The source is public. Public source is not open source.
It is not open for me to port, repair, improve, or redistribute to signed and reproducible built distribution channels like f-droid, arch, or debain as I see fit. Honestly really disappointing from a team known for promoting right to repair. I was totally on board with sharing grayjay from the rooftops until I saw the LICENSE file and my heart sank.
Also at a minimum this creates a lack of accountability to prove given binaries came exactly from published code. Someone backdoors the grayjay CI/CD server and everyone gets a backdoored app. Centralized software distribution is irresponsible in a world where supply chain attacks are common.
If they just care about malicious impersonation they should have just done what Mozilla did and file trademarks but leave the code open.
the source is open, it's just not open source. You can't be pedantic about things they didn't say, and you don't get to retroactively define open to only be definable by OSI.
lrvick|2 years ago
It is not open for me to port, repair, improve, or redistribute to signed and reproducible built distribution channels like f-droid, arch, or debain as I see fit. Honestly really disappointing from a team known for promoting right to repair. I was totally on board with sharing grayjay from the rooftops until I saw the LICENSE file and my heart sank.
Also at a minimum this creates a lack of accountability to prove given binaries came exactly from published code. Someone backdoors the grayjay CI/CD server and everyone gets a backdoored app. Centralized software distribution is irresponsible in a world where supply chain attacks are common.
If they just care about malicious impersonation they should have just done what Mozilla did and file trademarks but leave the code open.
slikrick|2 years ago