* Matthew Toseland <[EMAIL PROTECTED]> [2008-05-19 12:58:24]: > > > > > software on people's machines which we didn't write, and which for all > > > > > we know could contain well hidden code to delete their hard disks on > > > > > July 4th just for a laugh. If we install this software, WE ARE > > > > > RESPONSIBLE FOR WHAT IS DOES. We don't have the resources to audit > > > > > this code, and we can't install anonymously written code on people's > > > > > computers without an audit. > > > > > > > > Agreed, that's a big concern... and reviewing all the 3rd party code we > > > > bundle is unrealistic. > > > > > > > You mean the database engine (BDBJE currently), the native big integer > code, > > > the java service wrapper, etc? > > > > We can make the assumption that they are widely used and that they were > > reviewed by competent people outside of freenet's scope. > > > > I don't think that making such an assumption for freenet-related code is > > wise; Who would use Thaw/jSite/Frost/... without freenet ? > > > > > Or you agree with Ian that we shouldn't bundle any freenet-related code? > > > > I agree with Ian that bundling freenet-related code might lead to > > problems... Both from the PR PoV and from the legal one. > > In which case, we should simply link to the freesites for popular > applications?
That would be much better imho
signature.asc
Description: Digital signature
_______________________________________________ Devl mailing list Devl@freenetproject.org http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl