Hello,
I wonder about the "open source" qualifier (and the security that normally follows) of FreeFileSync. Although free and said to be open source by its designer, I just spent 2 hours looking for the sources of this software to check the content.
Nothing. Unable to find updated sources. Either I missed something or it's hiding something!
I don't know of any open source software whose sources are impossible to find or are so hidden.
I want to be denied! In the meantime,
Best regards
Open Source? Is it true ?
- Posts: 1
- Joined: 21 May 2023
- Posts: 306
- Joined: 7 Jan 2018
Zenju uses the GPL-3.0 primarily for his source code (version 12.3, the current version listed at the Download page). Additionally some components he licenses under the OpenSSL license, curl license, something labeled the libssh2 license (which vaguely resembles the MIT to me at first glance; I'm not a lawyer though), and a PuTTY license.
Nobody ever said source code must be provided in a scm repository. GPL uses the concept of "reasonable delivery" iirc, and tarballs satisfy this license requirement. If you're absolutely convinced that you want to see an scm repo, check out the mirrors at github/hkneptune/FreeFileSync and gitlab.com/opensource-tracking/FreeFileSync (my mirror).
I'm assuming the donation version is not GPL 3 because nobody's ever seen the source code for those extra bits.
Now that I think about it, the source tarball takes a modicum of effort to download (presumably because of the cloudflare/similar bot protection stuff) with wget or curl. I just slap a generic Mozilla X11 user agent and then I can get the tarball from Zenju's site.
Nobody ever said source code must be provided in a scm repository. GPL uses the concept of "reasonable delivery" iirc, and tarballs satisfy this license requirement. If you're absolutely convinced that you want to see an scm repo, check out the mirrors at github/hkneptune/FreeFileSync and gitlab.com/opensource-tracking/FreeFileSync (my mirror).
I'm assuming the donation version is not GPL 3 because nobody's ever seen the source code for those extra bits.
Now that I think about it, the source tarball takes a modicum of effort to download (presumably because of the cloudflare/similar bot protection stuff) with wget or curl. I just slap a generic Mozilla X11 user agent and then I can get the tarball from Zenju's site.
- Posts: 1
- Joined: 28 Sep 2023
This "says" open source, but looks like no one can actually compile it. I haven't tried yet, but the code and repository looks awfully "simple" for something that is supposed to work on Windows, Mac, AND Linux.
I'm not saying the following is happening here. But if I was a 3 letter agency or a Chinese/Russian l hacking group, and I wanted to distribute nefarious code, I would put it inside a super useful utility, like FreeFileSync. Then I would call it Open Source and distribute just enough source code that it looked like it could be built. Or a version without the root kit (virus, whatever) that could be built, albeit difficultly like this one. Not too many people will really try to build it. You just need to discourage those who would try while maintaining the appearance of open source. I bet thousands are using FreeFileSync.
I came here looking for a secure open source file sync product. But has anyone actually built this from source?
I'm not saying the following is happening here. But if I was a 3 letter agency or a Chinese/Russian l hacking group, and I wanted to distribute nefarious code, I would put it inside a super useful utility, like FreeFileSync. Then I would call it Open Source and distribute just enough source code that it looked like it could be built. Or a version without the root kit (virus, whatever) that could be built, albeit difficultly like this one. Not too many people will really try to build it. You just need to discourage those who would try while maintaining the appearance of open source. I bet thousands are using FreeFileSync.
I came here looking for a secure open source file sync product. But has anyone actually built this from source?
- Posts: 306
- Joined: 7 Jan 2018
I compile this software from the source tarball for every new release. But that's on a development-friendly operating system (GNU+Linux). Perhaps compiling on Windows is easy for Windows developers. But on GNU+Linux, it's easier for someone like me to compile software. Normally you just need gcc and make and whatever dependencies for the app in question which can easily come from "sudo apt-get install gcc make". And then running "make" squawks at you if you need yet another dependency which a google search will tell you the package name for that file.
- Posts: 8
- Joined: 19 Jul 2020
I found some notes on compiling FFS for the version of Linux that runs on older Raspberry Pis and have tried to keep them up-to-date:
https://github.com/pmkees/build-FreeFileSync-on-raspberry-pi/releases
Can't speak to steps to compile on Windows or MacOS. Until the FreeFileSync Foundation starts funding some of these tasks, it's just volunteers scratching an itch.
(for the avoidance of doubt, I was joking about the foundation)
https://github.com/pmkees/build-FreeFileSync-on-raspberry-pi/releases
Can't speak to steps to compile on Windows or MacOS. Until the FreeFileSync Foundation starts funding some of these tasks, it's just volunteers scratching an itch.
(for the avoidance of doubt, I was joking about the foundation)
