Hi Daniel,
I think the inventory you propose can be interesting. If we do it, we might want to include what Free Software people use so we can say to others: "Here are tools that have proven useful to us in our work as a non-profit organization." That might be useful to others. Daniel Pocock <[email protected]> writes: > If the motion is revised to focus on something like "staff computers" > and people reply that only the firmware is non-free but they don't > tell us they are using non-free apps on their personal mobile phones > to do FSFE stuff then they are not respecting the intention of the > motion I am sorry, but I cannot see any way in which we could regulate what people do privately. What people do as part of their job for a Free Software organization, yes, but there has to be a limit when it comes to personal space. We do not want to run the FSFE like a police state that checks people's every move. > The motion should also apply to firmware. Think about some of the > following: > > - printer firmware: many modern network printers are automatically > phoning home to their manufacturer to report about usage and download > updates. > > - IP phones on your desk: how do you know the microphone can't be > switched on remotely if it runs non-free firmware? In fact, such > exploits are well known Ok, that is a good point. What about (potentially malicious) circuitry? Should we include that as well? > Some organizations even generate these reports (or the skeleton of the > report) automatically, extracting a list of all known MAC addresses from > their switches and access points, installing management agents on every > host with a function to detect all installed binaries and also observing > all network connections and correlating them back to the respective > binaries. Such data could be cross referenced with checksums of trusted > binaries and the data could be annotated on a wiki page. That sounds like a great way to not spend staff time on this. So I see a path here to gather more support because spending limited staff time on such an inventory is really a blocker. It looks like you are familiar with some of those tools for generating reports and you would certainly be qualified to do annotations or possibly write software to automate the annotation process. Would you be willing to work on this? Happy hacking! Florian _______________________________________________ Discussion mailing list [email protected] https://lists.fsfe.org/mailman/listinfo/discussion This mailing list is covered by the FSFE's Code of Conduct. All participants are kindly asked to be excellent to each other: https://fsfe.org/about/codeofconduct
