It has been possible to verify documents for years now using public/private key encryption techniques, for example PGP. For example, using PGP you can sign an email message and others can then verify that the message really came from you. Obviously the same thing could be done for an executable file. This doesnt depend on the source that does the checking be hidden. So why not have "signed" versions of all the acceptable quake 1 clients and then use public/private key techniques to check them ? Even if you limit yourself to a key-length which would avoid export problems, it would take considerable effort to break a scheme like this.
Slashdot Mirror
It has been possible to verify documents for years now using public/private key encryption techniques, for example PGP. For example, using PGP you can sign an email message and others can then verify that the message really came from you. Obviously the same thing could be done for an executable file. This doesnt depend on the source that does the checking be hidden. So why not have "signed" versions of all the acceptable quake 1 clients and then use public/private key techniques to check them ? Even if you limit yourself to a key-length which would avoid export problems, it would take considerable effort to break a scheme like this.
iDraw is due out soon, check www.ice.org for details
http://acheron.org
http://hirez.org
http://acid.org - yes ACiD still lives =)
AND, if you frequent EFNet on IRC, try joining
#ice,#acid,#ans,#ansi,#ascii
there are others, forgive me if I dont remember them all =)