Free Software security vulnerabilities: Heartbleed and other case studies?

Adonay Felipe Nogueira adfeno at
Sat Jul 29 23:37:26 UTC 2017


I don't have much to share, but suspect that these types of issues can
be best solved if the following is avoided:

- Bundling.

- Customization without sending improvements to upstream.

- Reinventing the wheel.

- Containers.

This list was made based on
(licensed under CC BY-SA 4.0) and
[[]] (no
license: default copyright license).

Interestingly, the GNU Guix project
([[]]) tries to avoid all the things
listed so far.

Also I would add that the following must also be avoided:

- Digital handcuffs. This includes Restricted Boot, which is different
  from the benign Secure Boot
  ([[]]). This
  is desirable to avoid because the user himself cannot (not "can't")
  update the system as he would wish to, because only the manufacturer's
  "trusted" operating system is accepted by the device. Even worse, the
  manufacturer might not even be allowed to do such updates because the
  carrier/front-provider might have been the only one that implemented
  Restricted Boot, not the manufacturer.

- [[]]
- Palestrante e consultor sobre /software/ livre (não confundir com
- "WhatsApp"? Ele não é livre, por isso não uso. Iguais a ele prefiro
  GNU Ring, ou Tox. Quer outras formas de contato? Adicione o vCard
  que está no endereço acima aos teus contatos.
- Pretende me enviar arquivos .doc, .ppt, .cdr, ou .mp3? OK, eu
  aceito, mas não repasso. Entrego apenas em formatos favoráveis ao
  /software/ livre. Favor entrar em contato em caso de dúvida.

More information about the Discussion mailing list