Hans-Christoph Steiner @eighthave@librem.one

Do you write #Python programs that use #Git? Would you like a dead simple method for fetching public untrusted git repos in the most secure method possible? That's what we've put together in this pull request:

https://github.com/gitpython-developers/GitPython/pull/2029

If that is interesting to you, please try it out, give feedback, give it a thumbs up, etc.

#security #PullRequest #GitPython #GitHub #GitLab

@ret @fdroidorg We have never even tried to please everyone because it is clearly impossible. Thinking about the user helps deal with the world as it is. Let's take your example to show how difficult and gray this is: clearly the LGBTQ users in Saudi want privacy. If Saudi bans F-Droid and arrests users because of that app, did we best serve your example user? If F-Droid has a neutral reputation, provides strong privacy and decentralized access to apps, would your example user be better served?

@muntashir @Epic_Null @emaksovalec @IzzyOnDroid You're right, F-Droid does really need to think about the definition of users we use and stick to it. It turns out, we have been doing a lot of that since the beginning. We do it in public and welcome all constructive engagement. For example, on the topic of app inclusion:

https://f-droid.org/2022/11/23/why-curation-and-decentralization-is-better-than-millions-of-apps.html

For discussions, check the currently active https://forum.f-droid.org or https://gitlab.com/fdroid or even archive, like from 2012 https://f-droid.org/forums/post/1301/index.html

@Epic_Null @muntashir @emaksovalec wow you really nailed it! Thanks for this, it gave me quite a needed boost to continue working on F-Droid.

@cryptax 🤣 😭 here's an insane visual to your post:

https://youtu.be/watch?v=Xvs0K1LG1ac

@cryptax yeah, I have that feeling too, and I'm a Debian Developer even. Its a tricky balance. Debian takes a free-software-first stance and tries to push all work upstream as much as possible. That means in the short term, many devices are less polished. Ubuntu and Mint put a lot of effort to polish their own releases by including customizations and quirks in their forks. That means they have more polish, but means wasted effort in the long term. It is a tricky thing to balance.

@nobody @signalapp GNU is still central to GNU/Linux and GNU/Linux is central to building Android, GrapheneOS, Debian, Tails, Qubes, etc. Even macOS ships GNU. Maintenance counts. Don't forget maintenance.

Then like you said GNU Guix is leading the charge on strictly bootstrapable systems. And GNU Taler is leading the charge on privacy-respecting digital currencies, like real ones that aren't based on scams.

@nobody @signalapp
They said "GNU and FSF promote a bunch of highly insecure operating systems and products which causes real harm to users"

Without GNU and FSF's decades long fight for real free software, we'd be stuck with Microsoft and Apple for our "secure" options. GNU made Linux possible, made Android possible, made Qubes and Tails possible, etc. If you care about getting to real security, where everything is free software that can be inspected, then supporting efforts like FSF is key

@nobody @signalapp It happened because GrapheneOS claims to do everything for security, but then, dismisses projects that aim to replace binary blobs with free software. So perhaps they did not literally say what I wrote, but that's my synopsis of their logic, as far as I can follow it. I know of no standard to audit binary blobs with any reliability. Moxie was also never a believer in free software, his hand was forced by OTF to make Signal free. It was a requirement to receive funding.

I think words are not my native language. People often ask me, what language do I dream in. I just realized: not words. Imagery, emotions, feelings, sounds, actions.

I have the feeling I'm permanently lost in translation 😉

Wow the #enshittification cycle in #AI companies like #OpenAI and #Meta is going fast. Now they're going into dependence-inducing adult content and "sensual" chatbots for kids. How low will they go?
https://x.com/AskPerplexity/status/1978492956869828613

@jae @rms That's exactly what the FSF Librephone project is trying to build: a phone that RMS would recommend. They are going to take LineageOS, find the device they can most easily replace all the binary blobs, and start working on that one.

It seems y'all are really missing the point of the FSF in general and its librephone project. They are working to replace binary blobs with free software. I recommend reading their project description:

https://www.fsf.org/news/librephone-project

Why on earth are big #copyright companies so shitty? #Sony #MPAA etc etc. They think they are totally justified to just hit internet service providers with mostly wrong #AIslop infringement notices and have those ISPs do mass service cancellations. All because they need to defend their outdated broken business model that is hostile to digital media and the internet

#Cox is also a pretty bad company, but I'm very happy to support them as they are fighting this in court

https://arstechnica.com/tech-policy/2025/10/sony-tells-scotus-that-people-accused-of-piracy-arent-innocent-grandmothers/

@moshimotsu there is a very good reason why security audits are done on source code. Yes, observing behavior is important. Then when one has the source code, one can follow up and confirm the exact behavior. With a binary blob, that is not feasible.