[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [GNU-linux-libre] Good practices for removing nonfree code found in
|
From: |
Jean Louis |
|
Subject: |
Re: [GNU-linux-libre] Good practices for removing nonfree code found in source code. |
|
Date: |
Sun, 10 Oct 2021 15:25:09 +0300 |
|
User-agent: |
Mutt/2.0.7+183 (3d24855) (2021-05-28) |
* Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org> [2021-10-06 23:10]:
> On Wed, 6 Oct 2021 17:35:43 +0300
> Jean Louis <bugs@gnu.support> wrote:
> > My idea is that software directory and similar projects should provide
> > digital, parsable database of software with their authors and original
> > servers of software distributions, then all distributions could access
> > such centralized database and choose by category and other tags and
> > facts, which software they wish to include in their
> > distribution. Information should be there which provides more
> > authenticity of the origin of software. PGP keys are really not enough
> > there. Like you said, if software comes from Samsung and from Samsung
> > website, that is pretty authentic, not absolute, but it becomes
> > reasonable.
> For Authors, in many cases, like with Linux, not all authors are
> known, but instead the copyrights are known.
And that is what I am saying that is risky. If recipient of any work
does not know author or copyright holder who need not be author,
then in court cases in some countries, not all, it would not, could
not be defense.
In general, regardless of copyrights like GPL license, if contribution
is proprietary it has to be removed, and new recipients could be made
liable especially if they did not conduct proper due diligence.
> For source I don't think there is much beside the usual checksums and/or
> gpg verification in all the distributions I looked at.
GPG verifications also mean nothing much as majority of users don't
follow PGP guidelines. It is false sense of security to only verify
that fingerprint matches the key. What one has to verify is the person
who claims to have that PGP key, and for that person to confirm the
fingerprint. If you have not verified person, the fingerprint of the
key Donald Trump will be correct, but it wasn't Donald Trump in the
first place.
--
Jean
Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns
In support of Richard M. Stallman
https://stallmansupport.org/
- Re: [GNU-linux-libre] Good practices for removing nonfree code found in source code., (continued)
- Re: [GNU-linux-libre] Good practices for removing nonfree code found in source code., Jean Louis, 2021/10/02
- Re: [GNU-linux-libre] Good practices for removing nonfree code found in source code., Denis 'GNUtoo' Carikli, 2021/10/03
- Re: [GNU-linux-libre] Good practices for removing nonfree code found in source code., bill-auger, 2021/10/04
- Re: [GNU-linux-libre] Good practices for removing nonfree code found in source code., Jean Louis, 2021/10/05
- Re: [GNU-linux-libre] Good practices for removing nonfree code found in source code., Denis 'GNUtoo' Carikli, 2021/10/05
- Re: [GNU-linux-libre] Good practices for removing nonfree code found in source code., Jean Louis, 2021/10/05
- Re: [GNU-linux-libre] Good practices for removing nonfree code found in source code., Denis 'GNUtoo' Carikli, 2021/10/06
- Re: [GNU-linux-libre] Good practices for removing nonfree code found in source code., Jean Louis, 2021/10/06
- Re: [GNU-linux-libre] Good practices for removing nonfree code found in source code., Denis 'GNUtoo' Carikli, 2021/10/06
- Re: [GNU-linux-libre] Good practices for removing nonfree code found in source code.,
Jean Louis <=
- Re: [GNU-linux-libre] Good practices for removing nonfree code found in source code., Denis 'GNUtoo' Carikli, 2021/10/11
- Re: [GNU-linux-libre] Good practices for removing nonfree code found in source code., Denis 'GNUtoo' Carikli, 2021/10/05
Re: [GNU-linux-libre] Good practices for removing nonfree code found in source code., Alexandre Oliva, 2021/10/02