On Thu, May 14, 2015 at 18:55:15 +0000, Jacob Appelbaum wrote: > What phone that uses a modern telephone network doesn't? I mean, I'm a > fan of my motorola c123 as much as anyone... And even with replicant, > effectively no baseband is free software and the one or two that are > free, they're not usable or useful.
Let me rephrase my position - as part of the F-Droid project, our goal is for apps to be free software. We have ways to warn users about free software apps externally depending on non-free software, like Telegram relies on the server side which is non-free. The same would apply if you could use GCM entirely from free software. You would still depend on the GCM service and daemon being running on the device, but at least your apk would be completely free software. In a way, when we say that there are external non-free dependencies, we're delegating the responsibility to someone else. In the case of GCM, we're delegating it to Replicant :) Or whoever wishes to replace the google apps system, for example nogapps. > I think it is reasonable to ask for removal of known vulnerable > software when a newer version that fixes the issues is released. > Especially for high profile, high security software. It's not about known vulnerable software, it's about just old software. We do encourage users to update apps much like google play does, with notifications. What he suggested is that we somehow force users to update if they don't do it themselves, like showing popups frequently about it. I can see the good intentions here, but I won't have F-Droid stop working just because the user decided to keep an older version of an app whatever the reason may be. > I think requiring analytics is a bit fussy though. :) If done well, it might work. Of course we don't have time to investigate on that :) > Exciting! Is there a document that explains this process? Hans already provided the details, he's the one getting the funding for it and doing the heavylifting for now. > It is free software but it is partially non-functional without GCM. > That is a bummer but it doesn't make it non-free software in my view. > wget on Windows is still Free Software even if it runs on an awfully > non-free platform. When building apks, the android build tools "statically link" libraries into the package. So the non-free GCM library is bundled with textsecure. I think that makes it non-free. If the GCM library were reverse-engineered, or had a free alternative, then we'd just be talking about the non-free external dependency of GCM, which is in line with what you're saying. > SMS can be done with Free Software on a C123 - so the full stack is > possible. I don't think that is true for GCM, yet. That's slightly > better in my view. Though there is obviously the issue with SIM cards > (non free software, non-free hardware). You can also use SIP but the > SS7 backbone isn't free either. :-( > > Ironically, any place where Android or Android with F-Droid runs is > not one of those places. Most SMS uses a non-free baseband and many of > those baseband CPUs are... in control of the Free Software driven > application CPU. Doh. All I can say is, F-Droid is native Java and only depends on Android. So, in theory, if you can get Android working on any device, it should support F-Droid out of the box. -- Daniel Martí - [email protected] - http://mvdan.cc/ PGP: A9DA 13CD F7A1 4ACD D3DE E530 F4CA FFDB 4348 041C _______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: [email protected]
