Project

General

Profile

Packaging Request #3225

[nyxt][libfixposix] Minimalistic browser written in a dialect of Lisp

gap - 10 months ago - . Updated 10 months ago.

Status:
open
Priority:
bug
Assignee:
-
% Done:

0%


Description

In #3224, doolio was using a now-blacklisted package to install nyxt. I say we package it so doolio, and others in future, need not rely on the AUR, a non-FSDG-compliant repo. This project also seems interesting because it's one of the few large programs written in a dialect of Lisp.

I checked the project and it appears to be free, along with all its dependencies, one of which (libfixposix) need also be packaged for nyxt to have its dependency requirements satisfied in the Parabola repos. Both packages already exist in the AUR.

An accompanying nonprism version of nyxt which depends on nonprism/webkit2gtk would be preferred by the privacy-conscious.

I do not know whether nyxt would need to be cleaned up in any other way for inclusion in Parabola, eg. to remove spyware preset recommendation links.

History

#1

Updated by bill-auger 10 months ago

applying the usual desirability/workload ratio, this is "yet another web browser" - last i checked, parabola has over 20 web browsers (a new one: "otter-browser" was added just yesterday) - that puts the desirability factor extremely low for any new web browser - in short, someone would need to demonstrate that any new web browser has a relatively high factor of unique desirability, or the answer is probably "no" on the face of it

on the "workload" side of the equation, most of those 20 come directly from arch with no libre modifications necessary (the workload is effectively zero) - otter-browser was added, not because it had any special desirability; but only because arch re-packaged it, in a way to allowed it to be simply removed from the blacklist

despite that parabola has plenty of web browsers already, and that more continue to be added to arch, new web browsers are among the most common packaging requests (iceweasel-uxp, palemoon, waterfox, librewolf, and more) - so common, that there is a ticket collecting them (see comment #10 of ticket #2165 for a partial inventory)

as i mentioned on #3224, there is a plan to integrate git into octopi, to make octopi something like an AUR helper (#1035) - if that is done, it would provide the primary convenience that people use asp or AUR helpers for: circumventing 'your-freedom', to keep a blacklisted or AUR package installed and up-to-date); but parabola could provide that convenience feature, in that way, within the FSDG, and with minimal maintenance workload - completing that task, would be a far better use of developer time, rather than packaging new web browser (or most anything from the AUR, really)

#2

Updated by gap 10 months ago

I understand the practical limitations and agree with your assessment of them, but I don't think doing anything which facilitates or pushes users towards unsupported, non-FSDG-compliant repos is the solution.

If people have a trivial way of bypassing your-freedom, then they will; it's a self-fulfilling prophecy; people usually take the path of least resistance over pausing to ponder the implications of each and every action. Is it not our duty to make Parabola protect the users' freedom by default, the only override switch being the removal of your-freedom, the act of attempting to do so being designed deliberately and specifically to make people pause and ponder the decision given the literal semantics encoded in the action?

Moreover, wouldn't AUR helpers automatically be blacklisted due to violation of the FSDG, more specifically being software specifically designed to facilitate the usage of a non-FSDG-compliant repo? As such, isn't the best option within the conditions of the FSFG to directly package programs, thereby making them a part of Parabola's native repos?

See also: <https://labs.parabola.nu/boards/7/topics/1228>

#3

Updated by bill-auger 10 months ago

wouldn't AUR helpers automatically be blacklisted due to ... the usage of a non-FSDG-compliant repo?

AUR helpers are blacklisted, for exactly that reason - the idea for octopi would not be "specifically designed to facilitate the usage of a non-FSDG-compliant repo" - it would be designed to use no third-party repos by default - it would merely be "able" to be configured to pull from an arbitrary git repo which contains a PKGBUILD (ABS and the AUR happen to be such git repos) - it would need to be configured to do so, explicitly and manually; and the program would offer no suggestions for which repos to use

simply making it compatible with self-hosted personal PKGBUILD repos (eg: https://my-server.me/my-git-repo.git) would automatically make it compatible with the AUR, github, or whatever generically; because those are all generic git repos - because it is only a generic feature with no specific suggestions, it is within the FSDG

isn't the best option to directly package programs

yes, but that would entail adding every program which every parabola user asks for, then keeping them all up-to-date, forever into the future, without knowing if anyone is still using it - no distro does that - it would be better if one (at least) of that program's users would maintain the package

#4

Updated by gap 10 months ago

I think package managers should display some sort of freedom warning when not using repos known to be FSDG-compliant, eg. "Warning! Only the preset repositories are known to be FSDG-compliant, wheras others may contain proprietary packages. It is advised to exercise caution and to make sure all packages you are about to install are libre."

In this way, we alert users to the danger of what they might be about to do, and give them a chance to pause and ponder their actions before resorting to non-FSDG-compliant repos.

Wouldn't telling people something akin to, "Hey, this package ain't in the Parabola repos, we ain't putting it there unless it's worth it, so try installing octopi/$PKG_MNGR and have fun!" be a not-so-subtle hint to go and use repos which might contain proprietary packages? I sympathise with the gargantuan workload associated with packaging, but I feel that anything less than having a package in the vetted (with a promise to remove non-FSDG-compliant packages) repos is motivation to slide down the slippery slope towards losing freedom by using non-FSDG-compliant repos.

I don't see a truly sustainable solution aside from a hypothetical universal package manager which reduces the duplication of effort amongst repos and packaging workloads, alongside a hypothetical FSDG-compliant universal package format repo. Until this pipe-dream occurs, we are burdened with doing what we already are, in addition to bringing new people on board, and the training workload associated with it.

#5

Updated by bill-auger 10 months ago

it would not be a "universal package manager" - no one would suggest to use any third-party repos - it would not need to - it could have a very explicit warning as you suggested; but it is not required, any more than iceweasel should have a explicit warning, always visible beneath the address bar: "WARNING: some websites offer downloads of non-free software - in fact, most websites ARE non-free software"

if there is more to discuss WRT package managers, add it to #1035 - this is drifting off-topic

Also available in: Atom PDF