From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS22989 209.51.188.0/24 X-Spam-Status: No, score=-2.8 required=3.0 tests=AWL,BAYES_00,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id 1815B1F453 for ; Mon, 21 Jan 2019 22:47:00 +0000 (UTC) Received: from localhost ([127.0.0.1]:35337 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gliLK-0007kd-GW for e@80x24.org; Mon, 21 Jan 2019 17:46:58 -0500 Received: from eggs.gnu.org ([209.51.188.92]:39348) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gliKu-0007jd-QD for libreplanet-discuss@libreplanet.org; Mon, 21 Jan 2019 17:46:33 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gliKs-0003dW-Md for libreplanet-discuss@libreplanet.org; Mon, 21 Jan 2019 17:46:32 -0500 Received: from eastern.maple.relay.mailchannels.net ([23.83.214.55]:45448) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gliKq-0003bn-LO for libreplanet-discuss@libreplanet.org; Mon, 21 Jan 2019 17:46:29 -0500 X-Sender-Id: dreamhost|x-authsender|bill-auger@peers.community Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 3DE835C36E5 for ; Mon, 21 Jan 2019 22:46:26 +0000 (UTC) Received: from pdx1-sub0-mail-a71.g.dreamhost.com (unknown [100.96.35.77]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id ED5A35C4968 for ; Mon, 21 Jan 2019 22:46:25 +0000 (UTC) X-Sender-Id: dreamhost|x-authsender|bill-auger@peers.community Received: from pdx1-sub0-mail-a71.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.16.2); Mon, 21 Jan 2019 22:46:26 +0000 X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|bill-auger@peers.community X-MailChannels-Auth-Id: dreamhost X-Coil-Language: 517652406d0056be_1548110786079_2421368274 X-MC-Loop-Signature: 1548110786079:1773432886 X-MC-Ingress-Time: 1548110786078 Received: from pdx1-sub0-mail-a71.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a71.g.dreamhost.com (Postfix) with ESMTP id A832E803FC for ; Mon, 21 Jan 2019 14:46:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=peers.community; h=date :from:to:subject:message-id:in-reply-to:references:mime-version :content-type:content-transfer-encoding; s=peers.community; bh=g 5AzW78gjpXM7KCHj6v8fFQz29I=; b=EzCi+u3bqflFNJ/9gmxa5YkpGBqtyaayr 2zDixKKIqZav4QRtm2HINS0pqz4uHjZhAo82gYHFhrynUzr/DYFmnGLhGkfhwmlT oCvmptzy3YtL0pWZyya2l5/xRfgZXSRdF0YrSv7XKLwF6tFt/CcyhA77soNYOvc4 NeSSKdNDVU= Received: from parabola (75-138-186-142.dhcp.oxfr.ma.charter.com [75.138.186.142]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: bill-auger@peers.community) by pdx1-sub0-mail-a71.g.dreamhost.com (Postfix) with ESMTPSA id 518C4803F4 for ; Mon, 21 Jan 2019 14:46:24 -0800 (PST) Date: Mon, 21 Jan 2019 17:45:57 -0500 X-DH-BACKEND: pdx1-sub0-mail-a71 From: bill-auger To: libreplanet-discuss@libreplanet.org Message-ID: <20190121174557.02f67d92@parabola> In-Reply-To: <63d245bd-e99c-5075-afdf-bd3da68b19b4@andrewnesbit.org> References: <938ef1bb-bb7e-54c3-5043-2aeb5fa9509d@forestfield.org> <20190119104143.GC1380@athena.localdomain> <20190120180102.GA1383@athena.localdomain> <63d245bd-e99c-5075-afdf-bd3da68b19b4@andrewnesbit.org> X-Mailer: Claws Mail 3.17.3 (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 X-VR-OUT-STATUS: OK X-VR-OUT-SCORE: 0 X-VR-OUT-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedtledrheejgddtvdcutefuodetggdotefrodftvfcurfhrohhfihhlvgemucggtfgfnhhsuhgsshgtrhhisggvpdfftffgtefojffquffvnecuuegrihhlohhuthemuceftddtnecunecujfgurhepfffhvffukfgjfhfogggtgfesthekredtredtheenucfhrhhomhepsghilhhlqdgruhhgvghruceosghilhhlqdgruhhgvghrsehpvggvrhhsrdgtohhmmhhunhhithihqeenucffohhmrghinhepuggvsghirghnrdhorhhgnecukfhppeejhedrudefkedrudekiedrudegvdenucfrrghrrghmpehmohguvgepshhmthhppdhhvghlohepphgrrhgrsgholhgrpdhinhgvthepjeehrddufeekrddukeeirddugedvpdhrvghtuhhrnhdqphgrthhhpegsihhllhdqrghughgvrhcuoegsihhllhdqrghughgvrhesphgvvghrshdrtghomhhmuhhnihhthieqpdhmrghilhhfrhhomhepsghilhhlqdgruhhgvghrsehpvggvrhhsrdgtohhmmhhunhhithihpdhnrhgtphhtthhopehlihgsrhgvphhlrghnvghtqdguihhstghushhssehlihgsrhgvphhlrghnvghtrdhorhhgnecuvehluhhsthgvrhfuihiivgeptd X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 23.83.214.55 Subject: Re: Free software is not trusted software X-BeenThere: libreplanet-discuss@libreplanet.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="windows-1252" Content-Transfer-Encoding: quoted-printable Errors-To: libreplanet-discuss-bounces+e=80x24.org@libreplanet.org Sender: "libreplanet-discuss" On Mon, 21 Jan 2019 08:05:23 +0000 Andrew wrote: > On 20/01/2019 18:01, Nicol=E1s Ortega Froysa wrote: > > It's also worth noting that this would make for another outlet for > > people who are interested in security and free software to enter the > > field and get their foot in the door. = > = > This is an excellent motivation. more committees are rarely, if ever, desirable - splintering of efforts leads to redundant efforts, and therefore wasted time - a far better approach would be for the community to focus more on the existing "outlets", that are already equipped and experienced in this very task, because they have been doing it for many years (such as their distro maintainers - for example: https://www.debian.org/security/audit/) - some of them have been doing exactly what is being proposed here for more time than some people reading this have existed in this planet - no one needs a new invitation to put their foot into any new doors - those doors already exist and are already encouraging everyone to involve themselves - please do feel free to put your foot into one of those existing doors today - to conclude that a brand new separate committee would somehow do a better job is very myopic, uninformed, and and therefore not sincerely motivated note this quote from the debian security team wiki page: Due to the sheer size of the current Debian release it is infeasible for a small team to be able to audit all the packages, so there is a system of prioritizing packages which are more security sensitive. debian has the largest team of maintainers of any distro in existence and that has been true for more time than most of its software has existed - if they are conceding that they do not have enough help to comprehensively audit all of the software that debian distributes, how could any reasonable person presume that it would be more effective to create a new separate team from zero, with the goal of auditing all software in existence? such efforts, when focused around your software distribution of choice, are better organized and tailored to your system, and so optimally effective; even if only because the decisions made in that committee, directly determine which software is available in the distro's repos and which is plainly unavailable - as long as users are well-advised to avoid software that is not provided by their distrro, then users who are not interested in, or qualified for, auditing software, or participating in the security discussions, can casually and confidently use whatever software that exists in their distro's repos, and effortlessly ignore what is not there the only rational arguments that i can foresee that could oppose anything i just wrote are of this sort: * i refuse to use a free software operating system * i do not trust the maintainers of my distro * i routinely use software that my distro does not endorse anyone with any such objection is intentionally creating an avoidable problem for themselves (aka. a false dilemma); a self-imposed problem that is no reflection of the state of free software nor free software distros, but indicative of one's lack of faith in and/or dedication to the merits and principals of free software _______________________________________________ libreplanet-discuss mailing list libreplanet-discuss@libreplanet.org https://lists.libreplanet.org/mailman/listinfo/libreplanet-discuss