[ale] Cory Doctorow, right again

Cameron Kilgore ghostfreeman at gmail.com
Fri Mar 16 14:40:00 EDT 2012


It wouldn't matter on Android either as there is no mechanism to test the
.apk or .dex of an open-source app on the "Play Store" against the
repository build's SHA-1.

Or is there?

--Cameron <http://ghostfreeman.net>


On Fri, Mar 16, 2012 at 2:24 PM, Tim Watts <tim at cliftonfarm.org> wrote:

> I thought Apple's "good reason" for the AppStore restriction was that
> you knew you were getting safe software from a reliable source.  So the
> price you paid in your freedom was supposed to be worth it.  Turns out,
> not so much.  Turns out, the cost to your freedom is mainly for Apple's
> profits.  Now this still doesn't necessarily make FOSS safer but if I
> wanted an app and I knew of a FOSS version that I trusted but wasn't
> available on the AppStore then too bad for me.
>
>
> On Fri, 2012-03-16 at 14:02 -0400, James Sumners wrote:
> > Which all boils down to exactly what I said. Either ignore installing
> > third party software altogether, or do the best you can with the time
> > you have. The argument that open source is safer because you,
> > yourself, can look at the code before installing it is ludicrous. If
> > you have the time to do that for _every_ piece of software you
> > install, then you must not be doing anything else.
> >
> > On Fri, Mar 16, 2012 at 13:42, mike at trausch.us <mike at trausch.us> wrote:
> > > On 03/16/2012 01:29 PM, James Sumners wrote:
> > >> It has applications that are shipped with it. And you can use webapps
> > >> all day long. You don't _have_ to use the AppStore. But if you do use
> > >> it, then you still have to decide if you trust the developer. If you
> > >> install something that seems scummy in the description (poorly
> > >> translated descriptions, bad reviews, etc.) then that's on you. It
> > >> isn't the fault of anyone, or anything, else.
> > >
> > > And what if you install a highly-rated, seemingly legitimate app that
> > > does things that you aren't aware of because you have no way to
> possibly
> > > be aware of them?
> > >
> > > There are security concerns with any application software on any
> > > platform or device that are a mile long and simply cannot be addressed
> > > by the average user.  These problems will likely never go away, unless
> > > the entire world moves to a model where the source code for all
> software
> > > becomes generally available.  And even then, you have the problems that
> > > were discussed in “Reflections on Trusting Trust” (a very worthwhile
> > > read if you haven't), making it almost completely impossible to sanely
> > > be able to settle on any level of trust in software.  One would have to
> > > take a copy of a (as Thompson calls it) "bugged" binary and examine it
> > > on a system that is known to not be bugged.
> > >
> > > I don't know about you, but I don't have the means to create a
> > > completely isolated environment in which to be able to assert such
> > > levels of trust.  At least not yet; it would be possible to do but it
> > > would not be really doable without a great deal of time, effort and
> money.
> > >
> > > And even then, who would be insane enough to trust anyone else to
> create
> > > such a thing for them?  :-)
> > >
> > >        --- Mike
> > >
> > > --
> > > A man who reasons deliberately, manages it better after studying Logic
> > > than he could before, if he is sincere about it and has common sense.
> > >                                   --- Carveth Read, “Logic”
> > >
> > >
> > > _______________________________________________
> > > Ale mailing list
> > > Ale at ale.org
> > > http://mail.ale.org/mailman/listinfo/ale
> > > See JOBS, ANNOUNCE and SCHOOLS lists at
> > > http://mail.ale.org/mailman/listinfo
> > >
> >
> >
> >
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20120316/8aef47cc/attachment.html 


More information about the Ale mailing list