[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNU-linux-libre] clients which necessarily execute non-free remote blob
From: |
bill-auger |
Subject: |
[GNU-linux-libre] clients which necessarily execute non-free remote blobs |
Date: |
Tue, 13 Apr 2021 13:36:05 -0400 |
On Tue, 13 Apr 2021 00:51:36 -0400 Richard wrote:
> Let's not continue arguing about this, please.
> There isn't a problem here we need to do anything about.
> Let's not let it eat up our time.
i believe that you misunderstood the question - i have a habit
of poorly choosing the thread subject - AFAIK, this question has
never been discussed in this list; and i do not expect to be
time consuming - i will not argue a single word, if you simply
give your advice once
this question is not about complex copyright or patent laws, nor
any specific program - it is only about _your_ definition of
freedom #1: the ability to inspect code before executing it
the scenario is the binary equivalent of this program:
while sleep 1
do curl authors.host/nonfree.sh | bash || exit
done
where:
* the fetch URL is hard-coded into the binary
* nonfree.sh is generated dynamically upon each request
* executing the non-free code is not optional,
but intrinsic to the program's operation
although the released client is 100% free software, the behavior
of the binaries are effectively non-free, because it is
impossible for the user to inspect all of the code executing on
the local machine - surely, this falls short of freedom #1
users of that binary are most likely to be unaware of this
"trojan horse" or "back-door" feature; and regardless, they would
need to modify the source code and re-compile, in order to
inspect the incoming ephemeral code - even so, that ephemeral
code is likely to be an opaque or obfuscated blob
i think that the FSDG already requires such a feature to be
optional (for example, by making the fetch URL to be
user-configurable, and empty by default) - i am only asking for
confirmation, of what seems to be a subtle, yet definite
restriction of freedom #1, in the distributed binaries
ie: shouldn't users expect that all executables, will _not_
necessarily execute non-free code?
- Re: [GNU-linux-libre] telegram clients, (continued)
- Re: [GNU-linux-libre] telegram clients, bill-auger, 2021/04/17
- Re: [GNU-linux-libre] Proposal to revise FSDG to exclude SaaSS-only software clients, Jean Louis, 2021/04/12
- Re: [GNU-linux-libre] Proposal to revise FSDG to exclude SaaSS-only software clients, Richard Stallman, 2021/04/13
- Re: [GNU-linux-libre] Proposal to revise FSDG to exclude SaaSS-only software clients, Jean Louis, 2021/04/13
- Re: [GNU-linux-libre] Proposal to revise FSDG to exclude SaaSS-only software clients, Jean Louis, 2021/04/13
- Re: [GNU-linux-libre] Proposal to revise FSDG to exclude SaaSS-only software clients, Richard Stallman, 2021/04/14
- Re: [GNU-linux-libre] Proposal to revise FSDG to exclude SaaSS-only software clients, Jean Louis, 2021/04/14
- Re: [GNU-linux-libre] Proposal to revise FSDG to exclude SaaSS-only software clients, Martin, 2021/04/16
- Re: [GNU-linux-libre] Proposal to revise FSDG to exclude SaaSS-only software clients, Jean Louis, 2021/04/16
- Re: [GNU-linux-libre] telegram clients, Richard Stallman, 2021/04/13
- [GNU-linux-libre] clients which necessarily execute non-free remote blobs,
bill-auger <=
- Re: [GNU-linux-libre] clients which necessarily execute non-free remote blobs, bill-auger, 2021/04/13
Re: [GNU-linux-libre] Proposal to revise FSDG to exclude SaaSS-only software clients, Jean Louis, 2021/04/12
Re: [GNU-linux-libre] Proposal to revise FSDG to exclude SaaSS-only software clients, Adonay Felipe Nogueira, 2021/04/14