❌ Software Removal | VSCodium #1845
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#1845
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Description
#979 Add VSCodium which I totally disagree.
Why I am making the suggestion
Vscodium is not a fork. It's just build script which based on open source vscode. And provide the binaries by Travis-CI and Azure pipelines (Actually I don't if the releases is provide as is, I comment on #979 without received any response).
It shouldn't trust the binary build from strangers. You should build it by yourself. The similar discussion on https://news.ycombinator.com/item?id=17850960.
My connection with the software
For the second point, do you mean this project should also remove any project which release binary build themselves?
No. I means download the binary should come from trusted channel or build
it by yourself. Like Debian APT repository, every packages with GPG signed.
I disagree. While it's always great to be able to download and build yourself, not everyone is knowledgeable enough to do so.
This project is open source so it can be verified that it's doing what it claims and downloading from the actual source and not installing anything nefarious.
I don't see any reason to remove it or not trust it.
You can't verified that. It's can easily deleted the old binary with new
one in Github release without any notice. And there is no GPG signed by
trusted one.
I believe "Visual Studio Code" from Flathub is better choice for GNU/Linux
users, because it have GPG signed from Flathub and it's running in Flatpak
sandbox.
Is there anywhere in the repo for Visual Studio Code that specifies they have removed Microsoft telemetry? All I could find was a mention of it in 2018 here:
https://github.com/flathub/com.visualstudio.code/pull/36
Saying: "This also includes an update to OARS 1.1 and correctly classifying the telemetry collection."
emphases mine.
They also have another open issue about having an issue with GPG, but I did not further research it at this time.
VScodium also didn't remove the telemetry code from source. Because it
is not a fork (almost shell script on that repo). It just replace
telemetry URL(s) with 0.0.0.0 on build:
https://github.com/VSCodium/vscodium/blob/master/undo_telemetry.sh
Why Vscodium is existing? Because Microsoft's "Visual Studio Code"
binary release with proprietary license while "Visual Studio Code -
Open Source" (Code - OSS) released with MIT license. Someone care
about free software license should build it by themselves (as I said
before). The meaning of vscodium is tell people how to build "Code -
OSS" with the easy way instead of its binary.
Perhaps you think the binary is ok. But my first point, "VScodium is a
fork" should be corrected, it's too misleading.
We do agree it should not be called a fork. I issued PR #1855 to resolve.