In the free software community, we are already faced with some very critical problems that need to be addressed sooner rather than later, with the number continuously growing all of the time. One of these critical problems involves the way free software source code is hosted and shared with the community.
In the recent past, some may remember that gitorious, a large host of free software source code repositories for a number of projects, was sold to a company who has has a record of not acting in the best interest of the free software community. Gitorious was folded and many projects were left without a place to host source code. The same can be said for the non-free Google Code which became defunct a few months ago. Another example of a hosting provider gone bad was sourceforge. While sourceforge was not free software in of itself, its parent company was sold long ago and now acts against the interests of its users and those who host free software projects there. Sadly, sourcefoge is still home to quite a few critical pieces of free software. We are now at a point where it is quite difficult to trust many pieces of free software[1] due to the fact that many use centralized hosting providers, like github, who could be bad actors or censor source code [2]. The centralization problem combined with the fact that most free software developers don't sign their code is a disaster and we can't put this issue off any longer. Even if developers did sign their code, these centralized hosts could easily manipulate repositories if they chose to do so since most who checkout source code don't fully check the code that they are getting. While I'm not fully against giving grade letters to various source code hosting providers, it is not solving the real issues that we are now faced with. We can't continue to endorse any one centralized place to host source code unless we want to continue to repeat history and make this issue more critical. To fix this, we need to: * advocate for individual projects to host their own source code repositories * make decentralized source code repositories more sane * Create tools to help decentralize these repositories (something like gittorrent). * draft a set of standards / practices to help fix the issue where developers don't sign their source code. With this, I hope that someone will listen and help some of us fix these issues. [1] While it is free software and can be reviewed, the point is that many of us don't have the time to fully audit these pieces that are not properly singed or see if they have been tampered with. [2] Repositories on github have been subject to removal due to DMCA takedown notices or governments getting involved. -- Robert Call (Bob) [email protected] http://librecmc.org
signature.asc
Description: This is a digitally signed message part
