On 2016-03-11 05:23:02, Holger Levsen wrote: > Hi anarcat, > > I've just read http://anarc.at/blog/2016-03-10-keybase/ and I have looked at > keybase in more detail a year or so ago… and am puzzled to learn that you > think that this perceptive crappy tool which is also suggesting crappy > workflows should be packaged and shipped in Debian. > > Can you explain why this would be good? For Debian? For the free software > community?
I think I have made it clear in the blog post, but I can reiterate here. * The keybase client is free software * Keybase helps users getting familiar with cryptographic identity and authentication (even though it has flaws in the ways it does even that) * Keybase allows to extend the web of trust by leveraging "trusted" social networking sites There are numerous pieces of software in Debian that interoperate with commercial services. We have had that debate numerous times, yet we still allow free software that talks to Twitter, Google, Facebook and Github, and rightly so, in my opinion. Facebook encourages very bad privacy practices, Google surveils everyone, and Twitter has basically become an ad-delivery system. Should we ban all software that interact with those from Debian? > I can understand how this is good for the company behind it… Honestly, the company doesn't need Debian to package this - they already have a lovely Debian package, based on the Chromium packaging (for the auto-updater) and a absolutely delightful curl | bash pipeline on the download page. If our users are going to use keybase, they might as well have a more secure way of installing it than that ridiculous tradition. Besides, I am not pushing for anyone in particular to pick this up here. This can stay a RFP until upstream wakes up, for example, or some user that actually wants to fix this provides a package. I merely commented here to point to the new client, nothing more. A. -- feature, n: a documented bug | bug, n: an undocumented feature - Mario S F Ferreira <li...@freebsd.org>