Freedom Issue #1755
Freedom Issue #1035: [your-system-sanity]: Non-Free Software From Third-party Package Managers (TPPM)
[asp] Links to Arch source repositories instead of Parabola ones
Source code contains URLs to Arch Linux source repositories, so it works with sources of Arch packages not Parabola.
Steps to reproduce:
pacman -S asp.
asp checkout doublecmd-qt5 (or any other package name from
libre which replaces the Arch package).
3. Verify the output.
asp package is either removed from Parabola or replaced by the appropriate package in
libre that uses Parabola source repos, and so outputs from those.
libre replacement should probably be renamed to
psp or something like that, because I guess "a" in
asp stands for Arch (not 100% sure about that).
Prints the address of Arch source repository to stdout and also checks out the sources of the package from that repository.
I started looking into adding Parabola's sources to what asp pulls from, but it seems to fundamentally build on packages having individual branches, which is not the case for Parabola.
Would adding branches for each package be viable to be able to extend asp?
I wrote a small script (attached) that works on Parabola's format, and also on Arch's by theirs also having package directories in the master branches.
The drawback of this approach is that you can't (as far as I know) fetch just one package directory, so instead it makes a shallow clone of each git repository and simply symlinks the requested package directory out.
This means we miss out on history, and the disk usage adds up since it can't fetch individual packages (257M for Arch's shallow community repository)
I'm also not sure if Arch's package directories in the master branches are up to date with the per-package branches.
Updated by bill-auger 11 months ago
this is definitely a contribution-worthy task for the long-term - it is part of the grander "TPPM" problem (#1035) - something should be done about all of them - compared to foreign TPPMs 'asp' is relatively native - so as a TPPM sub-task, 'asp' is a relatively easy one to tackle (eg: `pacman -Ssq` produces an adequate libre-filter for the arch asp repo directory names)for 'asp' as a TPPM:
- we always have the current complete/accurate package DB (in readily hackable forms)
- we already know the libre status of each package in the DB
- we already/routinely run the equivalent filters on the arch repos
- the infrastructure payload/system-load is negligible, and maintenance could be easily automated
with equal parts of clever planning and shell scripting, the same code could instead/also be/become a new feature of libretools
there are multiple solutions which would obviate 'asp' entirely (ie: close that ticket by blacklisting 'asp', with no loss of functionality to parabola users) - i imagined one solution, that `mkdir -p core/foo && cd core/foo && libremakepkg` could download a PKGBUILD set ("on-demand"), based on it's dirname - curl could get them from parabola's cgit, removing the large VCS burden from users
FWIW, liberating 'asp' is equivalent to a similar plan for the 'octopi' program, to restore it's AUR-helper features - AUR-helpers serve much the same purpose as asp; and i suspect that more people prefer AUR-helpers to asp - an AUR-helper is probably the most popular feature expected by arch/manjaro users, yet missing from parabola - the 'octopi' plan may be on a ticket - it is fundamentally the same job as this, plus some python? GUI work - we should consider linking several of these tickets
Updated by bill-auger 6 months ago
- Parent task set to #1035
- Assignee set to GNUtoo
- Status changed from open to in progress
- Tracker changed from Packaging Request to Freedom Issue
i think adding a package to the blacklist satisfies (closes) a "freedom issue" - every blacklisted package needs not to become a "packaging request" - the majority would simply remain open forever; diluting the pool of legitimate packaging requests, which have a more reasonable chance of being closed someday
semantically, "packaging request" does not best fit the issue - the package is already packaged - if there is any work "requested", it is to liberate the existing package, not to "package" it - any work done, is a liberation effort, so it is still a "freedom issue"
closing the ticket after blacklisting, would not make the issue forgotten, because every blacklist entry should have a BR reference - that is sufficient to keep a handle on the issue, for possible liberation in the future - in that way, if liberation work begins sometime in the future, the ticket can always be re-opened; as an 'in-progress' 'freedom issue', with an 'assignee'
Updated by oaken-source 6 months ago
"Source code contains URLs to Arch Linux source repositories, so it works with sources of Arch packages not Parabola."
^- this is a very slippery slope to argue against. Consider this:
asp itself is free software, licensed under a free software license. So to blacklist it, we would require a tangible requirement by the FSDG to do so. Can it download non-free software? yes. but so can curl and wget. I understand that there needs to be a line drawn somewhere, but I believe that that line belongs firmly beyond asp.
Updated by bill-auger 6 months ago
im not sure what was the motivation to do this now; but over-all, i do not have strong opinion about asp - i see it having very little value, offering only a trivial convenience, which could be simulated with git commands, or with a little work, it could be simulated with curl commands also (as user 'A' demonstrated above) - it would be less work to replace asp with some custom scripting, than it would take to hack asp, to apply a blacklist filter
the FSDG draws the line at where the program offer suggestions or indexes non-free programs - note this wiki page - i hope that all parabola devs can agree where we stand on that scale
WRT the FSDG, i think asp is a TPPM by every definition - it's only purpose is to search, download, and install software maintained by third-parties, and we make no attempt to filter the search results - indeed, asp is notably worse that most; because it is guaranteed to suggest/offer software which parabola explicitly blacklists - OTOH, 'your-freedom' would prevent installing any blacklisted packages built with asp
i think it is best to treat asp as a TPPM, and to treat all TPPMs equally; so i would offer a counter proposal - to be fair, we should either allow asp again, or lets also blacklist all TPPMs now (pip, rubygems, npm, guix, the lot of them) - if there is more to discuss afterward, the discussion would be "which ones to liberate first" (as opposed to this discussion, which is "which to blacklist first") - anything other than that, is unfair - i would vote for either option (keep all, or blacklist all), as long a they are all treated equally, at the same time
FWIW, if we are blacklisting TPPMs today, guix now tops my list - it was just behind asp; because like asp, it is known to offer software, which is explicitly blacklisted by parabola - however, if we blacklisted guix, i would expect a similar counter-argument from GNUtoo - it is remarkably embarrassing for a FSDG distro to to blacklist a GNU program - it would be the second one ever, and both this month - but is there really a defensible difference? - unless there is, i think that any furthur discussion on the matter, should on #1035; and these should all go or stay, together as a group
Updated by grizzlyuser 6 months ago
It looks like these recent comments lost track of what the real issue is and what stance FSDG has on it. Or maybe my understanding is just wrong.
FSDG clearly says:
The system should have no repositories for nonfree software and no specific recipes for installation of particular nonfree programs. Nor should the distribution refer to third-party repositories that are not committed to only including free software; even if they only have free software today, that may not be true tomorrow.
So in my understanding, those TPPMs which are freely-licensed and don't depend on nonfree software are not the issue. The issue are references (URLs, addresses or references) to the repositories baked in these TPPMs. These repositories "are not committed to only including free software" so they don't align well with the FSDG. Here's a comment explaining a possible solution: https://labs.parabola.nu/issues/1035#note-38