From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS22989 209.51.188.0/24 X-Spam-Status: No, score=-4.0 required=3.0 tests=AWL,BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id D26431F453 for ; Sun, 20 Jan 2019 18:17:39 +0000 (UTC) Received: from localhost ([127.0.0.1]:42861 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1glHf8-0005Ju-54 for e@80x24.org; Sun, 20 Jan 2019 13:17:38 -0500 Received: from eggs.gnu.org ([209.51.188.92]:40307) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1glHeg-0005JS-Kd for libreplanet-discuss@libreplanet.org; Sun, 20 Jan 2019 13:17:14 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1glHea-0002AW-MO for libreplanet-discuss@libreplanet.org; Sun, 20 Jan 2019 13:17:10 -0500 Received: from v-64-94-238-142.unman-vds.inap-atlanta.nfoservers.com ([64.94.238.142]:35470 helo=themusicinnoise.net) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1glHeZ-00029Q-Ck for libreplanet-discuss@libreplanet.org; Sun, 20 Jan 2019 13:17:03 -0500 Received: from athena.localdomain (unknown [199.254.238.211]) (Authenticated sender: nortega@themusicinnoise.net) by themusicinnoise.net (Postfix) with ESMTPSA id D94BB7748 for ; Sun, 20 Jan 2019 13:17:00 -0500 (EST) Date: Sun, 20 Jan 2019 19:16:56 +0100 From: =?utf-8?Q?Nicol=C3=A1s?= Ortega Froysa To: libreplanet-discuss@libreplanet.org Message-ID: <20190120181656.GC1383@athena.localdomain> Mail-Followup-To: libreplanet-discuss@libreplanet.org References: <938ef1bb-bb7e-54c3-5043-2aeb5fa9509d@forestfield.org> <20190119104143.GC1380@athena.localdomain> MIME-Version: 1.0 In-Reply-To: X-Info: Please consider encrypting e-mails. X-Message-Flag: Stop using OutLook, it spies on you! User-Agent: Mutt/1.11.2 (2019-01-07) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 64.94.238.142 Subject: Re: Free software is not trusted software X-BeenThere: libreplanet-discuss@libreplanet.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============0284075933295652022==" Errors-To: libreplanet-discuss-bounces+e=80x24.org@libreplanet.org Sender: "libreplanet-discuss" --===============0284075933295652022== Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="0vzXIDBeUiKkjNJl" Content-Disposition: inline --0vzXIDBeUiKkjNJl Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Jan 19, 2019 at 11:37:24PM +0100, al3xu5 / dotcommon wrote: > Il giorno sabato 19/01/2019 11:41:43 +0100 > Nicol=C3=A1s Ortega Froysa ha scritto: >=20 > > On Wed, Jan 16, 2019 at 09:44:43PM -0600, J.B. Nicholson wrote: > > > Lyberta wrote: =20 > > > > Today the Internet is filled with malware that is free software: > > > >=20 > > > > https://lyberta.net/articles/tech/free_sw_untrusted.html =20 > > >=20 > > > The article points out that auditing matters and I concur -- there's = no > > > substitute for auditing by someone one trusts. There's too much free > > > software for anyone to do this alone but collectively we can get more= of > > > this done. > > > =20 > >=20 > > Considering that this is an issue that would affect nearly all distros, > > it may be a good idea to setup a central collective group for auditing > > software. This would help in various regards: >=20 > [...] >=20 > > Certain conditions would be needed to make sure that the effort is as > > distribution-agnostic as possible, but I believe such an effort would > > greatly benefit the free software community. >=20 > It would be a very big effort, but probably useless because it would rema= in a > couple of big problems: >=20 > - "cleaning" software do not "clean" hardware, that is closed (and almost > certainly will remain so) and is where the most dangerous malware resid= es >=20 This process wouldn't be about cleaning the software itself (at least that wasn't my initial proposal), but to identify malicious software so it may be removed from distro repositories. As for hardware, as you said, it's not an easy issue to solve. However, using hardware that fully respects your freedom is a good way to make it easier for such a group to audit said hardware as well as its drivers and firmware (although we should really take this a step at a time). Therefore, my argument is that simply because we lack the means to solve the entire problem doesn't mean we can't start solving a part of it. > - in my (heretic) opinion, free software have two "big" bugs: allows comm= ercial > use (which attracts the worst "intentions") and has the LGPL (which all= ows > any non-free software -- including malware -- to fall through the back = door) >=20 These two issues seem to be irrelevant to the proposal being made at the moment, but are rather critiques of free software itself. In which case it may be a good idea to bring it up in a new thread. It's also worth noting that your critique seems to come from a perspective of someone who doesn't use exclusively free software (as seen by your critique of the LGPL), which is past the point where we can do anything. If someone is using non-free software, unless we want to invest an astronomically larger amount of time in reverse-engineering these non-free programs, they should know the risks. --=20 Nicol=C3=A1s Ortega Froysa Vivu lante, vivu feli=C4=89e! https://themusicinnoise.net/ http://uk7ewohr7xpjuaca.onion/ Public PGP Key: https://themusicinnoise.net/nortega@themusicinnoise.net_pub.asc http://uk7ewohr7xpjuaca.onion/nortega@themusicinnoise.net_pub.asc --0vzXIDBeUiKkjNJl Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEbA1Y/Gh3UJXwpPI6/scOO64uab8FAlxEuxIACgkQ/scOO64u ab8Ogw//RWMP3AN/ghuwGT52+DA/a6s1j2hCP+xBR4SIGXlO29Ula/+jQoQuGKOt nUbsz7zAYmDw6i/bnEVXEumXvWFDhKI3MIpt94zhaAzm1G/tYwF5Db1ZTIfxZ351 ZmSJ7CF+ecSOhwJWnSE1MapanT9OeLXiVdy35rV76PdW1ZFYaj9dLGxB+Bdayjm1 gn1BcUqinwEENSEplHEqEhUvjr2WADcrD0KvtsXjB2sk72TL1pSMOAS9y/cwzXrf c8v5xCkrli9014+4Z1y1NeeCZewIDL4Io3tsa+/hKzvMjRDr03BtwesGv8tHn/zE zCpAMjtJXl9LrG4lYWuJZbLP38wUkdTCossW9dVaKEwvqZr9cvGIRKGR2nVWPsy1 EtC0d/YIbt8wsbHpYdrHaFOUf+YvgtXBiR/AUJDTgPtuY+c8EnGWJiSnrQGMyjLf G4LeKOx/o0fhA8AACsaZbpZIJuCMVg6Azlb3lNREmB3w7Fi3hEz2am0W3Mxe9RLw 7dPEsn7LgyTiB2Sm0FZ52AYBCLQlJyKjzitDfJzlWICDizPPNEFFhGapzi73Fdwx fKkIiujnYluEhcZw3awtaCPsM7V7B6rvXv1WQn9TZ8ITAVOu2aUJE1AI2wwEvxUp rDsRdxwTDfnr3Xbveq09eF9xEA3PYw20eRwA7ph6mDn6ws+Z9KI= =bEsZ -----END PGP SIGNATURE----- --0vzXIDBeUiKkjNJl-- --===============0284075933295652022== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ libreplanet-discuss mailing list libreplanet-discuss@libreplanet.org https://lists.libreplanet.org/mailman/listinfo/libreplanet-discuss --===============0284075933295652022==--