On Sat, Jan 19, 2019 at 03:34:50PM +0100, Julian Daich wrote: > El 19/1/19 a las 11:41, Nicolás Ortega Froysa escribió: > > 1. With various people manually auditing software packages, it increases > > the probability that these kinds of malware will be caught. > > > > 2. The members of this group will most likely be either already known > > members of the free software community, whom we can trust, or new > > members that, although not immediately trustworthy, will become more > > commonly known members soon after joining. > > Who will pay this people, who will take responsability of their work and > in what extend it is different in what we have today? >
To answer your first question, the group would consist of vulunteers. That being said, like with most FLOSS projects, if such a group were to attract the attention of companies using free software, it may receive full-time paid efforts, but we shouldn't count on this. As for the contrast between what this would be and what we currently have, correct me if I'm wrong (I very well may be), but most of today's security auditing takes place on a per-project basis and mostly relies on people looking for security bugs within a project. However, this isn't really what we're talking about with this thread, but rather projects whose maintainers are actively inserting malware into their projects (that being said, I think we should make a distinction here between malware, features that could have potentially malicious consequences, and anti-features that can be disabled). The purpose would be to take a look at such projects that do not have proper security auditing and putting efforts of volunteers to audit this. It's also worth noting that this would make for another outlet for people who are interested in security and free software to enter the field and get their foot in the door. -- Nicolás Ortega Froysa Vivu lante, vivu feliĉe! https://themusicinnoise.net/ http://uk7ewohr7xpjuaca.onion/ Public PGP Key: https://themusicinnoise.net/[email protected]_pub.asc http://uk7ewohr7xpjuaca.onion/[email protected]_pub.asc
signature.asc
Description: PGP signature
_______________________________________________ libreplanet-discuss mailing list [email protected] https://lists.libreplanet.org/mailman/listinfo/libreplanet-discuss
