Software Freedom Conservancy

[RSS] Conservancy Blog

Displaying posts tagged Reproducible Builds

Conservancy News Round-up

by Deb Nicholson on May 28, 2019

May is for code releases! Check out these videos, blog posts from member projects, code releases and upcoming events.

Recent Videos and Podcasts

Deb's talk on Free Software/Utopia is up, on the Free software Foundation's MediaGoblin server.

Deb was also the guest of honor on Libre Lounge, Episode 19: Community Development with Deb Nicholson. Thanks to Chris and Serge for their dedication to free software and to Conservancy's work!

On Free as in Freedom, Karen and Bradley discuss two additional permissions that can be used to “backport” the GPLv3 Termination provisions to GPLv2 — the Kernel Enforcement Statement Additional Permission, and the Red Hat Cooperation Commitment.

Our Member Projects Have Been Busy

This summer's Outreachy interns were announced. "Congratulations to the 43 interns accepted to the Outreachy May 2019 to August 2019 round!"

phpMyAdmin -- along with several other Conservancy projects -- are excited about participating in Outreachy this round.

MicroBlocks presented at ROBOLOT, an educational robotics conference held in Catalan. The video of their panel is about 75% Catalan and 25% English, so feel to skip around or brush up on your Catalan.

The Godot team attended GDC, aka the "Game Developers Conference" in San Francisco reported on their improved name recognition at this year's event.

The folks at Reproducible Builds, shared" that security and software supply chain attacks were in the news and that this was a busy month for their distro work.

Some recent code releases:

Etherpad merged in a big chunk of code to improve recovery from brief server outages. "The resulting code is 15% smaller than before, and is also much easier to comprehend."

What's coming up?

Catch up with staff:

Karen keynotes sambaXP on June 5th at 10:15 local time in Göttingen, Germany.

Bradley will be at the Ninth Annual RacketCon in Salt Lake City, Utah, where he will give a talk titled, "Conservancy and Racket: What We Can Do Together!"

Many of our projects have events coming up:

In addition to the aforementioned sambaXP and RacketCon...

First talks are announced for Selenium's upcoming London conference, tickets are available now.

North Bay Python has announced their dates for this year's event, November 2 & 3, 2019. Talk submissions will open soon!

Tags: conservancy, Wine, GPL, Kallithea, Google Summer of Code, Member Projects, Godot, Reproducible Builds, QEMU, Selenium, Outreachy

Conservancy News Round-up

by Deb Nicholson on April 17, 2019

Check out these videos, blog posts from member projects, code releases and upcoming events.

Recent Videos

Our Member Projects Have Been Busy

Some recent code releases:

What's coming up?

Catch up with staff:

Many of our projects have events coming up:

Bonus news! GPLv3 code made the famous black hole picture possible. Congrats to Doctor Katie Bouman and her team!

Tags: conservancy, conferences, Godot, Reproducible Builds, Selenium, Outreachy, events, Clojars, inkscape, Hackfests, Racket

Do You Know Where Your Code Came From? If You Don't Have Source You Aren't Secure

by Pamela Chestek on April 4, 2019

I sometimes work for Conservancy assisting in their compliance work. Conservancy follows the Principles of Community-Oriented GPL Enforcement, enforcement principles published by Conservancy and the Free Software Foundation. As the process goes, Conservancy receives complaints from users about products whose sellers aren't meeting their GPL license obligations and Conservancy may investigate. Many of these complaints are for hardware devices with embedded code. The complaints are almost always are that there is free software on the device but that the source code is not available.

Conservancy will purchase the complained-of device and independently determine whether or not there is a GPL violation, including requesting the source code. This is where the rubber meets the road, particularly for embedded devices. In phone calls with the hardware manufacturer, the manufacturer will almost always say that they don't have the code on hand and need to get it from their factory or vendor.

When I hear this, I want to gasp out loud. I'm not gasping because I find the non-compliance so surprising (it's not), but that a manufacturer is shipping a device that it has not independently confirmed was manufactured as spec'd. A manufacturer designs a device, say a home security camera, and has outsourced the manufacturing to a factory. The factory may have subcontracted with someone else for the component, who may have contracted with yet another company for the firmware. Yet despite the length and opaqueness of the supply chain, the companies we buy from are not doing any due dligence on the products they are selling. When a company tells me they don't have the source code available, I add them to the list in my head of brands I will not buy.

This is not a trivial oversight. Doorbell cameras, security cameras, televisions, baby monitors, and home audio equipment have a view into the most intimate parts of our lives, and yet the manufacturers are not doing everything they can to ensure that our private lives stay private. The component manufacturer, the firmware manufacturer, the factory, or all of them, could be adding malicious code to the device and the vendor has not taken the simplest step of verifying the software on the device does only what it is supposed to do and nothing more.

And it's an easy problem to solve. All the company needs is the source code. There is now even a free software project, Reproducible Builds, that can be used to verify that the source code provided compiles to exactly the object code found on the device.

And guess what? By performing the far more critical task of ensuring that a manufactured device has not been compromised, the source code compliance problem has been solved too.

Tags: GPL, Reproducible Builds

Death, taxes and free software at DebConf this year

by Deb Nicholson on August 14, 2018

In case you missed it, our most excellent Executive Director, Karen Sandler and FSF Campaigns Manager, Molly de Blanc presented together at DebConf in Taiwan earlier this month on what *really* constitutes a software freedom issue. Turns out that lots of things are affected by the absence or presence of software freedom including; many serious topics like depression treatments, automated devices in our homes, public transportation, domestic violence and government data. There were also some very funny moments, but I won't spoil the video for you.

This year is the first time this critical event has taken place in Asia. Over 300 free software enthusiasts attended talks, squashed bugs and discussed critical issues like reproducible builds, what contributing is like around the world and how to increase diversity in free software projects. Both Karen and Molly have been to DebConf multiple times and highly recommend this event.

You can catch Karen next in New York in early October where she'll be keynoting PyGotham.

Molly's next public appearance is at the end of the month in Vancouver where she'll be participating in a panel that will be discussing ways to use metrics to help create common understanding around diversity and inclusion goals.

Tags: conservancy, Reproducible Builds, events

Next page (older) »

[1] 2

Connect with Conservancy on Mastodon, Twitter, pump.io, Google+, Facebook, and YouTube.

Main Page | Contact | Sponsors | Privacy Policy | RSS Feed

Our privacy policy was last updated 25 May 2018.