Announcement

Collapse
No announcement yet.

Librem One Affected By Nasty Security Bug On Launch Day, Acknowledges Rebranded Apps

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Librem One Affected By Nasty Security Bug On Launch Day, Acknowledges Rebranded Apps

    Phoronix: Librem One Affected By Nasty Security Bug On Launch Day, Acknowledges Rebranded Apps

    Yesterday Purism launched the Librem One suite of services that initially consists of a privacy-minded, but even with priding themselves on security, there ended up being a nasty launch-day security issue uncovered. The fact that their offered software was quietly re-branded open-source software also rubbed some users the wrong way...

    http://www.phoronix.com/scan.php?pag...-One-Rough-Day

  • #2
    I am actually okay with the rebranding, as long as they do the following:
    • have a "based on [insert opensource name]" on the credits or when the app opens
    • Contribute their work upstream and provide financial support for the developers who made these applications.

    Comment


    • #3
      Originally posted by CuriousTommy View Post
      I am actually okay with the rebranding, as long as they do the following:
      • have a "based on [insert opensource name]" on the credits or when the app opens
      • Contribute their work upstream and provide financial support for the developers who made these applications.
      I wish it was just that. Rebranding I do have different issue with.

      There are examples that work
      1)Cross-over/Photon and Wine
      2)Libreoffice and Collabora office

      These are normally a little more than just contribute work upstream. Serous amount of investment on also release new versions of the fork in a timely way.

      Biggest thing you see is "based on [insert opensource name]" then it not updated resulting in like being 20 security updates behind.

      Items like Libre One has signs they are stressed. This may mean they drop the ball even more on doing updates. If you are going to drop the ball with open source you might as well not fork/rebrand.

      Rebranding has it place but is very important that 3 things happen.
      1) Clean credit given.
      2) Be sure you have the required resources to get updated versions out.
      3) Low on the critical is work with upstream not working with upstream will make number 2 harder sooner or latter not working with upstream will ruin your day and your users day unless you have tones of resources.

      Its normally number my number 2 where forks and rebands screw up and harm end users. If you don't have the required resources or in year or so they are going to be questionable don't rebrand/fork because it will come back and give you a black eye for doing it.

      Comment


      • #4
        I am totally fine with them offering paid subscription services, on the proviso that they respect the open source licenses of the software which they distribute (which they appear to have done) and the software used to provide hosted services (for selected licenses where this distinction matters, like the AGPL). This is the successful RedHat-model.

        Purism seem to be contributing a reasonable amount of time, resources and code upstream. Good on them for that.

        Comment


        • #5
          Originally posted by rhysk View Post
          I am totally fine with them offering paid subscription services, on the proviso that they respect the open source licenses of the software which they distribute (which they appear to have done) and the software used to provide hosted services (for selected licenses where this distinction matters, like the AGPL).
          I'm okay too, specially since *services* cost ressources (mostly their servers).
          If they have users, they'll need to pay servers (which makes sense), and it's better if these servers are paid by the users instead of advertisers/private data brokers/etc.

          But I my personal perspective, I appreciate even more when it is *optional* to use their servers.
          (e.g.: I don't like Github as much as Gitlab, because you can use some other instance or even install it at home).

          Which again seems mission accomplished with Purism's offering as they rely on opensource software:
          you can run your own node of Matrix or Mastodon and still communicate with tem.

          (Just the same way one would have installed a local mail server and still communicated with other e-mail providers.
          Well, as long as you pass all the necessary criteria to not be flagged as "yet another spam spitting bot", which is slightly becoming more difficult nowadays).

          Comment


          • #6
            Yep, perfectly fine with it. It's hosted Matrix and Email and a VPN and the company has a pretty good privacy rep. If they sold encrypted Nextcloud too I may be in.

            Comment


            • #7
              I think it's a good idea, but I really only care about IMAP.
              Maybe a more fine-grained commercial offer could help?

              Comment

              Working...
              X