With the GPL, for any binary that you distribute, you have to make the corresponding source code available. With reproducible builds (see: https://reproducible-builds.org/), it is possible to verify that the binary was indeed compiled from the available so

Name
SubjectWqn♬Y8)O#J♗C,T+].⚠H1sc}⚫uh rF2g@9D⛶4	Spoiler Image
Comment
File
Embed
Password	(For file deletion.)

File: 1581156554049.png (789.07 KB, 761x1066, 86532c04290d84566673d48110….png)

Verifying AGPL compilance? Zodiac 02/08/20 (Sat) 10:09:14 No.1509

With the GPL, for any binary that you distribute, you have to make the corresponding source code available. With reproducible builds (see: https://reproducible-builds.org/), it is possible to verify that the binary was indeed compiled from the available source code. All you have to do is to compile the source code yourself, and compare the resulting binary with the one distributed. For an example of this in practice, see guix's `challange` command.

With the AGPL, if you run a service accessible through a network, you have to make the corresponding source code to the service available to the users. But is there a way for the user to verify that the service provided corresponds to the source code available? I can't think of any situation where the service couldn't just simply lie about what it is.

Zodiac 02/08/20 (Sat) 10:41:07 No.1510

Try asking on textboard.org maybe.

Diana 02/08/20 (Sat) 17:16:32 No.1511

>>1510
Is my thread not welcome here?

Daphne 02/10/20 (Mon) 18:39:35 No.1512

File: 1581359975763.jpg (73.11 KB, 850x1200, 994779f8f513495c26788a9ebb….jpg)

I believe this to be very important in today's climate where every megacorporation tries to paint themselves to be great supporters of "open source" and many of our organizations are funded by their "generous donations". But the problem is that they don't give a shit about software freedom. Take Visual Studio Code for example. Microsoft used to advertise it as being Open Source, and millions in good faith downloaded binaries of it. Until a careful eye noticed that the source code released as "Visual Studio Code" was different from the binaries released as "Visual Studio Code". In fact, the binaries even have their own license agreement that you have to accept to use them. After being called out on it, Microsoft modified their website and now Visual Studio Code only claims that it was "built on Open Source", as if that was something to be proud of. But the damage has already been done. I think Docker employed (or still employs) similar tricks. The problem is, pushover (so-called "permissive") licenses do not protect you from this trickery at all. With copyleft licenses, the source code of the binary has to be provided. But with pushover licenses, corporations can put some crippled version of their software on Github as bait, and distribute proprietary versions of it in binary form. This is why I think verifying source-to-binary correspondence, enabled by bootstrappable and reproducible builds, is so important.

Skyglider 05/27/20 (Wed) 19:37:40 No.1513

File: 1590608259919.png (210.98 KB, 1102x826, slide 18.png)

>>1512
https://media.libreplanet.org/u/libreplanet/m/the-four-free-ums/
There was this talk at LibrePlanet 2020 by someone from the Open Source Initiative(!) about some current practices that companies employ to appear as part of the Free Software movement without actually adhering to the principles of software freedom.