Hans-Christoph Steiner @eighthave@librem.one

@jnthnkl Sapio looks great! I guess it should serve as a replacement for https://plexus.techlore.tech/ Is there a public API available for this data? It would be quite useful. For example, an fdroid-compatible repo could use it when reviewing new apps for inclusion. In that case, the data should also include the Version Code in addition to the Application ID.

@uniqx this looks like it should be your next mobile device: look a phone with a trackpoint!

Its cool to see more and more apps using #MabLibre. It used to be so many apps just used #Google for maps and then just failed on #GoogleFree devices. For example, I just downloaded a city's bike sharing app made by a mega corp, and it uses MabLibre so works fine without Play Services. My experience used to be that all the navigation apps required Google.

I live near a branch of the #Danube and have seen beavers a couple of times. It is great to see them coming back. I didn't realize how dire the situation was: the population was done to 1200 a century ago https://cartographymaster.eu/wp-content/uploads/2019/07/Beinder.jpg

@argv_minus_one Do you have a reference on that? It doesn't line up with my understanding. For example, Mozilla does not say anything like that in their criticism back in May, and it seems that things have improved since then https://blog.mozilla.org/netpolicy/2023/05/15/mozilla-weighs-in-on-the-eu-cyber-resilience-act/

Ok, my final struggle was getting #GnuPG to switch to the new #smartcard. It seems that GnuPG was architected around a single smartcard per private key. Seems fine as a recommendation, but problematic as a strict requirement. It seems that GnuPG 2.4 has changed this, but I don't know the details.

Here's my switch scripted hack:
https://gitlab.com/-/snippets/3638931

@argv_minus_one
Then if an employee wants to contribute to external free software that the company does not use at all then the shouldn't be liable for that software since they don't have any related commercial activity. It seems to me that work outside of commercial activity are exempt.

I worry about a key piece of the F-Droid funding model: we often get grants to improve #FDroid, so the contributors who work on F-Droid pieces under contract might be liable. That's where I'm still unclear

2/

@argv_minus_one That seems like an extreme take on it. Have you heard any companies officially saying something like that? Companies are already setup to handle liability for many things, so if a company is liable for the software they create, and their software requires external free software, why would they now stop contributing to that external free software? They would be liable for it anyway, if their products require it. 1/

@debian I'm still concerned but the Python Software Foundation's post about the #EU's Cyber Resilience Act (#CRA) makes me optimistic that it could work for #FreeSoftware. I do agree with the core idea that #commercial #software companies should be held more accountable than they currently are. The key is getting it just right so that anyone can write whatever free software they feel like writing, and share it on the internet, without having to get a lawyer first.

https://pyfound.blogspot.com/2024/01/CRA-update.html

@hko that is great, we need tools like this. That is the easiest way currently to make a simple UX. I still hope that the core tools can be improved to provide a simple UX, that is much harder and takes longer. https://github.com/johndoe31415/hsmwiz is another #smartcard tool like that.

@jr yes backups are essential! I maintain an offline backup in a separate physical location from both where I live and where work.

Just migrated my #offline #gnupg and #ssh key setup to a new #smartcard. This only took about 8 hours whereas when I last did this in 2015, it took much longer. I guess this is a sign of process! But these things are still too painful. At least now, the software just works right out of #Debian.