[Dev] Parabola infrastructure server and its hosting.
Denis 'GNUtoo' Carikli
GNUtoo at no-log.org
Sat Mar 19 11:04:58 GMT 2016
Since we have:
-> Highly insecure packages (they are compiled and uploaded by
individual developers, including arch developers).
-> VM issues.
-> Bandwidth and server load issues.
Why not asking some entity like the FSF for a server to build the
packages and host parabola's infrastructure (the bug tracker for
Since the FSF is located in the US:
-> We can trust the FSF
-> We might not want to trust US's law regarding surveillance.
-> Our packages would have to abide absurd laws such as the DMCA, so we
would probably need to host packages like libdvdcss outside of the
-> Since software patents are now very weak in the US, we might want
not to remove functionality known to be risky patent-wise.
-> We also might want to contact the FSF and/or the SFLC for the legal
 Assuming we trust all Parabola developers, that means that the
developer(s) with the weakest security can be used as a vector to
compromise all parabola users. Sometimes that can be dead easy.
 We can suppose that at least some of the arch developers run
proprietary software on the machine they used to build the packages
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the Dev