[Qgis-user] Authenticity of softwares
chris hermansen
clhermansen at gmail.com
Thu Jun 29 13:05:04 PDT 2023
NP Singh and list,
On Thu, Jun 29, 2023 at 12:15 PM nr via QGIS-User <qgis-user at lists.osgeo.org>
wrote:
> Dear Users,
>
> I wanted to make a general query.
>
> How do we establish the authenticity of freely available online softwares
> or tools in general which can be downloaded from links are used from the
> page itself
>
> How do we know if they are certified by professional bodies or they are
> peer reviewed just like journal papers.
>
> I understand that the softwares may have certain limitations or applicable
> with conditional inputs and we need to know them before using.
>
> As to authenticity, you will see on many download sites the offer to
download verification keys, which when applied demonstrate authenticity to
some degree (provided that the organization's site hasn't been fully
hacked).
Read these QGIS instructions as an example of how this is done.
https://www.qgis.org/en/site/forusers/alldownloads.html#debian-ubuntu
You may well ask "how do I know my copy of Windows is genuine", which may
be an interesting thought experiment.
As to certified by professional bodies, you are unlikely to find
professional bodies willing or able to certify software. Again, you will
find the same problem with commercial software. Some particular software
is audited, typically software that claims some kind of privacy or
security. Here is an example of this kind of thing:
https://www.securemessagingapps.com/
In any case, which professional body's recommendations might you trust with
your organization's security? I can't name one, offhand.
As to peer review, open source facilitates peer review and security fixes,
closed source impedes or even precludes it. Closed source, when provided
for peer review, is often under non-disclosure of some kind, which limits
what we know about it.
In summary, policies don't protect your organization's information nor
systems - you do.
--
Chris Hermansen · clhermansen "at" gmail "dot" com
C'est ma façon de parler.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/qgis-user/attachments/20230629/0d1f36bc/attachment.htm>
More information about the QGIS-User
mailing list