From: "Nicolás Ortega Froysa" <nortega@themusicinnoise.net>
To: libreplanet-discuss@libreplanet.org
Subject: Re: Free software is not trusted software
Date: Sat, 19 Jan 2019 11:41:43 +0100 [thread overview]
Message-ID: <20190119104143.GC1380@athena.localdomain> (raw)
In-Reply-To: <938ef1bb-bb7e-54c3-5043-2aeb5fa9509d@forestfield.org>
[-- Attachment #1.1: Type: text/plain, Size: 2312 bytes --]
On Wed, Jan 16, 2019 at 09:44:43PM -0600, J.B. Nicholson wrote:
> Lyberta wrote:
> > Today the Internet is filled with malware that is free software:
> >
> > https://lyberta.net/articles/tech/free_sw_untrusted.html
>
> The article points out that auditing matters and I concur -- there's no
> substitute for auditing by someone one trusts. There's too much free
> software for anyone to do this alone but collectively we can get more of
> this done.
>
Considering that this is an issue that would affect nearly all distros,
it may be a good idea to setup a central collective group for auditing
software. This would help in various regards:
1. With various people manually auditing software packages, it increases
the probability that these kinds of malware will be caught.
2. The members of this group will most likely be either already known
members of the free software community, whom we can trust, or new
members that, although not immediately trustworthy, will become more
commonly known members soon after joining.
3. It gives people who are looking for ways to contribute to free
software another way to contribute without necessarily having to code or
write documentation. It could also be a gateway for these individuals to
learn about these projects and contribute to them later.
4. Having a central and transparent intelligence on which kinds of
projects tend to have malware in them would help us to optimize the
auditing process, even automating certain elements of it, and know which
kinds of software are more prone to contain malware.
5. It would greatly help the free distros, which are always working very
hard to weed out software packages with non-free blobs. Proper auditing
with a standard protocol would help to weed out these non-free packages
in a more efficient and just manner.
Certain conditions would be needed to make sure that the effort is as
distribution-agnostic as possible, but I believe such an effort would
greatly benefit the free software community.
--
Nicolás Ortega Froysa
Vivu lante, vivu feliĉe!
https://themusicinnoise.net/
http://uk7ewohr7xpjuaca.onion/
Public PGP Key:
https://themusicinnoise.net/nortega@themusicinnoise.net_pub.asc
http://uk7ewohr7xpjuaca.onion/nortega@themusicinnoise.net_pub.asc
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
[-- Attachment #2: Type: text/plain, Size: 183 bytes --]
_______________________________________________
libreplanet-discuss mailing list
libreplanet-discuss@libreplanet.org
https://lists.libreplanet.org/mailman/listinfo/libreplanet-discuss
next prev parent reply other threads:[~2019-01-19 10:48 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-16 14:09 Free software is not trusted software Lyberta
2019-01-16 17:00 ` Todd Weaver
2019-01-16 20:07 ` Caleb Herbert
2019-01-16 22:21 ` bill-auger
2019-01-16 22:57 ` bill-auger
2019-01-16 23:12 ` Leah Rowe
2019-01-17 1:01 ` bill-auger
2019-01-17 10:52 ` Thomas Harding
2019-02-25 20:44 ` Taiidan
2019-02-26 0:15 ` overthefalls
2019-01-17 3:44 ` J.B. Nicholson
2019-01-19 10:41 ` Nicolás Ortega Froysa [this message]
2019-01-19 14:34 ` Julian Daich
2019-01-20 18:01 ` Nicolás Ortega Froysa
2019-01-20 20:36 ` bill-auger
2019-01-20 22:54 ` Julian Daich
2019-01-21 3:02 ` bill-auger
2019-01-22 10:07 ` Nicolás Ortega Froysa
2019-01-23 3:48 ` bill-auger
2019-01-26 21:17 ` Julian Daich
2019-01-26 23:35 ` bill-auger
2019-01-27 1:07 ` bill-auger
2019-01-27 19:51 ` Julian Daich
2019-01-28 3:15 ` bill-auger
2019-01-27 19:40 ` Julian Daich
2019-02-17 5:34 ` overthefalls
2019-01-21 8:05 ` Andrew Luke Nesbit
2019-01-21 22:45 ` bill-auger
2019-01-22 9:34 ` Nicolás Ortega Froysa
2019-01-19 22:01 ` bill-auger
2019-01-20 18:06 ` Nicolás Ortega Froysa
2019-01-19 22:37 ` al3xu5 / dotcommon
2019-01-20 17:09 ` Lyberta
2019-01-20 18:16 ` Nicolás Ortega Froysa
2019-01-23 19:51 ` Adonay Felipe Nogueira
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.gnu.org/mailman/listinfo/libreplanet-discuss
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190119104143.GC1380@athena.localdomain \
--to=nortega@themusicinnoise.net \
--cc=libreplanet-discuss@libreplanet.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).