Subject: Re: requesting proposals -- change detection
From: Ian Lance Taylor <ian@airs.com>
Date: 26 Jun 1999 15:33:13 -0400

   From: shapj@us.ibm.com
   Date: Sat, 26 Jun 1999 13:48:51 -0400

   How might one go about "stamping" a distribution is such a way that you can
   reliably *detect* when a customer has altered it?  I have a recollection of some
   sort of signing proposal, but I don't recall how it actually worked.

   This would largely eliminate the liability issue in my mind.

   Any pointers or suggestions?

Some random suggestions:

1) Write a testsuite and detect whether the program passes it.

2) Write a program which looks over the sources and computes an MD5
digest, and suggest that the user compare the result to one you post
on a web page somewhere.

3) If it's OK to require that the distribution be completely
unchanged, then include a PGP signature.

I'm not sure I see a liability issue in any case.  If your license
disclaims any warranty, and the user does not get the modified version
from you, then I don't see why you have any liability.

Ian