Add Parabola User Repo [PUR - like "https://pur.parabola.nu/"] with Git-based platform like AUR4

https://aur.archlinux.org/
https://aur4.archlinux.org/
https://wiki.archlinux.org/index.php/Arch_User_Repository#AUR_4

I don't believe I've said this to anyone, but I decided it a while ago: I've given myself the deadline for this of August 8th.

Yeah, it's not going to be ready by Saturday. I don't have work next week, so it should be done quickly though.

What is the state about this issue?

I would like to see a PUR as an addition to Parabola.

I'm wlling to get involved into this project. I have no experiences with servers/websites yet, but I could read into it.
What I definitely would be motivated to do is writing articles, testing and/or assisting as an moderator

I believe the idea for this was dropped as trying to police it for freedom violations would be insane. We have PCR. Feel free to make a packaging request if there is something that is Libre over in AUR that you think Parabola would benefit from.

see: https://wiki.parabola.nu/Repositories

There used to be a PUR, but then it was removed
https://wiki.parabola.nu/PUR

I would like to reopen this discussion. I've searched for the last one, but I could not find it.

• When I as a user need free software from the AUR, I check if it is free software. I would like to share my knowledge and inform other users how I have checked the freedom issues.
• As a user interested in packaging, I would like to gain experiences. [pcr] is not the place for doing this and I don't want to contribute to the AUR since the Parabola users cannot benefit then.
• The Parabola project and it's hole community have high interests that users learn packaging. Therefore Parabola should provide a playground for this.
• Potential new package maintainers shold have training with license checking.
• As a social and community distribution, Parabola has interests to provide a low-barrier way to start contributing.
• It may not be reasonable to maintain packages with a small amount of users in [pcr]. If one of those users maintain the software for the others, the package has not to be added to [pcr].
• Currently there are 159 open packaging requests. It doesn't seem possible to close them any time soon.

• Warn users, that "PUR packages are user produced content with no official support. Any use of the provided files is at their own risk." (similar approach as Arch has with the AUR)
• Let PUR-contributers read and sign a contract (e.g. FSDG, Parabola Social Contract) as a condition for contributions.
• Teach PUR-contributers how to properly check licences and freedom issues
• Let PUR package maintainers declare, how they checked the licences.
• Add a button to "Report as unfree" and block package.
• Have PUR moderators.

And just as an additional idea: Could we share ressources with hyperbola? Maybe we could have a OUR (Our user repository).

What do you think?

i raised this issue myself after i started contributing to parabola, making most of the same points that theova did - after it was explained to me, the reasons why there is no user-curated repository, made perfect sense

the reason that parabola does not host a user repository is because there is too much potential for something no-free to slip in - most of the work of adopting a new package is in auditing the licensing - after that is done, the business of packaging and maintaining the package is almost negligible in most cases - it would be great if some users wanted to help with licensing audits, even better with some public record provided by a tool like fossology; but once a code-base has been verified to be FSDG-compliant, theres very little reason not to simply add the package to the [pcr] repo

if its not to be done that way, then it would be best if parabola users hosted a new website for that purpose, perhaps in co-operation with hyperbola users - such a website would not need to be endorsed by parabola; and it would be entirely upon the moderators to decide what goes into it and what does not - of course, it should be obvious that such a website already exists now: the AUR

practically speaking, in its simplest form, this suggestion could be accomplished without a new website, by using the existing AUR and modifying one of the AUR helper programs to filter packages - for example, only indexing PKGBUILDs published by certain trusted user-IDs on a whitelist

but i should also add that there is another reason why parabola does not have AUR helpers now - that is because they are actually a 3rd-party package manager, and the use of any such program simply can not be recommended; because they can cause conflicts with the official software on the system - also, it is nearly impossible to filter only verified packages; because none of the packages are verified - many do not even declare a license - if we were to consider this proposal seriously, it would be an over-sight to ignore the general issue of 3rd-party package managers, including rubygems, pip, nodejs, and others

so i would throw onto the workload that this proposal entails, complete curated libre repos for ruby, python, and javascript packages; and that is a lot of work - currently, the most feasible suggestion is to remove most of the 3rd-party package managers from parabola; so that may help to explain why adding a new one is not to be taken lightly

I disagree in comparing a PUR to be just another 3rd-party package maager. pip, nodejs and others. The huge different would be, that a PUR would be designed by the Parabola community with freedom in mind and agreement over FSDG. This lowers the risk for incuding non-free software. Today, we already have the risk, that users talk/write about nonfree-software in the wiki/irc/forum associated with Parabola.

Altough we should take the issue serious, the FSDG admits, that there might be mistakes:

Most distribution development teams don't have the resources to exhaustively check that their distribution meet all these criteria. ... Our requirement is for the distribution developers to have a firm commitment to promptly correct any mistakes that are reported to them.

bill-auger wrote:

if its not to be done that way, then it would be best if parabola users hosted a new website for that purpose

That might be a way to go. But the AUR is not the right place for contributing to Parabola. I don't want to add my package to the AUR while we are (justifiedly) keeping users away from the AUR.

If we all agree on this statement, I see the following questions:

• How can users help to check the licenses? What are the necessary steps to show that the software is FSDG-compliant?
• Are there already any guidelines for this?
• I think the "If there is a package in AUR that you would like, you are encouraged to open a package request so that one of the Parabola contributors may pick it up and add it to [pcr]." [wiki] is a way too passive. I think we should actively encourage users to contribute to Parabola.
• The question "How potential package maintainers learn the necessary skills?" is still unclear to me. Again the [wiki]: "Having practiced with the amazing AUR is a good experience." How can we provide practicing without an AUR/PUR?

Ok. I think the oppinions are not that opposite. For me, it would be reasonable that the PUR is whether supported nor recommend by Parabola.

If anyone else is interested in building and hosting a "free AUR", I would be interested in further discussions.

As long as this is not the case, I will spend my resources on contributing to the [pcr].
I have a few questions about how to do this, see #2322.