Project

General

Profile

Feature Request #738

Add new Parabola User Repo [PUR] (like AUR)

Anonymous - over 4 years ago - . Updated 6 months ago.

Status:
open
Priority:
discussion
Assignee:
-
% Done:

0%


Description

Add new Parabola User Repo [PUR - like "https://pur.parabola.nu/"] (like AUR "https://aur.archlinux.org/")


Related issues

Related to Packages - Freedom issue #2323: [aurphan][aurpublish][aurvote] Remove from reposconfirmed

Actions

History

#1

Updated by Anonymous over 4 years ago

Add Parabola User Repo [PUR - like "https://pur.parabola.nu/"] with Git-based platform like AUR4

https://aur.archlinux.org/
https://aur4.archlinux.org/
https://wiki.archlinux.org/index.php/Arch_User_Repository#AUR_4

#2

Updated by Anonymous over 4 years ago

  • Assignee changed from fauno to lukeshu
#3

Updated by Anonymous over 4 years ago

  • Priority changed from feature to wish
#4

Updated by lukeshu over 4 years ago

I don't believe I've said this to anyone, but I decided it a while ago: I've given myself the deadline for this of August 8th.

#5

Updated by lukeshu over 4 years ago

Yeah, it's not going to be ready by Saturday. I don't have work next week, so it should be done quickly though.

#6

Updated by alfplayer almost 4 years ago

  • Status changed from open to fixed

lukeshu announced it's up about two months ago: https://lists.parabola.nu/pipermail/dev/2015-November/003551.html

https://pur.parabola.nu/

Bugs about PUR can be filed in the project Servers.

#7

Updated by theova 6 months ago

What is the state about this issue?

I would like to see a PUR as an addition to Parabola.

I'm wlling to get involved into this project. I have no experiences with servers/websites yet, but I could read into it.
What I definitely would be motivated to do is writing articles, testing and/or assisting as an moderator

#8

Updated by freemor 6 months ago

I believe the idea for this was dropped as trying to police it for freedom violations would be insane. We have PCR. Feel free to make a packaging request if there is something that is Libre over in AUR that you think Parabola would benefit from.

see: https://wiki.parabola.nu/Repositories

#9

Updated by Megver83 6 months ago

There used to be a PUR, but then it was removed
https://wiki.parabola.nu/PUR

#10

Updated by theova 6 months ago

I would like to reopen this discussion. I've searched for the last one, but I could not find it.

I see the following arguments for a PUR:
  • When I as a user need free software from the AUR, I check if it is free software. I would like to share my knowledge and inform other users how I have checked the freedom issues.
  • As a user interested in packaging, I would like to gain experiences. [pcr] is not the place for doing this and I don't want to contribute to the AUR since the Parabola users cannot benefit then.
  • The Parabola project and it's hole community have high interests that users learn packaging. Therefore Parabola should provide a playground for this.
  • Potential new package maintainers shold have training with license checking.
  • As a social and community distribution, Parabola has interests to provide a low-barrier way to start contributing.
  • It may not be reasonable to maintain packages with a small amount of users in [pcr]. If one of those users maintain the software for the others, the package has not to be added to [pcr].
  • Currently there are 159 open packaging requests. It doesn't seem possible to close them any time soon.
I think, the potential issues about freedom violations are important. I would address them the following way:
  • Warn users, that "PUR packages are user produced content with no official support. Any use of the provided files is at their own risk." (similar approach as Arch has with the AUR)
  • Let PUR-contributers read and sign a contract (e.g. FSDG, Parabola Social Contract) as a condition for contributions.
  • Teach PUR-contributers how to properly check licences and freedom issues
  • Let PUR package maintainers declare, how they checked the licences.
  • Add a button to "Report as unfree" and block package.
  • Have PUR moderators.

And just as an additional idea: Could we share ressources with hyperbola? Maybe we could have a OUR (Our user repository).

What do you think?

#11

Updated by bill-auger 6 months ago

i raised this issue myself after i started contributing to parabola, making most of the same points that theova did - after it was explained to me, the reasons why there is no user-curated repository, made perfect sense

the reason that parabola does not host a user repository is because there is too much potential for something no-free to slip in - most of the work of adopting a new package is in auditing the licensing - after that is done, the business of packaging and maintaining the package is almost negligible in most cases - it would be great if some users wanted to help with licensing audits, even better with some public record provided by a tool like fossology; but once a code-base has been verified to be FSDG-compliant, theres very little reason not to simply add the package to the [pcr] repo

if its not to be done that way, then it would be best if parabola users hosted a new website for that purpose, perhaps in co-operation with hyperbola users - such a website would not need to be endorsed by parabola; and it would be entirely upon the moderators to decide what goes into it and what does not - of course, it should be obvious that such a website already exists now: the AUR

practically speaking, in its simplest form, this suggestion could be accomplished without a new website, by using the existing AUR and modifying one of the AUR helper programs to filter packages - for example, only indexing PKGBUILDs published by certain trusted user-IDs on a whitelist

but i should also add that there is another reason why parabola does not have AUR helpers now - that is because they are actually a 3rd-party package manager, and the use of any such program simply can not be recommended; because they can cause conflicts with the official software on the system - also, it is nearly impossible to filter only verified packages; because none of the packages are verified - many do not even declare a license - if we were to consider this proposal seriously, it would be an over-sight to ignore the general issue of 3rd-party package managers, including rubygems, pip, nodejs, and others

so i would throw onto the workload that this proposal entails, complete curated libre repos for ruby, python, and javascript packages; and that is a lot of work - currently, the most feasible suggestion is to remove most of the 3rd-party package managers from parabola; so that may help to explain why adding a new one is not to be taken lightly

#12

Updated by theova 6 months ago

I disagree in comparing a PUR to be just another 3rd-party package maager. pip, nodejs and others. The huge different would be, that a PUR would be designed by the Parabola community with freedom in mind and agreement over FSDG. This lowers the risk for incuding non-free software. Today, we already have the risk, that users talk/write about nonfree-software in the wiki/irc/forum associated with Parabola.

Altough we should take the issue serious, the FSDG admits, that there might be mistakes:

Most distribution development teams don't have the resources to exhaustively check that their distribution meet all these criteria. ... Our requirement is for the distribution developers to have a firm commitment to promptly correct any mistakes that are reported to them.

bill-auger wrote:

if its not to be done that way, then it would be best if parabola users hosted a new website for that purpose

That might be a way to go. But the AUR is not the right place for contributing to Parabola. I don't want to add my package to the AUR while we are (justifiedly) keeping users away from the AUR.

If we all agree on this statement, I see the following questions:

  • How can users help to check the licenses? What are the necessary steps to show that the software is FSDG-compliant?
  • Are there already any guidelines for this?
  • I think the "If there is a package in AUR that you would like, you are encouraged to open a package request so that one of the Parabola contributors may pick it up and add it to [pcr]." [wiki] is a way too passive. I think we should actively encourage users to contribute to Parabola.
  • The question "How potential package maintainers learn the necessary skills?" is still unclear to me. Again the [wiki]: "Having practiced with the amazing AUR is a good experience." How can we provide practicing without an AUR/PUR?
#13

Updated by bill-auger 6 months ago

  • Priority changed from wish to discussion
  • Assignee deleted (lukeshu)
  • Status changed from fixed to open
  • Tracker changed from Bug to Feature Request

theova wrote:

The huge different would be, that a PUR would be designed by the Parabola community with freedom in mind and agreement over FSDG. This lowers the risk for incuding non-free software.

it we be more equivalent to the haskell cabal package manager, in that they have a strict policy about free licenses; but licensing is not the most important concern - any 3rd-party software can break the system if installed with root privileges, and PKGBUILDs always are - that is the main reason why they are not recommended not supported

theova wrote:

That might be a way to go. But the AUR is not the right place for contributing to Parabola. I don't want to add my package to the AUR while we are (justifiedly) keeping users away from the AUR.

there is no reason not to use the AUR for this - no one is keeping anyone away from the AUR - it simply is not recommended and not supported; but arch does not recommend nor support it either, and a new PUR would not be recommended nor supported either - if there were a modified AUR helper program, that could be suggested on the wiki and users of that program would never need to visit any website, so it would make no difference whether the PKGBUILDs were hosted by parabola or by arch - only the packagers would need to know they were actually using the AUR

so, its not very important on which website the packages are hosted except perhaps for the web interface - im sure it would not be much trouble to setup a clone of the AUR website - the one small feature gained by parabola hosting it, would be the voting feature to decide which packages make it into the main repos - but really, thats already how it is now - if multiple people keep nagging for a package it is more likely someone will add it

theova wrote:

How can users help to check the licenses? What are the necessary steps to show that the software is FSDG-compliant?
Are there already any guidelines for this?

the FSDG is a set of guidelines - that is exactly and entirely what it is; but it does not go into much detail - all of the criteria are explained in detail in various documents scattered about the GNU website - for license auditing, one must be familiar with the common licenses, which files they cover, and which other licenses they conflict with - the GPL license compatibility list can be a reference - licensing is likely to be unclear or misleading, especially with permissive licenses - people quite often need to ask the FSF for clarification regarding some new or uncommon license, or combination of licenses, or how to interpret the guidelines - i have myself on several occasions

theova wrote:

The question "How potential package maintainers learn the necessary skills?" is still unclear to me. Again the [wiki]: "Having practiced with the amazing AUR is a good experience." How can we provide practicing without an AUR/PUR?

we can not provide practicing - only practice provides practice - the arch wiki has extensive documentation about packaging already, and does not need to publish anything for the purpose of practice - everything important to learn can be done on your local computer without internet - the most that we could do is to describe some of the common things to look for regarding licensing

#14

Updated by theova 6 months ago

Ok. I think the oppinions are not that opposite. For me, it would be reasonable that the PUR is whether supported nor recommend by Parabola.

If anyone else is interested in building and hosting a "free AUR", I would be interested in further discussions.

As long as this is not the case, I will spend my resources on contributing to the [pcr].
I have a few questions about how to do this, see #2322.

#15

Updated by bill-auger 6 months ago

Also available in: Atom PDF