Continuing from What does Privacy Guides see as OpenSource?.
I am wondering whether we should require some transparency of the code for all software we recommend.
Continuing from What does Privacy Guides see as OpenSource?.
I am wondering whether we should require some transparency of the code for all software we recommend.
Why?
[Please assume I have referenced the countless prior discussions on this forum about how open source is not a panacea when it comes to privacy.]
Because I believe proprietary software is far more vulnerable to all sort of attacks than open software. Like proprietary software can make all sort of bad engineering decisions without being detected,or only being detected a year later when the next audit is due.
With open-source, those are way more likely to be detected sooner.
Nothing is a âpanaceaâ, but all things being equal, the open software will always be safer.
Note that I am not saying âopen-sourceâ cause for security purposes source-available has few differences with open-source.
Unfortunately, all things arenât equal when it comes to software, which is why I am against broad site-wide criteria like this.
Yeah, we already have a policy where if two applications are equal, the Open source version is preferred. A blanket ban on propeirtary apps seems like an unneccessary restriction.
It should be the other way around.
The ideal world does not exist. With such requirements you cannot make the right recommendations.
If we only require it when it is available on the best option it to me seems more like a label. It means like that when something better comes around we have to change thr requirements in order to iclude it. To me it is clear that it then was never a requirement but rather a label.
I agree that not all things are equal.
This may hold true in situations where there arenât enough open-source alternatives available (for example email clients for iOS or cloud storage clients). However, it shouldnât apply when there are various open-source options for a particular category (e.g., password managers).
Pwehaps this needs a poll too. (YOUR VOTE IS PUBLIC).
So open soure should be:
I would add a fourth option: ârequired in categories where it makes sense to do so,â which is what I would say, and is what the current situation already is.
I dont see the difference with option 3? Could you explain? I was implying the xurrent situation there at least
Look, I agree that when impossible, then it canât be a requirement. But I think it should be required by default, and specified where it isnât.
And also, sometimes we should make though choices. Like with Drive.
Because option 3 means we would have to make it a criteria if itâs possible to do so, even if there is a reason it shouldnât be a criteria.
For example, I think there is a reason to not do Require Open Source for Password Managers - #139 by jonah despite it being possible for the category, but both option 3 and option 2 would imply that we need to add the Require Open Source for Password Managers criteria, which I disagree with.
This would just be meaningless, as there can always be a reason you wouldnât want something. This is highly subjective.
Okay. In private chat i made this example to some of the team. What if for example Ente was full proprietary? Would we not list it? It is the best photo app out there. Sure there are other options but it has proven to have great privacy and really is game changing. If the answer to this is no I really have to disagree.
Yes, our recommendations are subjective based on what we think the criteria should be. That is the entire point.
But at that point is it a requirement or you just state, look our current recommendations are open source. But we may include others at any time.
What if Proton Drive, Pass, Mail were proprietary, would we still recommend them?
I get your point, but truth be told, Ente would have never gotten traction without being open-source - so it wouldnât be as great as a product.
I know and dont mind that but this doesnt seem to reflect the selection creteria from how i read it.
It is something we like and encourage but it doesnt seem to actually be a selection criteria after all.
I would argue that both should be included no matter.