Cloned repository to use programe locally. How can I check whether everything I downloaded is free?
- Vous devez vous identifier ou créer un compte pour écrire des commentaires
I cloned https://github.com/eserte/bbbike/ to use the programme called bbbike locally.
bbbike itself is licensed under GNU General Public License v2.0.
Could the repository contain proprietary blobs?
If so, how can I check?
By looking inside the files.
Only programmers can know what to look for exactly.
The front page says "Perl/Tk will be fetched over the internet, get compiled and installed." Personally, I would not try anything that says that, but pretty often the fact that something will be fetched from internet is not even mentioned.
In general, I would consider anything that is not C code as suspicious and I would remove the network connection during compilation and installation, to make sure nothing is fetched from I don't know where.
I bought a book to learn Python (C is the only thing I understand), in order to be able to understand the tools that download things, what they download exactly and how to control that. I guess it will take me some time to reach that.
Thank you for your response.
I did not install the programme bbbike locally. I cloned the repository using git. I run bbbike using the file ./bbbike (and my computer is disconnected from the internet by default).
Re perl-tk, I installed it from Trisquel's repository. So I understand this is free.
I also ran '$ grep -r license' and '$ find . -iname copyright' etc, found nothing suspicious, but I doubt running these commands was useful. I imagine proprietary blobs don't (necessarily) come with a tag.
Thanks again for your response.
- Vous devez vous identifier ou créer un compte pour écrire des commentaires