frankly, i think that if this discussion is to be continued with any sincerity, then it begs for a new "subject" heading; because the present one is less indicative of a constructive discussion topic than ignominious click-bait
On Tue, 22 Jan 2019 11:07:48 +0100 Nicolás wrote: > Therefore the most productive topic of conversation at > this point would be narrowing down our brainstorming to how we could > improve the already existing process for auditing software. i do think that the most notable deficiency is lack of involvement from users, and resources in general; but i dont think anything is currently being done improperly, suggesting any specific improvements - most software projects, from the smallest to the largest, are under-staffed at their roots, almost characteristically so; but most responsible dev teams would do, and indeed do, these sort of self-evaluations themselves, if and when they can manage the well established, routine "best-practice" task of code-review that was not to indicate any particular failure of any party - i would say it's just a case of too few cooks trying to feed a disproportionate number of passive customers who give nothing in return (and i dont mean cash - bug reports and discussions are far more valuable) - perhaps many do not "feel" empowered to help; but that would be entirely unfounded, and not any fault of the developers - absolutely everyone can and should participate, and no explicit invitation is required; because participation generally is the default expectation upon users of free software On Tue, 22 Jan 2019 11:07:48 +0100 Nicolás wrote: > 5. It would greatly help the free distros, which are always working > very hard to weed out software packages with non-free blobs. Proper > auditing with a standard protocol would help to weed out these > non-free packages in a more efficient and just manner. > > if Debian > Security (or other security distro projects) don't already, it may be > a good idea to ask them to do so your point #5 is nearly the same as all that i suggested; only the perspective is inverted - for the most part, there is no other, new "it" that would be needed to help distros to do anything that they are not already doing - all distros want their software to be bug-free, and to varying degrees: privacy-respecting and audit-able; and they already do as well as they possibly can to ensure that - they may not all have a formal "security team", but there is probably nothing new to ask of any of them other than "how can i help you to acquire more people-power or educate software users?" On Tue, 22 Jan 2019 11:07:48 +0100 Nicolás wrote: > I'm fairly certain that if they > were to find non-free software within a given package in the `main' > repository they would notify the maintainers to move it elsewhere. i am too - i think non-free software can be safely ignored for the sake of this discussion On Tue, 22 Jan 2019 11:07:48 +0100 Nicolás wrote: > yes, we should all know that our software could always contain some > kind of malicious code, or even code that accidentally does something > horrible to our machines. However we should still try to help > one another to prevent harm to those less prepared. again, i think we are in perfect agreement already - the wording of that indicates something is being added that i neglected to mention - i literally offered that particular "however" as the only real remedy there is - little red riding hood must be aware of the risks that she takes by venturing from the safely of grandma's living room, out into the wild wilderness; or she would be wiser to stay home - forest rangers are not needed when some common-sense survival skills will suffice, and are standard equipment that every explorer is wise to possess before leaving home perhaps more wise and conscientious shepherds are needed to offer such advice; but people generally do not respect advice if forced upon them by some authority - everyone is responsible for educating themselves, especially about topics that are subjective and otherwise outside the scope of a general school education; and i do think that most people prefer it that way - that is, for example, non-essential, leisure, luxury, entertainment activities such as goofing off on the internet; which is the reality of that for which people, who are the most in need of such advice, actually do "need" their computers and pocket-phones - this is no more essential nor mandatory than say: swimming lessons or bicycle safety advice for those who choose to swim or ride a bicycle, plus the extremely tiny sliver of the population who truly must engage in such otherwise optional activities (such as carrying a pocket-phone), *and* who are also actually interested in such "hand-holding" forms of instruction as long as good advice is available for the curious to find, responsible people will seek it and find it - if they are also wise, they may even heed it; but in the end, it is not actually anyone's responsibility to provide that advice - it would be nothing more compulsory or authoritative than a voluntary, neighborly, community service, to be appreciated or ignored, at each one's own personal discretion and/or peril the suggestion of a ratings system, for example, is a step quite out of line with friendly advice, suggesting a self-proclaimed authority - i dont think the world needs that - your distro is already that authority and your "shepherd", by the nature that they are the ones who are curating the software on behalf of the majority of free software users - that is precisely and entirely what distros exists for - the way that most distros advise against acquiring software from third-parties, and how debian separates non-free software from the main repos, and parabola's privacy repo, for examples, are sufficiently adequate as such guides for anyone curious enough to learn what those general distinctions are seriously let us start a new thread if this discussion is to continue - i would have, but personally, i can not think of anything more that needs discussing - how about: "Free Software Swimming Lessons" _______________________________________________ libreplanet-discuss mailing list [email protected] https://lists.libreplanet.org/mailman/listinfo/libreplanet-discuss
