[Community] Trust and Google

Ryan de Laplante (personal) ryan at ryandelaplante.ca
Sun Aug 10 15:44:51 CEST 2014


The Replicant mailing list might be a better place to ask your first
question.

I don't have an answer for your second question, but maybe more computer
programmers should make a point of choosing a FOSS project near and dear
to their heart and volunteer their time auditing it. They could audit
the existing code, every future commit and release binaries found in
package managers.  They'd have to know how to do security audits before
starting.



On 10/08/14 06:17 AM, wonderphone at posteo.de wrote:
> Hi all,
> 
> it looks like I killed the conversation. I hope it is due to the
> "holiday season" and not because I stepped on somebodies feet.
> 
> Have a nice sunday,
> 
> Oliver
> 
> 
> Am 03.08.2014 19:19 schrieb wonderphone at posteo.de:
>> Hi all,
>>
>> A German computer magazine is doing a little series on how to get rid
>> of Google on ones Android Smartphone. But still some questions remain
>> open.
>>
>> - Even with CyanogenMod it is not possible to cut ties with Google
>> completely. Even if you uninstall the Play store, deactivate automatic
>> search for updates, use an alternative browser, the OS still checks
>> its connection to the Internet by contacting a Google server. Does
>> Replicant do this, too, or have Paul or Denis managed to convince
>> Replicant to stop it?
>>
>> - Some of the editors also explain their preferred degree of
>> independence from Google and how they achieve it. Axel Kossel writes
>> (c't 2014, 13, p.116) that he took it as a challenge to eliminate most
>> of Google connectivity by hand on his own. That is one strategy among
>> the understandable ones but what I find striking is that he explicitly
>> distrusts custom ROMs and software repositories other than Google
>> Play. His argument is that he doesn't know anything about the authors
>> and their motives. --> My question: Is this a reasonable point and if
>> yes, what can we do to have a water-tight chain of trust without
>> exposing the private life and secret thoughts of the OpenPhoenux OS
>> developers? I understand that we have signed binaries from signed
>> source code and with the commits from the Git software there should be
>> not gap in the chain. But can we be really sure that the code really
>> does what it is supposed to? Can we really take its harmlessness for
>> granted just because it is open source?
>>
>> Thank you for your insights
>>
>> Oliver
>> _______________________________________________
>> Community mailing list
>> Community at openphoenux.org
>> http://lists.goldelico.com/mailman/listinfo.cgi/community
>> http://www.openphoenux.org
> _______________________________________________
> Community mailing list
> Community at openphoenux.org
> http://lists.goldelico.com/mailman/listinfo.cgi/community
> http://www.openphoenux.org



More information about the Community mailing list