Project

General

Profile

Bug #2482

[your-freedom] Include some signatures

temporaryuser - 17 days ago - . Updated 17 days ago.

Status:
unconfirmed
Priority:
bug
Assignee:
-
% Done:

0%


Description

your-freedom does not prevent installation of non‐free packages with changed names. It is better to include some signatures like anti‐malware software does (in most cases, bad licenses or missing license file in common paths).

History

#1

Updated by temporaryuser 17 days ago

By bad licenses I mean licenses of blacklisted packages, not licenses which are missing in slash usr slash share slash licenses slash common or licenses with unusual conditions like WTFPL.
Fix your dictionary, I cannot post it correctly.

#2

Updated by bill-auger 17 days ago

i really dont know what this suggestion is - it sounds like you
asking for some heuristics to try automatically "detecting"
non-free software - or maybe you mean to add the check-sums of
every package on the blacklist

the purpose of 'your-freedom' is not to prevent anyone from
installing the software that they want to use - it is there as a
warning to prevent installing non-free packages inadvertently,
while using pacman in the normal recommended way

if someone wants to install a blacklisted package, they can
rename the package ad rebuild it, or simply remove
'your-freedom' - either way it must been done intentionally; and
we want people to be able to do that - it is freedom #0 - but it
is not recommended or supported - the recommendation is to use
only software from the parabola repos; and anyone who does that
will never see any conflict with 'your-freedom'

#3

Updated by eschwartz 17 days ago

What's your proposal for implementing a "malware check" in pacman that would be capable of reading such signatures?

Moreover, I question the goal -- if some Parabola users are renaming the package in order to lie to the OS and install non-free packages, then maybe it would be wiser to advise them "stop using Parabola if you don't value its goals".

The your-freedom package empowers users to take control of their OS by recognizing packages which the user does not want. Its purpose is not to take away power from users by catching their attempts to circumvent the blacklist, and calling the metaphorical cops on them to punish them for their audacity.

#4

Updated by temporaryuser 17 days ago

It should detect any software which have license(s) found in other non‐free packages. Also check package source tree for binary files maybe.

#5

Updated by bill-auger 17 days ago

those are the things that the packager does - if people only install software from their distro repos, which is the wisest choice regardless of which distro you use, this becomes a non-issue

we do not want to prevent anyone from doing anything that they want to do with their computer - our goal is to help people avoid non-free software if that is what they want to do - the way to do that is to simply not install software from any other source, and let the distro maintainers focus on the software that is in the distro repos, and asking to get some new things into the repos if they are useful

Also available in: Atom PDF