Require proof implementations for MSCs to be open source #1653
Comments
|
on further discussion in the SCT, the conclusion was that the current wording may be sufficient: the implementation needs to prove that the MSC works. That might well mean that you have to inspect the source of the implementation to be comfortable that it actually does what it claims to be doing. However, on the other hand, it may also be sufficient to interrogate a closed API (which apparently we did already with an MSC from Beeper) to get confidence that that the MSC is going to work. So, keeping it flexible (and not dissuading commercial vendors from contributing MSCs) might be the better course of valour here... on the understanding that typically, to get comfortable that an MSC proof is adequate, you'd want to see the code. |
|
fwiw, the SCT only realistically needs access to the feature/implementation in order to test it. This may mean source availability, or it could be creating an account to poke at the APIs and feature. In some cases, it may just mean hanging it off the internet for poking with curl. |
For reference, this happened here. |
MSCs require an implementation to demonstrate that the MSC works. If that implementation is closed-source then it's impossible to verify that it proves that the MSC works as intended (it could be doing anything). So we should probably clarify that MSCs proofs need to be FOSS.
The text was updated successfully, but these errors were encountered: