Bug#764814: freecad downloads and executes code
Francesco Poli
invernomuto at paranoici.org
Tue Oct 14 22:26:46 UTC 2014
On Mon, 13 Oct 2014 09:38:02 -0300 Yorik van Havre wrote:
> > But, above all, the good news is that OpenCASCADE is no longer
> > GPL-incompatible [4], hence there's no need to avoid GPL-licensed code
> > in freecad now!
> >
>
> Francesco, that is true, but all the solving of the license problems has
> been a big headache, I think we all prefer to stay on the safe side now...
If introducing back GPL-licensed code into freecad worries you, then
you should get in touch with the copyright holders for the needed code
and persuade them to re-license it under more permissive terms
(LGPL v2.1, for example).
I think that downloading code and executing it should really be avoided.
Besides the already mentioned security issues, it also makes freecad
less usable on an isolated box...
>
> Anyway, thanks a lot to you guys for helping with a solution!
>
> This is the reference to this bug on the freecad bug tracker:
> http://freecadweb.org/tracker/view.php?id=1785
>
> I'll post back here as soon as we solve it.
I am not convinced that this bug is being addressed in the right
direction: please reconsider the possible strategies to _avoid_
downloading code, as discussed above...
Thanks for your time.
Bye.
--
http://www.inventati.org/frx/
fsck is a four letter word...
..................................................... Francesco Poli .
GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/debian-science-maintainers/attachments/20141015/74b19058/attachment.sig>
More information about the debian-science-maintainers
mailing list