libreplanet-discuss
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [libreplanet-discuss] Free software is not trusted software


From: Nicolás Ortega Froysa
Subject: Re: [libreplanet-discuss] Free software is not trusted software
Date: Sat, 19 Jan 2019 11:41:43 +0100
User-agent: Mutt/1.11.2 (2019-01-07)

On Wed, Jan 16, 2019 at 09:44:43PM -0600, J.B. Nicholson wrote:
> Lyberta wrote:
> > Today the Internet is filled with malware that is free software:
> > 
> > https://lyberta.net/articles/tech/free_sw_untrusted.html
> 
> The article points out that auditing matters and I concur -- there's no
> substitute for auditing by someone one trusts. There's too much free
> software for anyone to do this alone but collectively we can get more of
> this done.
> 

Considering that this is an issue that would affect nearly all distros,
it may be a good idea to setup a central collective group for auditing
software. This would help in various regards:

1. With various people manually auditing software packages, it increases
the probability that these kinds of malware will be caught.

2. The members of this group will most likely be either already known
members of the free software community, whom we can trust, or new
members that, although not immediately trustworthy, will become more
commonly known members soon after joining.

3. It gives people who are looking for ways to contribute to free
software another way to contribute without necessarily having to code or
write documentation. It could also be a gateway for these individuals to
learn about these projects and contribute to them later.

4. Having a central and transparent intelligence on which kinds of
projects tend to have malware in them would help us to optimize the
auditing process, even automating certain elements of it, and know which
kinds of software are more prone to contain malware.

5. It would greatly help the free distros, which are always working very
hard to weed out software packages with non-free blobs. Proper auditing
with a standard protocol would help to weed out these non-free packages
in a more efficient and just manner.

Certain conditions would be needed to make sure that the effort is as
distribution-agnostic as possible, but I believe such an effort would
greatly benefit the free software community.

-- 
Nicolás Ortega Froysa
Vivu lante, vivu feliĉe!
https://themusicinnoise.net/
http://uk7ewohr7xpjuaca.onion/
Public PGP Key:
https://themusicinnoise.net/address@hidden
http://uk7ewohr7xpjuaca.onion/address@hidden

Attachment: signature.asc
Description: PGP signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]