RevNet certification(?)

[davidsyes]

Hello Richard/all,

To enhance the actual or analagous "Verisign" benefit, would it be feasible 
to:

1. create a CVS (Concurrent Version System) repository and 
2. appoint a PRB or Peer-Review Board (where then by peer-review members are 
chosen to be on a body of initial reviewers) to review code
3. generate user/community support (although products should still be 
permitted a price tag for devs to recoup their dev costs)?

1. In step 1, the repository would hold all the various submissions. They 
could be depostied into whatever database you (the PRB) feel/s is most 
flexible and VERY fast. Ideally, the database would be friendly to the PRB 
(Peer Review Board), friendly to the world at large, and be absolutel 
OS-agnositic, meaning portability is extended to Revolution (see the 2nd pare 
after para 3). I must admit I know nothing about Mac/Apple-friendly databases 
other than maybe FileMaker/Pro which I used years ago but never owned as I 
think in 1996 it was not on the wintel platform or it was too new for me. 
Between Linus & Bill, I'd go with MySQL or PostgreSQL, as I am a Linux user, 
but still use w98, and because the aforementioned DBs support multple OS 
access, multiple servers on the same host, and SHOULD be Mac/OS-X 
-Accessible.

Or, just choose something that is ported to multiple operating systems AND 
which is widely supported at lower costs by ISPs. ISPs tend to charge $20 or 
more LESS for a Linux/MySQL server arrangement than for the alternative 
operating system. (I might have the "match" or the "wind' but not both to the 
possibly ensuing "holy wars")

2. In step 2, the PRB would be an Apple/Mac equivalent of the Open Source 
community (not from a dollars/charging perspective) in that they simply will 
be the men and women who guard the vault, test the alarms, review the content 
if something heinous is deposited, and offer commentary or code changes when 
time permits

3. In step 3, the community still gets paid for a living, for we all need to 
eat, right?

Ideally, you (the PRB) should be able to support community submissions by 
showcasing "good" (as in stable and ready-for-primetime) products, as well as 
highlight those with ramped-up mutual suppot, and, of course, boot out those 
which are horrible or malicious code meant to harm users rather than be 
simiple novice code. But the reality is that without a decent database 
tracking, querying, and bug-submission system as well as "viral" or 
"flawed-code" alert, the system would bog down rather quickly.

Heck, even Revolution could be a front-end to this, demonstrating that 
Revolution in action  (no concatenation of the preceding words (in) and 
(action), mind all) and that end users could simply download the 
platform-specific runtime, install it, and use it to access the PRB database.

I image that this would have a positive and an attendant negative effect on 
rapidly making changes to Revolution's native database facilities, but then 
again, I am a newbie here and cannot yet access ("connect" to, to be precise) 
the MySQL server on my local machine via Revolution. ((I have connected with 
Lotus Approach, MySQLGG (deprecated GUI) and MySQLCC (the current "control 
center"), as well as via Webmin (on https://localhost or 
https://your-machine-IP-/). However, two other development tools I am testing 
also would not present the data I am trying to see. Maybe I need a 
reinstalled .so file for the Linux driver. (Lotus Approach, being a win98 
app, requires an ODBC driver, and this driver permitted Approach on .102 IP 
to read and export tables to MySQL on a .101 IP, both on the same 
machine/host physically, but Approach runs inside w98 which runs inside 
Win4Lin, an emulator deceiving win98 into thinking it "owns" my laptop.)) 
((Yes, parens, heheh, hehe ))...

Please forgive me if I started a mess here or accelerated something that might 
put a "crimp" in timing of things. I am not a DBA, but I am learning MySQL, 
as I have to post several databases in the near future and want to deploy 
OS-independent runtimes. Revolution seems to be a particularly very nice way 
to do what I aim, but my focus will of course be heavily on relational joins, 
master/detail table exploits, and presentation of charting tools by which the 
desktop or PDA users can analyse the data content I serve up. Unfortunately, 
it also means my end-users would need to ad-hoc change those relations, as I 
cannot predict what fields would suit their own analysis, although I can 
pre-build numerous forms to anticipate suiting them.

(YALSA--- Yet Another Long Submission Afoot)

David Syes

=================
On Thursday 22 May 2003 14:20, Richard Gaskin wrote:
> To clarify the risks inherent in downloading any executable over the 'Net,
> I'll be adding a new screen to RevNet soon which will appear only once
> requiring confirmation of its terms before proceeding (just standard
> liability waiver stuff -- I'm in California <g>).
>
> It occurs to me that there may be benefit from having a way to distinguish
> between "trusted" and "unknown" contributors to RevNet's index of
> user-contributed downloadable stacks.
>
> I could easily create a scheme in which certain domains (like Ken's,
> Chipp's, Jacque's) are on a "trusted domain" list, and their contributions
> to the index could have a small star next to them (or smiley face or
> whatever -- you get the idea) to indicate the resource is hosted on a site
> known by RevNet's admin (today that would be me) to be under the control of
> a person who is not likely malicious by nature (except for Jacque, who
> makes evil time-sucking games).
>
> Certifying people I know is a no-brainer.  The hard question is:
>
>   How do I verify the intentions of new certificate applicants
>   who are not known to me?
>
> To be fair, any criteria for "trusted" certification should be objective; I
> don't want to be in a position of making value judgements about people, nor
> risk approving a virus writer by giving undue benefit of the doubt.
>
> In the absence of any objective criteria, I may call the certificate
> program "Friends of Fourth World", and limit it to people I know personally
> (literally friends).  Since I know most of the folks likely to add lots of
> entries into RevNet's index, today it's not much of an issue.  But down the
> road, as Rev's audience grows, I'd like to find some means of verifying
> "trustworthiness" but without risking offending anyone.
>
> Any suggestions?
>
> Ironically, certificates issued by Verisign, a logo that carries all sorts
> of feel-good "trustworthiness", are really nothing more than a verification
> that data transmitted is reasonably secure and that they have verified the
> email address of the domain owner.  For all the feel-good associated with
> that logo, beyond verifying the admin's email it says nothing about the
> trustworthiness of anything available at the site.  Expectations management
> is a funny buiness....