Freedom Issue #3530
Repo Sync Happened without Filtering!
Seems like the latest repo sync happened without filtering pulling in non-free software from upstream.
You can find packages such as linux, linux-firmware, chromium, firefox, electron...etc
Few days ago I pushed this commit in the blacklist repository:
commit cb48ffefa62ebc268e35661f549d03b53d0865cb Author: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org> Date: Thu Sep 14 18:24:43 2023 +0200 Add back rp-pppoe Older versions of rp-pppoe were including "nonfree software recommendation (ServPoET)" and so they were patched with libre.patch. But now Arch Linux uses rp-pppoe 4.0, and there the only mention of ServPoET is in src/plugin.c: $ grep -i ServPoET -r * src/plugin.c: /* Set remote_number for ServPoET */ and we don't have files named in this way anymore: $ find -iname "*ServPoET*" so this makes the libre.patch used not necessary anymore, so we can now safely use Arch Linux package. Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
So it's probably related.
PS: Note that at least users are still protected by your-freedom but Parabola is probably redistributing nonfree software.
Updated by bill-auger 18 days ago
yep i noticed this too - good to see so many others noticed immediately also - this will be my first task today
it is definitely not related to blacklist.git though - IIRC, i disabled the import script downloading the blacklist file on-the-fly; because cgit fails or stalls sometimes - i made it reference the installed 'your-freedom' file instead - so even if blacklist.git was somehow corrupted, it could not influence the package imports until someone manually upgrades the 'your-freedom' package on winston
Updated by bill-auger 17 days ago
can you identify some by name? - maybe those were present before, for a different reason
i still can not explain why it happened - i did nothing to correct for it yet - the first thing i wanted to do was to save the debug logs, and let the scheduled import run normally; because i suspected that this was just a fluke that would fix itself - and apparently it did
there was one curious correlated event - around the time of the sync yesterday, parabolaweb posted about two dozen error emails to the maintenance list, all within a few minutes, and only those few minutes - i dont suppose that parabolaweb plays any role in the repo imports; but it does suggest that the server was having a bad hair day around that same time