News

On Sunday, October 1, the Free Software Foundation (FSF) hosted a
hackday to celebrate the fortieth anniversary of the GNU Project.

Free software enables more efficient ways to run large scale software.
F-Droid can serve so many people with minimal resources because of this
super power. Instead of each project handling development and maintenance
of the whole thing, free software enables sharing development and
maintenance. This is why F-Droid is built on
Debian. That only works when projects that use
free software also contribute back. F-Droid works to ensure that as much of
our work as possible goes back upstream to the original projects. For
production code, we use the Debian packages. When we need to use a new
library, we make sure it is added to Debian and maintained there. We use
Debian Backports when we need some new
dependencies in the stable release.

To illustrate this in action, let’s take a look at some recent security
issues in one of our dependencies:
GitPython.
CVE-2022-24439,
CVE-2023-40267
and
CVE-2023-41040
are three vulnerabilities that affect mostly projects that feed untrusted
input in and process it with GitPython. GitPython usages that operate on
known inputs are not really affected. Since our build process accepts Git
repositories from thousands of developers, our code processes inputs from
thousands of people. There are layers of validation those inputs that
provide protection, but no validation is perfect. So we need to ensure that
each step is safe. So we patched the Debian packages that we use in
production. We built on Ubuntu LTS’s patched
package which was in
turn built from the patched
package made for
Debian LTS, as funded by Freexian. It is a
classic example of how free software makes fixing security issues much
easier.

We are of course not alone in this, many other projects are also built on
Debian. Recently, Tor
Project
outlined many key benefits of building off of Debian. What is clear is that
the effort that we put into Debian maintenance more than pays for itself by
reducing work and stress on our core contributors, especially those who are
running servers. Software supply-chain
attacks have become
common across a range of packaging systems. A well configured Debian server
has the strongest protection that exists for any server software
distribution system.

There is a similar trend in software that ships all its own dependencies,
like Android apps. There are a wide variety of bots that check that
projects are including the latest versions of libraries. This is common in
Android apps, since they have to include all of their own dependencies.
Android provides only the core libraries. When we base our systems on
Debian, then we only need to update the dependencies in Debian, and all the
of the projects automatically receive those updates. When combined with
Debian’s
unattended-upgrades, this
approach provides a very low effort way to keep software updated. Normally,
automatic updates without human review are a dangerous thing to do in
software. Silently installing new software provides a channel that can be
exploited by malicious actors. Debian’s free software requirement, stable
releases, reproducible builds, and strong package distribution channels make
it possible to enable unattended upgrades in a trustworthy way.

Jason Snell: It’s incredibly frustrating. This is my software, running on my computer, yet there are moments when it feels like Apple thinks it’s really in charge. It needs to back off. He’s so close.

महादेव ऑनलाईन गेमिंग ॲप प्रकरणातील गुंतागुंत आता अधिकच वाढते आहे. महादेव ऑनलाईन गेमिंग ॲपमुळे बॉलिवूड हादरले असून अनेक मोठमोठ्या कलाकारांची नावे या प्रकरणाशी जोडली जात आहेत, जाणून घ्या अधिक माहिती

Kenia Os negó conocer al cantante de los corridos tumbados. ¡La pura Doble P, Peso. Así lo confesó en una entrevista.

Learn the step-by-step guide to creating your own stunning WordPress website with Elementor, perfect for beginners. Unlock the world of web design today! https://nerdsandgeeks.com/how-to-make-a-wordpress-website-elementor-for-beginners-in-2023/