Public Money Public Code: a good policy for FSFE and other non-profits?

Daniel Pocock daniel at pocock.pro
Sat Jun 16 07:50:42 UTC 2018



On 15/06/18 16:45, Reinhard Müller wrote:
> Am 2018-06-15 um 12:12 schrieb Daniel Pocock:
>>> No proprietary software runs on any of FSFE's servers in userspace, and
>>> of course all software developed by FSFE staff or by contractors paid by
>>> FSFE is free software.
>>>
>> So what is Jonas referring to in his blog[1]?
> 
> I don't know whether he refers to a specific case at all. I read his
> blog post as a general consideration, and I can't find any mention of
> FSFE in there.
> 
> If you want to know what he refers to, did you consider asking him?
> 
> I hope you don't want to tell us that this blog post is the foundation
> on which you base your complains that FSFE uses proprieatary software??


It is not just about Jonas' blog post.  Some communication apps like
Skype and Twitter have been mentioned in various places.

For example, on the team list, there is message
1498121148.fd6avqk03q.mk at vita.none and some other messages in that
thread.  It is not clear whether anybody has it on FSFE or private
devices or not at all.

In this particular thread, another staff member, Erik, has written "I
propose you trust us that we use Free Software always and that this is
minimum 95%, including our phones, landlines, printers etc." and that
leaves open the question about the other 5%

I didn't try to write the motion with lots of little rules and things
because I was hoping people would approach the question maturely.  If
the motion is revised to focus on something like "staff computers" and
people reply that only the firmware is non-free but they don't tell us
they are using non-free apps on their personal mobile phones to do FSFE
stuff then they are not respecting the intention of the motion

The motion should also apply to firmware.  Think about some of the
following:

- printer firmware: many modern network printers are automatically
phoning home to their manufacturer to report about usage and download
updates.

- IP phones on your desk: how do you know the microphone can't be
switched on remotely if it runs non-free firmware?  In fact, such
exploits are well known

Some organizations even generate these reports (or the skeleton of the
report) automatically, extracting a list of all known MAC addresses from
their switches and access points, installing management agents on every
host with a function to detect all installed binaries and also observing
all network connections and correlating them back to the respective
binaries.  Such data could be cross referenced with checksums of trusted
binaries and the data could be annotated on a wiki page.

Regards,

Daniel




More information about the Discussion mailing list