Church software should be open source

So you have the BIG idea that the Church or community needs to develop. Discuss that idea here. Maybe you just want to make a suggestion on a new forum topic. Let us know.
russellhltn
Community Administrator
Posts: 34417
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#11

Post by russellhltn »

michaelcox wrote:She has to be a female.
Correct!

MLS will not let you make a brother a Primary President. It's not a flaw, it's simply reflecting church policy.
dragev
New Member
Posts: 18
Joined: Tue Jan 30, 2007 10:45 am
Location: Edmonton, Alberta, Canada

Protocols

#12

Post by dragev »

thedqs wrote:The problem I was pointing out was the transfer protocol to church headquarters... Church HQ believes that it is interacting with a real MLS when really it is a malicious 3rd party
I guess then, in the process of open sourcing certain software, the communications layer should be abstracted and the proprietary protocol implementation removed. This way, the Church can still keep the communication stream proprietary, yet enjoy all the benefits of an open source project.
User avatar
thedqs
Community Moderators
Posts: 1042
Joined: Wed Jan 24, 2007 8:53 am
Location: Redmond, WA
Contact:

#13

Post by thedqs »

dragev wrote:I guess then, in the process of open sourcing certain software, the communications layer should be abstracted and the proprietary protocol implementation removed. This way, the Church can still keep the communication stream proprietary, yet enjoy all the benefits of an open source project.

Of course, although this might require a few more resources then the church can put forth at this time because of the projects that are just about to be released.
- David
portseven-p40
New Member
Posts: 22
Joined: Tue Feb 20, 2007 2:55 pm
Location: UK

#14

Post by portseven-p40 »

I think you are getting mixed up between data, protocols and source code.

There will be no more danger to securing user data or the transmission of that data by opening the source code. When you open the source of the program you are not giving people the keys to your data, only the program code itself.

There are many examples of this, Apache the worlds most popular web-server is open source, yet it hosts many secure websites and even though the code of the program is open to peer review, the data which it serves and stores is not available.

Another one is the SSH protocol & software, this is a program that allows you to remotley logon to a machine over a network, it is a secure version of telnet and it employs various methods to secure the transmission of the data. Yet it is seen as a very secure system and no-ones data is at risk.

In fact there are compelling arguments that say that by opening your source code as by doing this you get many eyes looking at your code and discovering (and fixing!) any security issues. On the other hand keeping the code closed and locked away you are hoping that the small team of developers looking after that code have spotted all the flaws.

There is an old adage that goes 'Security through obscurity is no security at all'. So I say open the code and benefit from the talent that is in the community to make your systems better.
User avatar
AdrianLP-p40
Member
Posts: 92
Joined: Mon Mar 12, 2007 12:29 pm
Location: Kingston, Ontario, Canada
Contact:

#15

Post by AdrianLP-p40 »

thedqs wrote:The only problem is that the church encrypted data stream that MLS uses to send updates, could potentially be hacked and then false information could be uploaded to the servers, effectively ruining the entire chruch database. I support some of the projects but not all for the reasons of privacy and security in those cases.
MLS seems to use SSH for stream encapsulation. SSH is open source :)

Open source security methods are actually more secure, not less. Knowing that encryption is done with factors of really large prime numbers doesn't really help you "hack" (lets me proper and use the phrase Crack shall we) the stream.

Security by obscurity is a *very* dangerous way of doing security.

Most of the standard encryption methods are open source, and fairly well documented in RFCs and the like.
User avatar
AdrianLP-p40
Member
Posts: 92
Joined: Mon Mar 12, 2007 12:29 pm
Location: Kingston, Ontario, Canada
Contact:

#16

Post by AdrianLP-p40 »

portseven wrote:I think ...

Grrrr, beat me to it!!!
User avatar
AdrianLP-p40
Member
Posts: 92
Joined: Mon Mar 12, 2007 12:29 pm
Location: Kingston, Ontario, Canada
Contact:

#17

Post by AdrianLP-p40 »

tomw wrote:Let's not let this discussion get bogged down into a debate over open source vs proprietary software.
hrm, I think the issue is that with open source software more of us can contribute, and more eyes on the code which transmits *our* personal information.

I think this is a perfectly valid and fair point, no?

PS: Emacs is cruft and vim rules :)
russellhltn
Community Administrator
Posts: 34417
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#18

Post by russellhltn »

AdrianLP wrote:hrm, I think the issue is that with open source software more of us can contribute, and more eyes on the code which transmits *our* personal information.

I think this is a perfectly valid and fair point, no?
It's ok as long as we're not debating church policy.
User avatar
AdrianLP-p40
Member
Posts: 92
Joined: Mon Mar 12, 2007 12:29 pm
Location: Kingston, Ontario, Canada
Contact:

#19

Post by AdrianLP-p40 »

RussellHltn wrote:It's ok as long as we're not debating church policy.
Nope, I don't think church policy covers this situation, its not a public website :)

Its not even accessible outside authentication.

PS: You don't want to get me started on church policy, their security procedures are very weak in terms of MLS and Windows.
User avatar
WelchTC
Senior Member
Posts: 2085
Joined: Wed Sep 06, 2006 8:51 am
Location: Kaysville, UT, USA
Contact:

#20

Post by WelchTC »

AdrianLP wrote:hrm, I think the issue is that with open source software more of us can contribute, and more eyes on the code which transmits *our* personal information.

I think this is a perfectly valid and fair point, no?

PS: Emacs is cruft and vim rules :)
Contributions does not equal open source. The Church could enlist people to help work on code without that code being open sourced. People have very strong feelings about open source vs proprietary software.

The Church does use and continues to use open source software in a variety of ways. The Church also uses proprietary solutions when open source alternatives or very high level support issues demand it.

Tom
Locked

Return to “Ideas & Suggestions”