[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Repo-criteria-discuss] The GNU ethical repository criteria will only ha
Robert Call (Bob)
[Repo-criteria-discuss] The GNU ethical repository criteria will only harm free software.
Sat, 17 Oct 2015 07:08:31 -0400
In the free software community, we are already faced with some very
critical problems that need to be addressed sooner rather than later,
with the number continuously growing all of the time. One of these
critical problems involves the way free software source code is hosted
and shared with the community.
In the recent past, some may remember that gitorious, a large host of
free software source code repositories for a number of projects, was
sold to a company who has has a record of not acting in the best
interest of the free software community. Gitorious was folded and many
projects were left without a place to host source code. The same can be
said for the non-free Google Code which became defunct a few months ago.
Another example of a hosting provider gone bad was sourceforge. While
sourceforge was not free software in of itself, its parent company was
sold long ago and now acts against the interests of its users and those
who host free software projects there. Sadly, sourcefoge is still home
to quite a few critical pieces of free software.
We are now at a point where it is quite difficult to trust many pieces
of free software due to the fact that many use centralized hosting
providers, like github, who could be bad actors or censor source code
. The centralization problem combined with the fact that most free
software developers don't sign their code is a disaster and we can't put
this issue off any longer. Even if developers did sign their code, these
centralized hosts could easily manipulate repositories if they chose to
do so since most who checkout source code don't fully check the code
that they are getting.
While I'm not fully against giving grade letters to various source code
hosting providers, it is not solving the real issues that we are now
faced with. We can't continue to endorse any one centralized place to
host source code unless we want to continue to repeat history and make
this issue more critical.
To fix this, we need to:
* advocate for individual projects to host their own source code
* make decentralized source code repositories more sane
* Create tools to help decentralize these repositories (something like
* draft a set of standards / practices to help fix the issue where
developers don't sign their source code.
With this, I hope that someone will listen and help some of us fix these
 While it is free software and can be reviewed, the point is that
many of us don't have the time to fully audit these pieces that are not
properly singed or see if they have been tampered with.
 Repositories on github have been subject to removal due to DMCA
takedown notices or governments getting involved.
Robert Call (Bob)
Description: This is a digitally signed message part
- [Repo-criteria-discuss] The GNU ethical repository criteria will only harm free software.,
Robert Call (Bob) <=