It wouldn't matter on Android either as there is no mechanism to test the .apk or .dex of an open-source app on the "Play Store" against the repository build's SHA-1.<div><br></div><div>Or is there?<br><div>
<br><div>--Cameron<a href="http://ghostfreeman.net" target="_blank"></a><br>
<br><br><div class="gmail_quote">On Fri, Mar 16, 2012 at 2:24 PM, Tim Watts <span dir="ltr"><<a href="mailto:tim@cliftonfarm.org">tim@cliftonfarm.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I thought Apple's "good reason" for the AppStore restriction was that<br>
you knew you were getting safe software from a reliable source. So the<br>
price you paid in your freedom was supposed to be worth it. Turns out,<br>
not so much. Turns out, the cost to your freedom is mainly for Apple's<br>
profits. Now this still doesn't necessarily make FOSS safer but if I<br>
wanted an app and I knew of a FOSS version that I trusted but wasn't<br>
available on the AppStore then too bad for me.<br>
<div class="HOEnZb"><div class="h5"><br>
<br>
On Fri, 2012-03-16 at 14:02 -0400, James Sumners wrote:<br>
> Which all boils down to exactly what I said. Either ignore installing<br>
> third party software altogether, or do the best you can with the time<br>
> you have. The argument that open source is safer because you,<br>
> yourself, can look at the code before installing it is ludicrous. If<br>
> you have the time to do that for _every_ piece of software you<br>
> install, then you must not be doing anything else.<br>
><br>
> On Fri, Mar 16, 2012 at 13:42, <a href="mailto:mike@trausch.us">mike@trausch.us</a> <<a href="mailto:mike@trausch.us">mike@trausch.us</a>> wrote:<br>
> > On 03/16/2012 01:29 PM, James Sumners wrote:<br>
> >> It has applications that are shipped with it. And you can use webapps<br>
> >> all day long. You don't _have_ to use the AppStore. But if you do use<br>
> >> it, then you still have to decide if you trust the developer. If you<br>
> >> install something that seems scummy in the description (poorly<br>
> >> translated descriptions, bad reviews, etc.) then that's on you. It<br>
> >> isn't the fault of anyone, or anything, else.<br>
> ><br>
> > And what if you install a highly-rated, seemingly legitimate app that<br>
> > does things that you aren't aware of because you have no way to possibly<br>
> > be aware of them?<br>
> ><br>
> > There are security concerns with any application software on any<br>
> > platform or device that are a mile long and simply cannot be addressed<br>
> > by the average user. These problems will likely never go away, unless<br>
> > the entire world moves to a model where the source code for all software<br>
> > becomes generally available. And even then, you have the problems that<br>
> > were discussed in “Reflections on Trusting Trust” (a very worthwhile<br>
> > read if you haven't), making it almost completely impossible to sanely<br>
> > be able to settle on any level of trust in software. One would have to<br>
> > take a copy of a (as Thompson calls it) "bugged" binary and examine it<br>
> > on a system that is known to not be bugged.<br>
> ><br>
> > I don't know about you, but I don't have the means to create a<br>
> > completely isolated environment in which to be able to assert such<br>
> > levels of trust. At least not yet; it would be possible to do but it<br>
> > would not be really doable without a great deal of time, effort and money.<br>
> ><br>
> > And even then, who would be insane enough to trust anyone else to create<br>
> > such a thing for them? :-)<br>
> ><br>
> > --- Mike<br>
> ><br>
> > --<br>
> > A man who reasons deliberately, manages it better after studying Logic<br>
> > than he could before, if he is sincere about it and has common sense.<br>
> > --- Carveth Read, “Logic”<br>
> ><br>
> ><br>
> > _______________________________________________<br>
> > Ale mailing list<br>
> > <a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
> > <a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
> > See JOBS, ANNOUNCE and SCHOOLS lists at<br>
> > <a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
> ><br>
><br>
><br>
><br>
<br>
</div></div><br>_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
<br></blockquote></div><br></div></div></div>