Traceability bewteen software artifacts and the framework itself

[cd155]

I recently study on blockchain technology and I think it might be worth bringing it up.

Right now, there seems no traceability between the Drasil framework and generated artifacts. In other words, there is no way to verify whether the artifacts were generated by the Drasil framework. I think the verification might be an issue that needs to be addressed in the long future. Let's imagine if there is a good framework able to generate a library, we might want to verify its legitimacy(whether it is generated by a specific framework) before connecting to it. In the future, if generating artifacts is fairly common, there may be many code generators. It could be a security feature to verify each artifact.

[smiths]

Interesting idea @cd155. We should do some simple things, likely in the short term, to make the traceability to the generator explicit. I imagine that we could easily add a comment to all generated files to say which version of Drasil generated that artifact.

What you mention is deeper than what I just said. The implication is that someone could potentially fake the source of a generated file. Since we are just generating text files, it would be very easy for someone to edit one of the files. I'm sure there would be a way to prevent this, potentially using blockchain or other security/crypto features. I'm not an expert in this area, and it does feel like it is a long way off from being relevant, in the sense that I'm not sure what someone would gain by trying to "fool" the software into using the wrong library.

Having said that, I could imagine scenarios where it is necessary to know that all libraries are a certain version. Maybe security-related technology could be used to make this verification stronger than just asking people to be rigorous and systematic? Maybe invalid combinations of libraries could be automatically rejected?

[cd155]

Thanks for the feedback. A comment says where the generated code comes from certain makes sense. I knew some website generators like to put a trademark on their generated website somewhere at the bottom. Eg, the website is generated by Shopify. If we can export the library as a package in a black box, we can prevent someone from editing it. I knew in C# you can output the library as a dll file. Users can interact with the library interface but can't see the code inside.

[JacquesCarette]

My reaction is the same as @smiths 's. This level of certainty of the provenance of artefacts is much stronger than what we're going to need for quite a long time. There's probably much simpler technology to indicate provenance that would be quite effective.

Right now, I think we have a lot of functionality that we need to implement before we worry about provenance and security. The kinds of traceability we need are quite a bit more modest than what you propose.

[cd155]

Thanks for the feedback. It seems a low priority for this function. Somewhere we can put a comment saying this software is generated by Drasil. Can be in ReadMe or in Code comment.

[cd155]

For the record, this paper Dr.Carette mentioned at today's meeting, is related to this discussion topic.
https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf

[balacij]

Regarding the "Moral" section, other than the first paragraph, it was surprising that it was part of the discussion, but good food for thought as well. Regarding "Stage 3"s s.econd last paragraph, I guess one of the pros of Drasil being libre software (?) is that it can have many more eyes on its source code than closed-source software, but that's not really guaranteed by design.

[cd155]

While @JacquesCarette and @balacij discussed the issue in Drasil in Drasil, I was confused about what the previous generation you were referencing to.

I feel the Drasil in Drasil is a refining process. At the very beginning, we start with an idea, then we try to encode the idea in the code, Haskell in this case. Later on, we want to use the Drasil own DSL to define Drasil. If the Drail in Drasil able to generate a SRS for the Drail in Drasil, then who comes first? It is the same issue with #1086.

As Jason mentioned: if we have Drasil in Drasil, building Drasil, how do we trust the previous generation to generate Drasil? This brings me into a loop/reflection, where the earliest fundamental information comes from and how to preserve it in each refining iteration.

[balacij]

(I believe it was @JacquesCarette that posed that question.)