[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [GNU-linux-libre] Help users to verify their downloads
|
From: |
Denis 'GNUtoo' Carikli |
|
Subject: |
Re: [GNU-linux-libre] Help users to verify their downloads |
|
Date: |
Fri, 22 Jun 2018 19:05:31 +0200 |
On Wed, 20 Jun 2018 13:17:36 -0400
Donald Robertson <address@hidden> wrote:
> Things that aren't really freedom
> issues, but are important for making sure everyone can get the best
> out of the program.
In my opinion it's somehow related as this makes sure the users gets
the correct binaries, which they can get the corresponding source code
from the distribution.
Having the ability for users to check if this is the case (either by
verifying the signatures or by taking advantage of reproducible builds)
enables certain users to check if the binaries and the source code
matches.
This increase the risk (of being caught) for the people
secretly modifying the binaries, which increase the
chance for user not checking the binary they download to get
non-secretly modified binaries.
> but I think we could make a much smaller document on the LibrePlanet
> wiki that could be similarly useful for distro maintainers.
That would be a very good idea.
I had in mind something similar with much broader scope, which would be
some comparison of free software distribution guidelines (FSDG)
compliant GNU/Linux distributions.
It would list some information such as:
- which architecture does the distribution support
- what are the minimum hardware requirements to use the distribution if
such information is available
- what mechanism are in place to make sure the binaries matches the
source code (signed releases, reproducible builds)
- What security systems it supports (selinux, apparmor)
- what kind of users it's targeted at (for instance Trisquel is meant
to be easy to use while Parabola is for advanced users or people
that want to learn to become advanced users)
- if the distribution is self-hosted or not and what kind of usages
or machines it's targetted at (proteanoOS and libreCMC)
- what kind of release system (rolling releases, stables releases)
Would such thing be welcome on the Libreplanet wiki?
Denis.
pgp2SuLrHw4J7.pgp
Description: OpenPGP digital signature
- [GNU-linux-libre] Help users to verify their downloads, Donald Robertson, 2018/06/18
- Re: [GNU-linux-libre] Help users to verify their downloads, Ludovic Courtès, 2018/06/20
- Re: [GNU-linux-libre] Help users to verify their downloads, Donald Robertson, 2018/06/20
- Re: [GNU-linux-libre] Help users to verify their downloads,
Denis 'GNUtoo' Carikli <=
- Re: [GNU-linux-libre] Help users to verify their downloads, Dmitry Samoyloff, 2018/06/25
- Re: [GNU-linux-libre] Help users to verify their downloads, bill-auger, 2018/06/25
- Re: [GNU-linux-libre] Help users to verify their downloads, Jean Louis, 2018/06/25
- Re: [GNU-linux-libre] Help users to verify their downloads, bill-auger, 2018/06/25
- Re: [GNU-linux-libre] Help users to verify their downloads, Jean Louis, 2018/06/25
- Re: [GNU-linux-libre] Help users to verify their downloads, Patrick McDermott, 2018/06/25
- Re: [GNU-linux-libre] Help users to verify their downloads, Jean Louis, 2018/06/26
Re: [GNU-linux-libre] Help users to verify their downloads, Patrick McDermott, 2018/06/25