Re: Free software is not trusted software

From: "Nicolás Ortega Froysa" <nortega@themusicinnoise.net>
To: libreplanet-discuss@libreplanet.org
Subject: Re: Free software is not trusted software
Date: Sun, 20 Jan 2019 19:16:56 +0100	[thread overview]
Message-ID: <20190120181656.GC1383@athena.localdomain> (raw)
In-Reply-To: <E1gkzFG-0008Nh-U4@eggs.gnu.org>

[-- Attachment #1.1: Type: text/plain, Size: 3157 bytes --]

On Sat, Jan 19, 2019 at 11:37:24PM +0100, al3xu5 / dotcommon wrote:
> Il giorno sabato 19/01/2019 11:41:43 +0100
> Nicolás Ortega Froysa <nortega@themusicinnoise.net> ha scritto:
> 
> > On Wed, Jan 16, 2019 at 09:44:43PM -0600, J.B. Nicholson wrote:
> > > Lyberta wrote:  
> > > > Today the Internet is filled with malware that is free software:
> > > > 
> > > > https://lyberta.net/articles/tech/free_sw_untrusted.html  
> > > 
> > > The article points out that auditing matters and I concur -- there's no
> > > substitute for auditing by someone one trusts. There's too much free
> > > software for anyone to do this alone but collectively we can get more of
> > > this done.
> > >   
> > 
> > Considering that this is an issue that would affect nearly all distros,
> > it may be a good idea to setup a central collective group for auditing
> > software. This would help in various regards:
> 
> [...]
> 
> > Certain conditions would be needed to make sure that the effort is as
> > distribution-agnostic as possible, but I believe such an effort would
> > greatly benefit the free software community.
> 
> It would be a very big effort, but probably useless because it would remain a
> couple of big problems:
> 
> - "cleaning" software do not "clean" hardware, that is closed (and almost
>   certainly will remain so) and is where the most dangerous malware resides
> 

This process wouldn't be about cleaning the software itself (at least
that wasn't my initial proposal), but to identify malicious software so
it may be removed from distro repositories. As for hardware, as you
said, it's not an easy issue to solve. However, using hardware that
fully respects your freedom is a good way to make it easier for such a
group to audit said hardware as well as its drivers and firmware
(although we should really take this a step at a time). Therefore, my
argument is that simply because we lack the means to solve the entire
problem doesn't mean we can't start solving a part of it.

> - in my (heretic) opinion, free software have two "big" bugs: allows commercial
>   use (which attracts the worst "intentions") and has the LGPL (which allows
>   any non-free software -- including malware -- to fall through the back door)
> 

These two issues seem to be irrelevant to the proposal being made at the
moment, but are rather critiques of free software itself. In which case
it may be a good idea to bring it up in a new thread. It's also worth
noting that your critique seems to come from a perspective of someone
who doesn't use exclusively free software (as seen by your critique of
the LGPL), which is past the point where we can do anything. If someone
is using non-free software, unless we want to invest an astronomically
larger amount of time in reverse-engineering these non-free programs,
they should know the risks.

-- 
Nicolás Ortega Froysa
Vivu lante, vivu feliĉe!
https://themusicinnoise.net/
http://uk7ewohr7xpjuaca.onion/
Public PGP Key:
https://themusicinnoise.net/nortega@themusicinnoise.net_pub.asc
http://uk7ewohr7xpjuaca.onion/nortega@themusicinnoise.net_pub.asc

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

[-- Attachment #2: Type: text/plain, Size: 183 bytes --]

_______________________________________________
libreplanet-discuss mailing list
libreplanet-discuss@libreplanet.org
https://lists.libreplanet.org/mailman/listinfo/libreplanet-discuss