[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Informing users that the directory doesn't review binaries. Was: [GN
From: |
bill-auger |
Subject: |
Re: Informing users that the directory doesn't review binaries. Was: [GNU-linux-libre] Criteria for Android applications |
Date: |
Tue, 2 Nov 2021 15:27:39 -0400 |
On Tue, 2 Nov 2021 02:43:02 +0100 Denis wrote:
> I propose changing it to:
> > we don't review any of the binaries releases ; For instance
> > if an application is also available on Apple's Appstore, the binary
> > distributed through it will not be free software
thats an improvement; but its a weak disclaimer, as to why the
FSD can not relate to binaries - the strongest one would be:
> > Although the source code has been determined to be libre, it is
> > prohibitively difficult to determine whether or not any binary
> > was actually produced from those libre sources exactly and exclusively.
presumably, everyone would agree that a binary from libre
sources plus an injected virus, is worse than an "app store"
binary, which is actually clean (harmless), but is non-free -
especially when it is non-free only because of hardware/system
limitations or some third-party distributor's policies, not
because of any property of the software or it's upstream license
in short, i would emphasize non-reproducibility/non-auditability
as the main dangers of binaries, to make it clear that the danger
lies in:
"binaries compiled by anyone other than me"
and not merely
"binaries from repos with libre-hostile policies"
whether from a distro or directly from the upstream, in either
case, the only person who could know what went into the binary,
was the person who compiled it; and that person was not "you" nor
the FSD volunteers - to people looking for binaries, that supply
chain factor is probably more important than permission to
modify or share (or access to the source code)