Hans-Christoph Steiner @eighthave@librem.one

Do you write #Python programs that use #Git? Would you like a dead simple method for fetching public untrusted git repos in the most secure method possible? That's what we've put together in this pull request:

https://github.com/gitpython-developers/GitPython/pull/2029

If that is interesting to you, please try it out, give feedback, give it a thumbs up, etc.

#security #PullRequest #GitPython #GitHub #GitLab

@ret @fdroidorg We have never even tried to please everyone because it is clearly impossible. Thinking about the user helps deal with the world as it is. Let's take your example to show how difficult and gray this is: clearly the LGBTQ users in Saudi want privacy. If Saudi bans F-Droid and arrests users because of that app, did we best serve your example user? If F-Droid has a neutral reputation, provides strong privacy and decentralized access to apps, would your example user be better served?

@muntashir @Epic_Null @emaksovalec @IzzyOnDroid You're right, F-Droid does really need to think about the definition of users we use and stick to it. It turns out, we have been doing a lot of that since the beginning. We do it in public and welcome all constructive engagement. For example, on the topic of app inclusion:

https://f-droid.org/2022/11/23/why-curation-and-decentralization-is-better-than-millions-of-apps.html

For discussions, check the currently active https://forum.f-droid.org or https://gitlab.com/fdroid or even archive, like from 2012 https://f-droid.org/forums/post/1301/index.html

@Epic_Null @muntashir @emaksovalec wow you really nailed it! Thanks for this, it gave me quite a needed boost to continue working on F-Droid.

@cryptax 🤣 😭 here's an insane visual to your post:

https://youtu.be/watch?v=Xvs0K1LG1ac

@cryptax yeah, I have that feeling too, and I'm a Debian Developer even. Its a tricky balance. Debian takes a free-software-first stance and tries to push all work upstream as much as possible. That means in the short term, many devices are less polished. Ubuntu and Mint put a lot of effort to polish their own releases by including customizations and quirks in their forks. That means they have more polish, but means wasted effort in the long term. It is a tricky thing to balance.

@nobody @signalapp GNU is still central to GNU/Linux and GNU/Linux is central to building Android, GrapheneOS, Debian, Tails, Qubes, etc. Even macOS ships GNU. Maintenance counts. Don't forget maintenance.

Then like you said GNU Guix is leading the charge on strictly bootstrapable systems. And GNU Taler is leading the charge on privacy-respecting digital currencies, like real ones that aren't based on scams.

@nobody @signalapp
They said "GNU and FSF promote a bunch of highly insecure operating systems and products which causes real harm to users"

Without GNU and FSF's decades long fight for real free software, we'd be stuck with Microsoft and Apple for our "secure" options. GNU made Linux possible, made Android possible, made Qubes and Tails possible, etc. If you care about getting to real security, where everything is free software that can be inspected, then supporting efforts like FSF is key

@nobody @signalapp It happened because GrapheneOS claims to do everything for security, but then, dismisses projects that aim to replace binary blobs with free software. So perhaps they did not literally say what I wrote, but that's my synopsis of their logic, as far as I can follow it. I know of no standard to audit binary blobs with any reliability. Moxie was also never a believer in free software, his hand was forced by OTF to make Signal free. It was a requirement to receive funding.

I think words are not my native language. People often ask me, what language do I dream in. I just realized: not words. Imagery, emotions, feelings, sounds, actions.

I have the feeling I'm permanently lost in translation 😉