Page 1 of 3

Church software should be open source

Posted: Mon Jan 29, 2007 7:10 pm
by brannonking
I think the church should make all its software open source projects. I'm sure a lot of members would contribute if they could. It would increase the security of the software to have more eyes look at it. It would also be a very noble thing to do -- producing religious organization software that other churches could use. Many fear it would be a security breech. That is not true, as other open source software projects have proven.

Posted: Tue Jan 30, 2007 12:40 am
by thedqs
The only problem is that the church encrypted data stream that MLS uses to send updates, could potentially be hacked and then false information could be uploaded to the servers, effectively ruining the entire chruch database. I support some of the projects but not all for the reasons of privacy and security in those cases.

uh, proprietary encryption?

Posted: Tue Jan 30, 2007 10:36 am
by brannonking
thedqs wrote:The only problem is that the church encrypted data stream that MLS uses to send updates, could potentially be hacked and then false information could be uploaded to the servers, effectively ruining the entire chruch database. I support some of the projects but not all for the reasons of privacy and security in those cases.
If exposing the MLS source gives away the encryption key we're in trouble anyway. Having Firefox open source doesn't invalidate the HTTPS protocol or the SSL encryption it uses. Encrypted data is not the same thing as software source code.

Issues...

Posted: Tue Jan 30, 2007 10:45 am
by WelchTC
The biggest problem with open sourcing programs at the Church revolve around privacy to data. Unlike many open source programs, many of the Church programs are built around and deal with very sensitive data. So if the Church were to ever open source some program like MLS, it would be wrapped around a lot of security and policies that could be strictly monitored in an effort to ensure the data is available to only those who should have access to it. Currently many of the programs don't have the measures in place that would allow us to open up the code.

Tom

Posted: Wed Jan 31, 2007 5:42 am
by thedqs
brannon01 wrote:If exposing the MLS source gives away the encryption key we're in trouble anyway. Having Firefox open source doesn't invalidate the HTTPS protocol or the SSL encryption it uses. Encrypted data is not the same thing as software source code.

I know the encryption wouldn't be affected, RSA public-private keys are almost impossible to break. The problem I was pointing out was the transfer protocol to church headquarters. Firefox is open source so I could look at firefox's code and get the HTTP transfer protocal and create a program that emulates Firefox (ie. The webserver believes it is intereacting with Firefox) so I could do the same with MLS, (Church HQ believes that it is interacting with a real MLS when really it is a malicious 3rd party).

Hope that explains what I meant.

Posted: Thu Feb 08, 2007 7:14 pm
by james_francisco
For clarity, I have several philosophical objections to the whole idea of open source. Some of it is a "you get what you pay for" philosophy and much of the rest is that I don't see open source projects or software as being particulary cost-effective when both front-end and back-end costs are concerned. that comes from direct experience with ROI comparisons of open source and a commercial learning management system. In the context of the Church, I think that making internal application development projects open source represents too great a risk to the security and integrity of the member and financial data of the Church.

James Francisco

Posted: Thu Feb 08, 2007 9:11 pm
by JamesAnderson
There are some good points there.

As far as risks to security, etc., that is probably relative, since the software is only the raw code that calls the data, not the actual data itself. There are alot of ways to secure the data that are separate from the open source application being used as it is.

On 'You get what you pay for', may be true in some cases, but if the open source software isn't good or at least working on getting good or better, then no one is interested, and the whole project will often fail because of that.

In the music recording industry I've seen both good and bad open source projects that create little software plugins for various music recording platforms. Almost always the good ones get alot of attention, while the bad ones get used by a few for a short time, then are brushed aside.

Posted: Fri Feb 09, 2007 7:23 am
by WelchTC
Let's not let this discussion get bogged down into a debate over open source vs proprietary software. These issues tend to be polarizing and argumentative. The facts are that there are great things about both sides. The Church utilizes many open source components in our software stack and will continue to do so. This web site is built upon a lot of open source. At the same time the Church purchases a lot of commercial software.

One last thing is that I want to remind everyone that the Church is lead by Revelation, and not by public opinion. If everyone says that we should open source MLS but the leaders in charge feel it is not the right thing to do, that is the direction we will take. We see these forums as a great source of ideas, data, input, etc. in helping make decisions but it is by no means the only input we listen to. ;)

Tom

Posted: Sat Feb 17, 2007 6:54 pm
by russellhltn
I think one of my concerns about Open Source software is adherence to policy. Some of the quirks that one may find and want to change may be there by design. While most of us would understand why MLS won't let you select a child or a woman for Bishop, not all such things are as well known. It's happened a few times that someone has come up on the clerk's list and ask why they can't put so and so on in a given position and the answer that has come back is "that's not the right way - go read the CHI". Don't believe me? Pop quiz: What limitations are on the calling of Primary President? Besides being an adult? If you don't know, then I've proven my point.

That not an insurmountable obstacle, but something to consider. (Will we need to add RTCHI to our acronym list?)

My 2ยข. :rolleyes:

Posted: Sun Feb 25, 2007 6:13 pm
by michaelcox
RussellHltn wrote: Pop quiz: What limitations are on the calling of Primary President? Besides being an adult?
She has to be a female.

I like your pop quizes RussellHtn.