Hi I used to use the great suspender before that was taken down and I want to avoid that from happening again to me, what I want to find is a program or operating system that compiles apps from source into binaries in real time synced with the source code repository. If the latest source code does not compile into the binary I know then that’s a red flag if there’s no parity on the repository and the compiled product. I guess foss is suseptical to social engineering attacks, maybe foss is great but we need a third party looking over our shoulders. No matter what app I use there’s always risks but I guess the risks can be mitigated to acceptable levels since everyone can see potential bugs. Like multiple git servers in sync on a blockchain esque. I guess I’m in the middle. I use windows and at the same time I use gnu Linux. Eventually it might come to ai managing every foss…
I don’t know if I understand you right. You want the repository to contain source code and binary, then compile the source code on your machine and then to compare the created binary file with the binary in the repository, in order to make sure that binary and source code in the repository are completely in line?
If this was your question, I could say a lot regarding it and why it would only work under very specific circumstances, but I’d consider it to be wasted time if it weren’t.
So, please help us by being a little more wordy about your question. Just assume, we are slightly retarded people and speak to us in short, but complete, sentences. Don’t be afraid to provide seemingly redundant information and to explain things which might be obvious to you.
Who is this going to be? The idea of open source is to replace a single overseer with dozens or hundreds.
I guess there’s no way to trust that the binaries haven’t been tampered with along with the source unless you force to check the SHA or MD1 hash.
Then it becomes not only downloading the program but also the source as well then checking it twice it compiles to the blob, so you’ve effectively increased your download by double or triple if you force yourself to download the source code to all FOSS…
The third-party in this case would be a well-known company, like Mozilla, a 501c3 non-profit or FSF who would overseer those apps because can we trust Mozilla or FSF when they certify a FOSS that it complies with the GPL or MPL…?
Then we’d need another license in the case of reverse engineering an app where the source isn’t there but can still be reverse-engineered based on some standard code that will allow the app to be reverse-engineered in the event of a license violation.
Then it comes back to checkmarks and validation and verification because FOSS is as-is. Maybe we’d be better off letting AI maintain FOSS and have an automated maintainer.
I’m manic now because I use FOSS but there’s no FRES or Free Reverse Engineered Software, software without source code but will automatically reverse engineer itself.
Then there’s a license I developed, more of a joke to parody the GPL, called the LPG where it is a permissive viral license clause, where you can use the code but if you distribute it you must make your changes freely available via CC0 1.0 or No Rights Reserved.
it’s clearly non-free but it could never be enforceable.
Having a third-party vet FOSS would help go a long way into determining if it’s safe.
Yea it’s called the Wrench License since you’re throwing a wrench in the works, even if someone modifies the software under the license it will always be able to reverse engineer itself.
Your idea makes no sense: The binaries you create on your computer will only be exactly the same as the ones created by the package’s developer(s) if you both use the exact same compiler with the exact same required libraries but only if the libraries themselves were exactly identically built.
For any project beyond “Hello World!”, this is a nearly impossible task.
Do you have any idea of the amount of software which is released every single day? None of the organizations mentioned have even 0.1% of the financial resources required to undertake such an oversight role.
If there existed an artificial intelligence able to do that, we just could quit our jobs as programmers and let the AI doing the programming for us. Actually, it would be easier to create an AI, able to understand natural language and producing code than one able to properly review existing code.
Besides that, it is even theoretically impossible to build a machine able to verify the correctness of an arbitrary program.
You obviously have literally 0 idea how software development works. What you are proposing does not make any sense for any consumer of any distribution. When you install new software versions, you would need to make sure that they are properly compiled. Okay, so you filter out those, easy. Then you would need to make sure, that they are still as compatible with your current system as the previous version is. Depending on the software, breaking changes may be introduced sometimes or more often. Even if you install new software versions manually, you can still have an issue finding what exactly broke your system. Even worse when compiled software is “synced in real-time” (which is another expression, that does not make any sense the way you use it), then you will break your whole distribution daily.
Then you also need to make sure that library versions are still compatible with the software you are using. Basically, this “sync” you are talking about could automatically install the newest C library versions. That could eventually break literally your ENTIRE operating system, at once. Similarly, if you install the newest version of an app, it can depend on a newer library, which means it also is broken.
There are even more issues, but it is already clear, that your proposal does not make any sense. Not a single bit.
To make this work even half-way properly, you would need to invest a crazy amount of time and work into a project that gives little to no benefit.
So, as I said, you literally have no idea how software development works and I wonder where you take the confidence from, talking abut such thing in such a deterministic and certain way, as if you knew what you were talking about… Dunning-Kruger says hello.
You literally have no idea what you are talking about.
Well, assuming, I understood correctly what you were trying to say. I understood that you want everything delivered in “real-time” (again, does not make any sense in this context) to always have the newest software automatically on your device.
You also want AI to manage your Linux and Windows through a blockchain at the same time.
Can we maybe find more buzz words? These were not enough!
This is how it looks when someone actually knows what they are talking about.
When reading through my post, I made another discovery:
If you would make all your proposals true, they would almost entirely base on the following idea:
Shift the work away from you to others.
You would rely on a bit of blockchain/AI (highly unlikely) and on other humans to do the work for you (highly likely). So you would have made an improved for your life, but others would need to suffer more and put MUCH more work into their already hard task of developing software. Nobody is going to do that for you, for free.