the contents 
(such as the compiler itself), but that's what security is all 
about, it's simply a set of barriers that make it difficult, but 
not impossible, to break through. All security systems are 
breakable, end of story, no debate there, just take a look around 
you and see for yourself.

The difference between packaging in an encrypted archive, which 
is later decrypted and installed for use, is that in this case 
the source code is never left lying around in a form that is 
decrypted, it is also more secure because the source data is 
decrypted only when it is being compiled, and the decrypted 
content is immediately discarded (in a secure way) afterwards.

BTW, for the record I'm no fan of DRM in the general sense, but 
many companies think they need to lock out prying eyes and it's 
not my place to tell them that they should not be worried about 
it and fully open up their doors to whatever content they want to 
distribute.

--rt

More information about the Digitalmars-d mailing list