[Bug 224526] [security][feature suggestion] Closed source binaries need to be labeled in ports, and explicitly allowed by users

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=224526

Adam Weinberger <adamw at FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |adamw at FreeBSD.org
             Status|New                         |Closed
         Resolution|---                         |Rejected

--- Comment #3 from Adam Weinberger <adamw at FreeBSD.org> ---
No. FreeBSD has never defaulted things to off. Users can reject things, and our
LICENSE framework supports that as Jan mentioned, but we NEVER default to
restricting things and make users opt in.

Binary blobs are only vaguely riskier than things compiled by source. The
reason for this is that most users don't care at all what's in the source code.
If they are paranoid enough to care, they can look up the upstream source,
realize it's not available, and then choose not to install the port.

The idea that users who are savvy enough not to trust binary blobs would be
unable to determine whether a port is using a binary blob is just completely
incongruent.

1password-client can only be used to access 1password vaults. 1password vaults
can only be created by 1password desktop or web clients, and all of those are
closed source too. Those users have already bought into closed source,
literally as it costs money.

-- 
You are receiving this mail because:
You are on the CC list for the bug.