Re: [GNU-linux-libre] yes, this is great freedom problem

gnu-linux-libre

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [GNU-linux-libre] yes, this is great freedom problem

From:	Denis 'GNUtoo' Carikli
Subject:	Re: [GNU-linux-libre] yes, this is great freedom problem
Date:	Sun, 5 Aug 2018 01:31:21 +0200

On Fri, 3 Aug 2018 21:38:33 -0400
bill-auger <address@hidden> wrote:

> the additional concern i added though, it seems you mis-understood -
> it was not merely about what is "available on the Web" to be run or
> avoided at the discretion of the user - the issue was regarding the
> case where the one and only functionality of a free client was to run
> arbitrary scripts sent to it willy-nilly from the server to be
> executed blindly on the client - such a program would be necessarily
> running non-free software locally on the user's machine and would be
> utterly useless if that behaviour was removed;
I understood correctly. I was just explaining my thoughts about where
to draw the line on theses issues as they seems to pop-up often.

I think that being as clear as possible towards users is a good way to
help draw that line.

I also often advocate for FSDG compatible distribution by focusing on
freedom and clarity to the users (everything is free software and users
won't install any nonfree software by accident, however some hardware
may not work so it's better to choose the hardware accordingly).

[...]
> i can not name any such clients off-hand, but i raise this issue
> because i was told that this is how the telegram client works
I don't know if it's still the case but I heard of:
- youtube-dl that downloads and runs nonfree JavaScript without warning
  the user about it for youtube.
- If I remember correctly, The paypal plugin in weboob.

> how about if your distro packages this little beauty for it's users:
> 
>   curl http://proprietary-service.com/random-unpublished.cgi | sudo
> bash
> 
> ok? - let's say it is GPL-licensed; so no FSDG conflict here right? -
> and let's say some people really enjoy this program - can't live
> without it - so the distro packages it and claims "it would be a
> dis-service to our users to remove this valuable program" - what does
> this do for your trust in your distro?
This would count as a security bug (arbitrary execution of code by the
people controlling that website, or anyone in between (http)...

Denis.

pgprRCsUCkY2N.pgp
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [GNU-linux-libre] yes, this is great freedom problem, (continued)
- Re: [GNU-linux-libre] yes, this is great freedom problem, Caleb Herbert, 2018/08/02
  - Re: [GNU-linux-libre] yes, this is great freedom problem, Jean Louis, 2018/08/02
    - Re: [GNU-linux-libre] yes, this is great freedom problem, bill-auger, 2018/08/02
    - Re: [GNU-linux-libre] yes, this is great freedom problem, Caleb Herbert, 2018/08/03
    - Re: [GNU-linux-libre] yes, this is great freedom problem, bill-auger, 2018/08/03
- Re: [GNU-linux-libre] yes, this is great freedom problem, bill-auger, 2018/08/02
  - Re: [GNU-linux-libre] yes, this is great freedom problem, Denis 'GNUtoo' Carikli, 2018/08/03
    - Re: [GNU-linux-libre] yes, this is great freedom problem, bill-auger, 2018/08/03
    - Re: [GNU-linux-libre] yes, this is great freedom problem, Denis 'GNUtoo' Carikli <=

Prev by Date: Re: [GNU-linux-libre] yes, this is great freedom problem
Previous by thread: Re: [GNU-linux-libre] yes, this is great freedom problem
Index(es):
- Date
- Thread