| 1 |
>>>>> On Thu, 02 Apr 2020, Rich Freeman wrote: |
| 2 |
|
| 3 |
> I guess we could stick an einfo in the post-install messages, |
| 4 |
|
| 5 |
Not sure if that's necessary. Zoom is a proprietary, closed-source, |
| 6 |
fetch-restricted package, so users should know that they cannot expect |
| 7 |
the same level of quality as for free software. (In the default |
| 8 |
configuration, it is license-masked, so users must explicitly unmask |
| 9 |
it before installation.) |
| 10 |
|
| 11 |
> but if you're joining a zoom meeting are you going to be any more |
| 12 |
> secure if you manually install the files instead? I can't imagine that |
| 13 |
> people are going to stop attending meetings just because they picked |
| 14 |
> the wrong software to host them. Plus a few of those concerns apply to |
| 15 |
> MANY packages - such as a lack of end-to-end encryption, or ever |
| 16 |
> having had a zero day. |
| 17 |
|
| 18 |
> I'm not intending to endorse Zoom here, but Gentoo isn't really |
| 19 |
> intended as a purist distro that will never include a package if it is |
| 20 |
> associated with a service that might collect user data and so on. In |
| 21 |
> fact, we have many packages with these associations. Ultimately users |
| 22 |
> can decide what they want to run, and we're just providing the files |
| 23 |
> in the most convenient and secure manner possible. For example, when |
| 24 |
> the zero day is fixed if you're using Gentoo you'll benefit from our |
| 25 |
> security policy, while you would not if you had just manually |
| 26 |
> installed some files/etc... |
| 27 |
|
| 28 |
+1 |
| 29 |
|
| 30 |
Ulrich |
Archives