On Wed, Jan 16, 2019 at 09:44:43PM -0600, J.B. Nicholson wrote: > Lyberta wrote: > > Today the Internet is filled with malware that is free software: > > > > https://lyberta.net/articles/tech/free_sw_untrusted.html > > The article points out that auditing matters and I concur -- there's no > substitute for auditing by someone one trusts. There's too much free > software for anyone to do this alone but collectively we can get more of > this done. >
Considering that this is an issue that would affect nearly all distros, it may be a good idea to setup a central collective group for auditing software. This would help in various regards: 1. With various people manually auditing software packages, it increases the probability that these kinds of malware will be caught. 2. The members of this group will most likely be either already known members of the free software community, whom we can trust, or new members that, although not immediately trustworthy, will become more commonly known members soon after joining. 3. It gives people who are looking for ways to contribute to free software another way to contribute without necessarily having to code or write documentation. It could also be a gateway for these individuals to learn about these projects and contribute to them later. 4. Having a central and transparent intelligence on which kinds of projects tend to have malware in them would help us to optimize the auditing process, even automating certain elements of it, and know which kinds of software are more prone to contain malware. 5. It would greatly help the free distros, which are always working very hard to weed out software packages with non-free blobs. Proper auditing with a standard protocol would help to weed out these non-free packages in a more efficient and just manner. Certain conditions would be needed to make sure that the effort is as distribution-agnostic as possible, but I believe such an effort would greatly benefit the free software community. -- Nicolás Ortega Froysa Vivu lante, vivu feliĉe! https://themusicinnoise.net/ http://uk7ewohr7xpjuaca.onion/ Public PGP Key: https://themusicinnoise.net/nortega@themusicinnoise.net_pub.asc http://uk7ewohr7xpjuaca.onion/nortega@themusicinnoise.net_pub.asc
signature.asc
Description: PGP signature
_______________________________________________ libreplanet-discuss mailing list libreplanet-discuss@libreplanet.org https://lists.libreplanet.org/mailman/listinfo/libreplanet-discuss