We could theoretically use machine learning tools to examine open source code-bases in order to detect intentional tampering done by potential bad actors.
That could be kind of interesting. You gotta figure "bad actors" have certain signatures, and might help flush out malicious saboteur accounts.
Just a thought.
We could just:
1. Set up one unified package repository common to all distros. Or say Debian alone.
2. Set up an audit pipeline of human oversight on every commit going into that repo. Nothing makes it in without a million eyeballs scouring it.
3. If it's a distro-independent repo, developers from all distros join the audit process. All eyes like lasers on one pipeline.
4. Set up proper crypto signatures for each distro. Doing so per package complicates it a bit.
@purrperl a million eyeballs is less practical than the tools we are developing today.
Finding 1,000,000 to care about ncmpc (as just one example of an open source project) would be really difficult. It shouldn't be, but we do a poor job of teaching computer literacy to people at the moment.
That alone might spark more interest in free and open code, especially given what the alternatives are.
And many bugs are non-obvious, which is why projects like the Linux kernel, which sees a lot of eyes, still has critical vulnerabilities.
We can either learn to use the tools or hope they poof and disappear, and I don't put great odds on that happening, as the current-day tools are already being leveraged to do some serious work (most of it bad, because it is not in the hands of the masses.)
The way the tools are used has almost always been the problem, with every tool we have so-far developed. Moderation is key.
A million eyes is a metaphor, from Eric S. Raymond's famous saying, "Under a million eyeballs, all bugs are shallow."
If lots of people use the GIMP, it gets more eyeballs, naturally.
@purrperl absolutely. A percentage of the Gimp users would lend time to code-review.
The problem we are also facing is that most people don't want to lend their eyes for free, even if the software is free.
But that issue is a whole other ball of wax.
1. Not all people are programmers /documentation writers etc.
So they couldn't contribute to the repo easily, even with the will to.
2. The #FOSS ecosystem was deliberately kept fragmented, hyped as hard-to-use, out of the hands of the average user by closed source barons. With easy mechanisms to contribute something even as simple as bug reports, FOSS thrives.
3. The real asset is attention, which was used up by chasing everyday needs. Meet needs, unleash a flood of attention.
That was definitely true in the past. Yet, a unified distro with proper PR, advertising, user education, and outreach, makes it fun and easy for people to contribute to each #FOSS project. So people feel empowered to do their civic duty, and make software better for all.
"I'm doing my part!"
~ Starship Troopers.
This looks like a job for me. 😃
@purrperl what you seem to want to do is somehow bring all open source projects under the same roof with some sort of hierarchy to manage the code-bases.
Am I following this properly?
Better resource utilization.
Convergence rather than fragmentation.
Freedom from the closed source FUD of the past.
Dare I say it, one distro to rule them all. 🙂
If you say, "I've got some software you can use, but you have to pay me to use it, and I won't show you the source code, and I decide how you can use it, and you have to update it at my schedule, and upgrades to next versions are not free, and there's always paranoia about security.", you would be laughed out of town.
It's Free as usual.
Say Codeberg, rather than some proprietary git host.
Nothing prevents people from forking off projects, and experimenting.
In fact, it is welcomed!
However, those forked packages won't be trusted, only the mainline packages.
If a fork is ever to make it into the trusted main branch, it will have to undergo the same rigorous audit.
@purrperl I think all of that works against the strong reason open source has seen the success it has, which is its anarchistic nature.
Centralizing all projects under one roof seems like a good idea until that roof falls down.
"Roof falls down" ? How so?
Anarchism just means no authorities.
Democracy is Anarchism in Government.
Science is Anarchism in Knowledge.
Art is Anarchism is Aesthetics.
Random experimentation with code, starting from scratch, or from a fork of the Free Software mainline remains free as ever, and is encouraged.
@purrperl well, who is operating the website that hosts all of this, how is it being paid for, is its code also subject to arduous examination?
Anarchism eschews hierarchies of all kinds wherever they are not justifiable.
Deliberately placing onerous restrictions on projects of all sizes seems extreme and would need some serious justifying.
Who runs the #FSF ? Who pays for GNU/Linux development?
Yes, the website is also subject to the same arduous examination.
And of course, mirrors, with crypto signatures.
Signature verification is a process seamless to the user, as it was in the closed source world.
We live in the decentralized age of #BitTorrent, #TOR , and #Veilid
Pope Bob the Unsane
Ashwin Dixit