[Discussion] Non-free software points of entry

Keeping one's sources.list clear of non-free repositories is no guarantee that one's system will remain free of proprietary software. I have often avoided third party package installers for this reason. If it doesn't come from a Debian mirror, with deb-src available, or if I haven't compiled it from source myself, then I want nothing to do with it. Here are some common vectors:

• Mozilla addons (AMO)
• Other Firefox bits
• Webpage-supplied javascript
• Python Pip
• Ruby Gems

• Rust cargo crates?
• Gnome extensions?
• Kernel modules?
• (Many more that are not at the forefront of my memory)

Some of these are grey area. For example, do we count projects which simply forgot to supply a license as proprietary? As in the Gem example, do accidental inclusions of proprietary software merit distrusting the repo? Interpreted languages, by design must supply source code, so it is only proprietary in legality. But what of interpreted code that is minified or obfuscated in some way? Or what of software that is properly libre but still is textbook malware designed with intent to abuse those who run it?

Statistics: Posted by Uptorn — 2024-02-13 18:05 — Replies 0 — Views 30

---