libreplanet-discuss
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [libreplanet-discuss] Free software is not trusted software


From: Nicolás Ortega Froysa
Subject: Re: [libreplanet-discuss] Free software is not trusted software
Date: Sun, 20 Jan 2019 19:01:02 +0100
User-agent: Mutt/1.11.2 (2019-01-07)

On Sat, Jan 19, 2019 at 03:34:50PM +0100, Julian Daich wrote:
> El 19/1/19 a las 11:41, Nicolás Ortega Froysa escribió:
> > 1. With various people manually auditing software packages, it increases
> > the probability that these kinds of malware will be caught.
> > 
> > 2. The members of this group will most likely be either already known
> > members of the free software community, whom we can trust, or new
> > members that, although not immediately trustworthy, will become more
> > commonly known members soon after joining.
> 
> Who will pay this people, who will take responsability of their work and
> in what extend it is different in what we have today?
> 

To answer your first question, the group would consist of vulunteers.
That being said, like with most FLOSS projects, if such a group were to
attract the attention of companies using free software, it may receive
full-time paid efforts, but we shouldn't count on this.

As for the contrast between what this would be and what we currently
have, correct me if I'm wrong (I very well may be), but most of today's
security auditing takes place on a per-project basis and mostly relies
on people looking for security bugs within a project. However, this
isn't really what we're talking about with this thread, but rather
projects whose maintainers are actively inserting malware into their
projects (that being said, I think we should make a distinction here
between malware, features that could have potentially malicious
consequences, and anti-features that can be disabled). The purpose would
be to take a look at such projects that do not have proper security
auditing and putting efforts of volunteers to audit this.

It's also worth noting that this would make for another outlet for
people who are interested in security and free software to enter the
field and get their foot in the door.

-- 
Nicolás Ortega Froysa
Vivu lante, vivu feliĉe!
https://themusicinnoise.net/
http://uk7ewohr7xpjuaca.onion/
Public PGP Key:
https://themusicinnoise.net/nortega@themusicinnoise.net_pub.asc
http://uk7ewohr7xpjuaca.onion/nortega@themusicinnoise.net_pub.asc

Attachment: signature.asc
Description: PGP signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]