[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNU-linux-libre] clients which necessarily execute non-free remote blob

From: bill-auger
Subject: [GNU-linux-libre] clients which necessarily execute non-free remote blobs
Date: Tue, 13 Apr 2021 13:36:05 -0400

On Tue, 13 Apr 2021 00:51:36 -0400 Richard wrote:
> Let's not continue arguing about this, please.
> There isn't a problem here we need to do anything about.
> Let's not let it eat up our time.

i believe that you misunderstood the question - i have a habit
of poorly choosing the thread subject - AFAIK, this question has
never been discussed in this list; and i do not expect to be
time consuming - i will not argue a single word, if you simply
give your advice once

this question is not about complex copyright or patent laws, nor
any specific program - it is only about _your_ definition of
freedom #1: the ability to inspect code before executing it

the scenario is the binary equivalent of this program:

  while sleep 1
  do curl | bash || exit

* the fetch URL is hard-coded into the binary
* is generated dynamically upon each request
* executing the non-free code is not optional,
  but intrinsic to the program's operation

although the released client is 100% free software, the behavior
of the binaries are effectively non-free, because it is
impossible for the user to inspect all of the code executing on
the local machine - surely, this falls short of freedom #1

users of that binary are most likely to be unaware of this
"trojan horse" or "back-door" feature; and regardless, they would
need to modify the source code and re-compile, in order to
inspect the incoming ephemeral code - even so, that ephemeral
code is likely to be an opaque or obfuscated blob

i think that the FSDG already requires such a feature to be
optional (for example, by making the fetch URL to be
user-configurable, and empty by default) - i am only asking for
confirmation, of what seems to be a subtle, yet definite
restriction of freedom #1, in the distributed binaries

ie: shouldn't users expect that all executables, will _not_
necessarily execute non-free code?

reply via email to

[Prev in Thread] Current Thread [Next in Thread]