Re: Practical suggestions for resolving the Brazilian problem
Date: Thu, 05 Mar 2026 14:39:06 UTC
The 'thesmartski' from X implemented some simple workaround: - https://x.com/thesmartski/status/2029116808066646416 Regards, vermaden Temat: Practical suggestions for resolving the Brazilian problem Data: 2026-03-05 13:32 Nadawca: "Vincent Bentley" <vince@vincentbentley.co.uk> Adresat: freebsd-pkg@freebsd.org; >> Originally posted to forum: > https://forums.freebsd.org/threads/practical-suggestions-for-resolving-the-brazilian-problem.101913/#post-748010 > > I am not conversant in Portuguese so I don't know if this is already > being discussed on the Brazilian list. I apologise if this is already > being dealt with. > > On March 17, 2026 the Brazilian government will be enforcing a new law > that requires age verification of the users of a computer operating > system. This thread is to discuss how the FreeBSD developers could > resolve this problem within the next 11 days. Please add your own ideas > and pick apart any/all that have been posted. > > Summary in English > https://fpf.org/wp-content/uploads/2025/12/Issue-Brief-Brazils-Digital-ECA.pdf > > 1. Geo-block Brazil from image downloads and from pkg repositories. > This is an extreme solution that will alienate the Brazilian user > community, but it is the quickest to achieve given the lack of time. > > 2. Modify pkg so that it can accurately geo-locate by the public IP address. > If a Brazilian IP address is detected, pkg requests the email address of > a human installer over the age of 18 that is responsible for the system. > Pkg will no longer install or update until a token received by email > from pkgtoken@freebsd.org is entered into pkg. > > Pkg will also have to state on every execution that the FreeBSD package > repo is for 18+ users only and it is the responsibility of the system > administrator not to permit use of the system by minors. All existing > FreeBSD systems will remain usable in a pre-enforcement date state. > However, they will not be able to update until the sysadmin confirms to > pkg that the system is for 18+ users only. If the public IP address > changes, pkg will have to request a new authorisation token to continue. > This is the only way to deal with geo-locating dynamic IP or portable > systems that are travelling (visiting laptops). > > The authorisation token does not need to be individual to the machine. > A simple method of using a token matching the last 8-bits of an IPv4 or > IPv6 address is good enough. Every quarter, regenerate those 256 tokens > and save them on a private system area of the package repo. An already > authorised pkg will automatically rollover to the new token without > human intervention. Yes, someone could map the bit to token assignments > every quarter and publish them, but the new pkg program must save the > email address and display it every time pkg is run. Whoever runs package > will see the email address that was used to obtain the token. > > If a fake email address is used with published tokens, then the > Brazilian authorities have the problem of identifying the sysadmin and > the token publisher. The sysadmin becomes the criminal. > > Pkg gets updated every quarter to recognise the new set of 256 tokens > used by the FreeBSD repo. If pkg is used in Brazil without a valid token > it fails safe (legally, not functionally) by not updating and not > installing software until a sysadmin has submitted an email address to > receive an unlock token. > > If pkg is used against a private repo, such as a Poudriere built repo, > then no email address or token checking is required. Whoever operates > the Poudriere repo is the software distributor. > > -Vince- > >