* Matthew Toseland <toad at amphibian.dyndns.org> [2008-05-19 12:58:24]:
> > > > > software on people's machines which we didn't write, and which for all > > > > > we know could contain well hidden code to delete their hard disks on > > > > > July 4th just for a laugh. If we install this software, WE ARE > > > > > RESPONSIBLE FOR WHAT IS DOES. We don't have the resources to audit > > > > > this code, and we can't install anonymously written code on people's > > > > > computers without an audit. > > > > > > > > Agreed, that's a big concern... and reviewing all the 3rd party code we > > > > bundle is unrealistic. > > > > > > > You mean the database engine (BDBJE currently), the native big integer > code, > > > the java service wrapper, etc? > > > > We can make the assumption that they are widely used and that they were > > reviewed by competent people outside of freenet's scope. > > > > I don't think that making such an assumption for freenet-related code is > > wise; Who would use Thaw/jSite/Frost/... without freenet ? > > > > > Or you agree with Ian that we shouldn't bundle any freenet-related code? > > > > I agree with Ian that bundling freenet-related code might lead to > > problems... Both from the PR PoV and from the legal one. > > In which case, we should simply link to the freesites for popular > applications? That would be much better imho -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20080519/a14f9948/attachment.pgp>
