1 |
>>>>> On Thu, 02 Apr 2020, Rich Freeman wrote: |
2 |
|
3 |
> I guess we could stick an einfo in the post-install messages, |
4 |
|
5 |
Not sure if that's necessary. Zoom is a proprietary, closed-source, |
6 |
fetch-restricted package, so users should know that they cannot expect |
7 |
the same level of quality as for free software. (In the default |
8 |
configuration, it is license-masked, so users must explicitly unmask |
9 |
it before installation.) |
10 |
|
11 |
> but if you're joining a zoom meeting are you going to be any more |
12 |
> secure if you manually install the files instead? I can't imagine that |
13 |
> people are going to stop attending meetings just because they picked |
14 |
> the wrong software to host them. Plus a few of those concerns apply to |
15 |
> MANY packages - such as a lack of end-to-end encryption, or ever |
16 |
> having had a zero day. |
17 |
|
18 |
> I'm not intending to endorse Zoom here, but Gentoo isn't really |
19 |
> intended as a purist distro that will never include a package if it is |
20 |
> associated with a service that might collect user data and so on. In |
21 |
> fact, we have many packages with these associations. Ultimately users |
22 |
> can decide what they want to run, and we're just providing the files |
23 |
> in the most convenient and secure manner possible. For example, when |
24 |
> the zero day is fixed if you're using Gentoo you'll benefit from our |
25 |
> security policy, while you would not if you had just manually |
26 |
> installed some files/etc... |
27 |
|
28 |
+1 |
29 |
|
30 |
Ulrich |