sorting | Produced by Zheng Liyuan
| CSDN (ID: CSDNnews)
When talking about the software that must be installed on the computer, compression software is definitely one of them. Due to different needs of each person, the compression software they choose is also different, such as WinRAR, 360 compression, 7-Zip, BandiZip, Quick Compression, etc. Among them, 7-Zip, which is completely free and open source, is favored by many users.
is an open source compression software. 7-Zip was released in 1999. Most of the source code is released under the GNU LGPL license agreement. It uses the LZMA and LZMA2 algorithms to have an extremely high compression ratio and a small size. Advantage.
(picture from 7-Zip Chinese official website)
However, recently a developer named Paul published an article calling for a boycott of 7-Zip . The reason given in the title is: is "limited" Open source security issues .
Paul gave 7-Zip "three deadly sins"
However, after reading this article as a whole, we can find that Paul gave 7-Zip "three deadly sins."
The first sin: "limited" open source
As mentioned at the beginning, most of 7-Zip's source code is released based on the GNU LGPL license agreement, and its open source attributes should be beyond doubt.
And Paul believes that the "limited" point of 7-Zip's open source is that: 7-Zip's code is not hosted on GitHub, Gitlab or any other public code hosting platform. It can only be found in src.7z of its official Sourceforge page, and "No history, no committers, no names, no documentation, just an archive."
Regarding the Sourceforge platform, which is the only one that hosts 7-Zip source code, Paul bluntly stated that its reputation is not good: "Sourceforge has been accused of containing spyware and malware in Windows.exe files and self-extracting files."
As for "No history , no committer, no name, no document." Paul also speculated that this may be because the author of 7-Zip does not want developers to build applications through source code. Having the submission history will make it easier to track any changes and restore any The wrong part is also easier to transport some "hidden dark elements" such as hidden telemetry or backdoors.
The second sin: there are security issues
In Paul’s view, 7-Zip not only had many vulnerabilities in the past, but the previously exposed privilege escalation vulnerability CVE-2022-29072 has not yet been repaired, and there are obvious security risks. Paul also cites the author's response to a user suggestion in 2012: "Don't have time to do any of this now, maybe I'll look at it later."
Among other things, Paul points out that 7-Zip's installer never seems to set up signatures — — “Signatures authenticate vendors and prevent bad actors from installing software.”
The third sin: the software author is a Russian developer
The third reason for boycotting 7-Zip Paul did not reflect in the title: 7-Zip was developed by Russian developer Igor Pavlov, "In order to support under the current situation Ukrainian , better not to use Russian software". After
cited the above "three sins", Paul finally recommended some alternatives to 7-Zip, such as PeaZip, NanaZip, and Zstd (Zstandard), which is equivalent to 7-Zip.
Netizen: "Just some conspiracy theories"
Paul's remarks about boycotting 7-Zip caused a lot of discussion on the reddit forum, but judging from the comments, Paul's purpose has not been achieved: Most people think that Paul's reasons It is untenable and attacks Paul's "conspiracy theory". In the
discussion thread, the comment with the highest number of likes is from a netizen named qvop:
Even if the 7-Zip source code is not hosted on Github, Gitlab and other platforms, so what? It is still open source. does not have any regulations that require open source to host the code on certain specific platforms. I think it is Paul's own cognitive problem.
Actually, 7-Zip's source code on Sourceforge has some (relatively sparse) documentation, including a changelog and a description of how to compile the program and some of its inner workings.Moreover, if developers only want to develop alone and do not want to seek contributions, then there is no use in open source for these unnecessary things.
Paul believes that the author of 7-Zip deliberately does not allow developers to build applications through source code is almost a "conspiracy theory", because there is currently no evidence to support this statement , on the contrary, 7-Zip has more than 20 years of development and maintenance Record.
In addition, it is extremely stupid for to abandon the use of open source software because of the nationality of the author of 7-Zip , especially when there is currently no sign that its author has any relevant conflicting positions.
All in all, to me, this article is a mixed bag, mixed with some entitlement and conspiracy theories.
In addition, many netizens also satirized Paul's blog post: "To sum it up in one sentence, the poster does not like the author's name of 7-Zip" and "If he does not defend this article, the author is an idiot." , "I'll keep using it, thank you, I don't see any reason to stop using it."
"Open source without borders" has always been a slogan called for by the open source community. However, under the current international situation, this slogan seems to be somewhat untenable: GitHub banned Russian developer accounts, and the NGINX open source project started in Russia announced the ban. Russia... These incidents have caused many open source enthusiasts to question the nature of "open source". Paul's third reason for calling for a boycott of 7-Zip is even more difficult for many people to understand: "Does it mean that we will choose to use open source in the future with ?" Should the nationality of the author be taken into account when using software? This is really weird
So, what do you think of Paul's remarks? What compression software do you usually use?
Reference link:
https://nixsanctuary.com/boycott-7-zip-limited-open-source-security-issues/
https://www.reddit.com/r/opensource/comments/vkjl80/boycott_7zip_limited_open_source_security_issues/
achievements One hundred million technical people
![Open yellow diamond python Chinese characters sorted by pinyin from xpinyin import Pinyinlist_word =["Samsung","Xiaomi","Apple","Huawei"]py = Pinyin()temp =[]for i in list_word: temp.append((py . - DayDayNews](https://cdn.daydaynews.cc/wp-content/themes/begin/img/loading.gif)
