* __Free software__ licenses (share alike), so million/billion dollar interests can’t invest millions/billions to wall them off and enclose them. https://twitter.com/glynmoody/status/1007381144302768128 … https://twitter.com/glynmoody/status/1007381144302768128 …https://twitter.com/glynmoody/status/1007381144302768128 …
-
-
Help me understand something. Whether free as in libre or open source/GNU license, it seems to me there's a growing threat & problem in open repos. nodeJS & Docker have both been recently compromised with miners/back doors. No digsigs to guarantee source integrity.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Some software I use is GNU licensed. Take WinSCP. The developer of that software signs his binaries with a legit x509 PKI certificate. I check the sig before executing binary. But he seems to be in minority. Do open source or free-as-in-libre devs reject digisigs on principle?pic.twitter.com/Yo5Z5Z85HU
-
Packages in repositories of popular Linux distributions are generally digitally signed. There's no rejection on principle, as far as I know. Can't think of a reason why there would be. I'd say convenience or lack of awareness are the major reasons to not use signed software.
-
Thanks that makes sense. Coming from a Microsoft background where it's easy to digitally sign your code and therefore have confidence in its integrity, I've found it difficult to transition to open repos that house code not usually signed
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.