[guardian-dev] Lil' Debi criticism

Paul Sokolovsky pmiscml at gmail.com
Thu Feb 23 21:08:11 EST 2012


Copied from
Please take it easy ;-). Thanks.

Ok, so the problem with this is that they ship binary blobs in VCS:
https://github.com/guardianproject/lildebi/tree/master/assets . What’s
even more worrying is that they ship binary blobs of unknown origin,
because they don’t tell where they got them form (except for “from
Kevin”, which sound really reassuring). As it’s all about Debian, one
could imagine that they downloaded .deb’s, exploded them and put binary
executables in assets dir. But again, they don’t bother to tell that,
which leads to thoughts do they consider their users worthy of such
information, which is even more worrying considering that that app
comes from guardianproject.info, which is all about personal awareness
and protection, blah-blah

And if they really cared about free software, their users, and
awareness, they would instead of raw binaries provide a script which
would download/explode .deb’s during the build, so user could fully
reproduce the build and be 100% sure binaries come from the intended

Best regards,
 Paul                          mailto:pmiscml at gmail.com

More information about the Guardian-dev mailing list