Freedom Issue #1035

Updated by bill-auger 9 months ago

From a conversation on the gnu-linux-libre mailing list:

A lot of programming languages have own packages managers: npm (CSS/JavaScript), Bower (Web), pip (Python), RubyGems (Ruby), CPAN (Perl), Cargo (Rust), ..."

These things would qualify as "repositories" under the Free System Distribution Guidelines. And they do not limit themselves to only including free software. Until/unless Stallman's ideas of either convincing them to only include free software or develop a free replacement come along I propose disabling such things in Parabola.

UPDATE 2022-04:
summary of the proposed options:
|_.proposal |_.intrusiveness |_.workload |_.effectiveness |_.FSDG-fitness |
| remove from the repos | none | negligible | total | full |
| add a pacman hook to warn during install | none | negligible | none | dubious |
| move to a new 'your-system-sanity' pacman repo | none | medium | partial | dubious |
| disable default TPPM repo, make user-configurable | minimal | medium | total | full |
| disable the search feature | minimal | medium | total | full |
| filter the search feature | minimal | medium | dubious | dubious |
| remove from the repos, accept packaging requests | none | maximal | total | full |
| maintain libre repos as a GNU project | none | maximal | total | full |

* "intrusiveness: minimal" because those proposals entail patching the clients
* "workload: medium" because those proposals entail maintaining blacklist replacements
replacements for each TPPM, even if unmodified
* "workload: maximal" because those proposals entail of the perpetual burden of
* "filter the search feature" may not be possible for some of these -
it is not yet know which, if any, expose licensing information via API/metadata API/metadate
* "maintain libre repos as a GNU project" is obviously the ideal option;
but it is probably never going to happen
* IMHO, "disable default TPPM repo, make user-configurable" has the best chance
of being generally acceptable to all (it is exactly my plan for 'octopi');
although though i would prefer "remove from the repos, accept packaging requests"
for the language-specific TPPMs