[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [libreplanet-discuss] Free software is not trusted software

From: Julian Daich
Subject: Re: [libreplanet-discuss] Free software is not trusted software
Date: Sun, 20 Jan 2019 23:54:16 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1

El 20/1/19 a las 19:01, Nicolás Ortega Froysa escribió:
> On Sat, Jan 19, 2019 at 03:34:50PM +0100, Julian Daich wrote:
>> El 19/1/19 a las 11:41, Nicolás Ortega Froysa escribió:
>>> 1. With various people manually auditing software packages, it increases
>>> the probability that these kinds of malware will be caught.
>>> 2. The members of this group will most likely be either already known
>>> members of the free software community, whom we can trust, or new
>>> members that, although not immediately trustworthy, will become more
>>> commonly known members soon after joining.
>> Who will pay this people, who will take responsability of their work and
>> in what extend it is different in what we have today?
> To answer your first question, the group would consist of vulunteers.
> That being said, like with most FLOSS projects, if such a group were to
> attract the attention of companies using free software, it may receive
> full-time paid efforts, but we shouldn't count on this.


I paste an answer I just replayed to some folk in private.

Who will be the reviewers? If you cannot solve this question for the
maintainers you hardy will solve it for the reviewers.

It will not be simpler and eventually more effective just to rank the
trustability of the software according to the ratio of reviewers/



> As for the contrast between what this would be and what we currently
> have, correct me if I'm wrong (I very well may be), but most of today's
> security auditing takes place on a per-project basis and mostly relies
> on people looking for security bugs within a project. However, this
> isn't really what we're talking about with this thread, but rather
> projects whose maintainers are actively inserting malware into their
> projects (that being said, I think we should make a distinction here
> between malware, features that could have potentially malicious
> consequences, and anti-features that can be disabled). The purpose would
> be to take a look at such projects that do not have proper security
> auditing and putting efforts of volunteers to audit this.
> It's also worth noting that this would make for another outlet for
> people who are interested in security and free software to enter the
> field and get their foot in the door.
> _______________________________________________
> libreplanet-discuss mailing list

Julian Daich


reply via email to

[Prev in Thread] Current Thread [Next in Thread]