Guys what is this malware app that’s on my Librem 5 by default or from a suggested config?
It says it’s unsafe closed source and made by Purism. What are they doing? (I’m on Byzantium.)
2 Likes
Not every piece of software with missing metadata that allows accurate representation by GNOME Software is malware.
3 Likes
I can say Purism is nice, Purism is wonderful, Purism is FSF, but the big problems is that Purism Hired Opensource-Gnome programmer for Gnu PureOS, this the reason why Gnu PureOS is not Pure as Gnu it is.
For me, it was a huge ERROR of Purism to move Phosh to Gnome(i know purism did for love is user to get L5 autonomous). Gnome will never thanks for it, and they already proved it with the creation of Gnome Shell Mobile and renaming Libhandy. I am very, very unhappy with Gnome for all the bad behavior and how evil they are. I was incredibly disappointed when Gnome renamed Libhandy to Libadwaita.
Libhandy is a fingerprint of Purism.
I do not want to be toxic here nor even with Gnome, but someone has to have the courage to yell at them and tell them the truth.
3 Likes
Hi @dos really appreciate your time, if you have time to reply on this topic then a simpler version of my question is this:
How can I tell if this app is actually closed source / proprietary versus “missing metadata” that simply fails to tell me it’s free software?
3 Likes
In this case, go to the listed project website in your screenshot:
see that it claims to be four scripts, examine those scripts on your L5, extract the contents of the .deb on your L5 or redownload and extract, then determine whether some binary is lurking in the .deb. For packages that do include binaries it would be more work.
2 Likes
If you haven’t added any external software sources, then it’s easy: everything in PureOS is free software, and if something from there is marked as proprietary, then it’s a bug. Patches welcome.
4 Likes
Ok thanks. I believe only external source added was Brave Browser from before NSA/CIA/FBI did a patch on it to make it no longer launch and just say “Oops sorry” if I try to run from command line, which I don’t think should be related even though I didn’t fully uninstall yet.
Would be happy to submit Patch but it’ll be days or months before I can get Purism gitlab account approved because I think time I tried, the approval process required back and forth with humans that took enough hours or days that it exceeded my attention span. Maybe I’ll go back and look.
3 Likes
I cringe every time I think about how many people this has happened to.
2 Likes
On a related note, you should report concerns about non-free software in an FSF endorsed operating system through the bug tracker and to the Free Software Foundation.
More information can be found here: GNU Bucks - GNU Project - Free Software Foundation
But, I would agree with @dos this appears to be more-or-less a bug and is likely not a violation
Thank you so much for making others aware of this issue, though.
2 Likes
Anything distributed as scripts can not be closed source.
3 Likes
here is a link to artical warning of this malware Linux Malware Delivered via Malicious RAR Filenames Evades Antivirus Detection