Freedom Issue #1035

Updated by bill-auger 9 months ago

From a conversation on the gnu-linux-libre mailing list:

A lot of programming languages have own packages managers: npm (CSS/JavaScript), Bower (Web), pip (Python), RubyGems (Ruby), CPAN (Perl), Cargo (Rust), ..."

These things would qualify as "repositories" under the Free System Distribution Guidelines. And they do not limit themselves to only including free software. Until/unless Stallman's ideas of either convincing them to only include free software or develop a free replacement come along I propose disabling such things in Parabola.

UPDATE 2022-04:
summary of the proposed options:
|_.proposal |_.intrusiveness |_.workload |_.effectiveness |_.FSDG-fitness |
| remove from the repos | none | negligible | total | full |
| add a pacman hook to warn during install | none | negligible | none | dubious |
| move to a new 'your-system-sanity' pacman repo | none | medium | partial | dubious |
| disable default TPPM repo, make user-configurable | minimal | medium | total | full |
| disable the search feature | minimal | medium | total | full |
| filter the search feature | minimal | medium | dubious | dubious |
| remove from the repos, accept packaging requests | none | maximal | total | full |
| maintain libre repos as a GNU project | none | maximal | total | full |

* "intrusiveness: minimal" because those proposals entail patching the clients
* "workload: medium" because those proposals entail maintaining blacklist
replacements for each TPPM, even if unmodified
* "workload: maximal" because those proposals entail the perpetual burden of
package curation
* "effectiveness: partial" because TPPMs would be inaccessible by default -
the user would need to re-configure pacman, in order to access them
* "effectiveness: dubious" because the mechanism would rely entirely
on the honor and licensing knowledge of the third-party packager -
IIRC, this was discussed long ago, WRT AUR helpers; and it was decided
to exclude all AUR helpers, rather than patching them to filter based reply on
the PKGBUILD 'license' array
* "filter the search feature" may not be possible for some of these -
it is
not yet know which, if any, expose licensing information via API/metadata
* "maintain libre repos as a GNU project" is obviously the ideal option;
but it is probably never going to happen
* IMHO, "disable default TPPM repo, make user-configurable" has the best chance
of being generally acceptable to all (it is exactly my plan for 'octopi');
although i would prefer "remove from the repos, accept packaging requests"
for the language-specific TPPMs