On Sun, Jan 20, 2019 at 10:02:53PM -0500, bill-auger wrote:
> as much as i hate to be a web blanket :) - i must say that my
> suggestion to elect Nicolás the chief of this operation was entirely
> sarcastic - this discussion is all well intentioned, of course, but
> not very realistic
> 

I will admit that I did not notice your sarcasm, but that aside, what
I'm trying to do is brainstorm ideas to solve the problem that was
brought about by this thread. In a brainstorm we come up with a
multitude of ideas, expand on them, and if they don't work we reject
them. Obviously, this one has been rejected, not only be how infeasible
it would be to audit that multitude of packages, but because such
projects already exist (as you pointed out in the other subthread).
Therefore the most productive topic of conversation at this point would
be narrowing down our brainstorming to how we could improve the already
existing process for auditing software.

> and by the way, i don't recall anyone suggesting that proper licensing
> should be among the goals of this committee - that would actually be
> best as the first thing audited; because it is a significantly simpler
> task, and if the program is indeed improperly licensed, then the
> evaluation can stop there, because no one has any right to use it
> anyways - this is essentially the position of the FSDG distros by not
> distributing chromium; and users are generally advised not to use any
> software that the distro does not provide, regardless of any reasons
> *why* the distro does not provide it
> 

In my original reply I responded with the following statement (#5):

  5. It would greatly help the free distros, which are always working
  very hard to weed out software packages with non-free blobs. Proper
  auditing with a standard protocol would help to weed out these
  non-free packages in a more efficient and just manner.

Tying this back to my response to another subthread, if Debian Security
(or other security distro projects) don't already, it may be a good idea
to ask them to do so (if not only for their own sake). Of course, in the
case of the Debian project which has different repositories for non-free
software, I'm fairly certain that if they were to find non-free software
within a given package in the `main' repository they would notify the
maintainers to move it elsewhere.

> if you like (or even if you don't), you could consider the world of
> free software (and the internet, and all software, really) not
> much at all as alike to your grandmothers cozy, safe living room; but
> more realistically like the wild outback - it contains all sorts of
> savages, bandits and wolves, that have been there since the beginning
> and are not likely to go away anytime in the foreseeable future - free
> software is not to blame for that; it is a fact of life - free
> software is actually the only hope in reducing whatever damage to
> society of which such "bad neighbors" possess the potential to inflict
> 
> i would be sorry if that portrait frightens anyone away from using free
> software, but it is the very price you pay for freedom in this, the only
> universe we have to explore: everyone must be willing to accept the
> risks associated with their own actions, and learn how to avoid the
> activities which they consider to be dangerous; or else that person is
> not responsible enough to competently manage themselves with that
> particular level of freedom - there is a word for such people; they are
> usually called: "children" - as a mature adult, no one else will,
> should, or can accept those risks for you
> 
> the best that helpful shepherds can hope to do, is to warn Little Red
> Riding Hood not to talk to strange wolves, or to keep her locked in at
> home - the latter would be the metaphorical analog of turning your
> computer OFF, or trusting that purveyors of proprietary software (ala.
> MS/apple/google) can "protect" her for you - luckily, the moral of
> this story, is that the actual tangible "dangers" to this sort of
> activity are as mythical as the Big Bad Wolf himself - if one exercises
> basic common sense and restraint, then the worst "harm" those wolves can
> actually do, is to corrupt your data or to spy on your web browsing -
> they can not actually eat you, nor grandma - whew, now isn't that
> comforting and reassuring - let us rejoice :)
> 

Having freedom is certainly a resposibility, but that's one of the
reasons society exists in the first place. By distributing and
specializing different responsibilities between different members of the
community we achieve a much higher feat than if we were to simply act as
lone egoistic individuals. Relating this to free software, yes, we
should all know that our software could always contain some kind of
malicious code, or even code that accidentally does something horrible
to our machines. This is why most free software licenses come with a no
warranty clause. However we should still try to help one another to
prevent harm to those less prepared.

-- 
Nicolás Ortega Froysa
Vivu lante, vivu feliĉe!
https://themusicinnoise.net/
http://uk7ewohr7xpjuaca.onion/
Public PGP Key:
https://themusicinnoise.net/nortega@themusicinnoise.net_pub.asc
http://uk7ewohr7xpjuaca.onion/nortega@themusicinnoise.net_pub.asc