Freedom Issue #1035
Updated by bill-auger almost 2 years ago
From a conversation on the gnu-linux-libre mailing list:
http://lists.nongnu.org/archive/html/gnu-linux-libre/2016-04/msg00070.html
http://lists.nongnu.org/archive/html/gnu-linux-libre/2016-04/msg00116.html
A lot of programming languages have own packages managers: npm (CSS/JavaScript), Bower (Web), pip (Python), RubyGems (Ruby), CPAN (Perl), Cargo (Rust), ..."
These things would qualify as "repositories" under the Free System Distribution Guidelines. And they do not limit themselves to only including free software. Until/unless Stallman's ideas of either convincing them to only include free software or develop a free replacement come along I propose disabling such things in Parabola.
---
UPDATE 2022-04:
summary of the proposed options:
|_.proposal |_.intrusiveness |_.workload |_.effectiveness |_.FSDG-fitness |
| remove from the repos | none | negligible | total | full |
| add a pacman hook to warn during install | none | negligible | none | dubious |
| move to a new 'your-system-sanity' pacman repo | none | medium | partial | dubious |
| disable default TPPM repo, make user-configurable | minimal | medium | total | full |
| disable the search feature | minimal | medium | total | full |
| filter the search feature | minimal | medium | dubious | dubious |
| remove from the repos, accept packaging requests | none | maximal | total | full |
| maintain libre repos as a GNU project | none | maximal | total | full |
NOTES: NOTES/RATIONALE:
* "intrusiveness: minimal" because those proposals entail patching the clients
* "workload: medium" because those proposals entail maintaining blacklist
replacements for each TPPM, even if unmodified
* "workload: maximal" because those proposals entail the perpetual burden of
package curation
* "effectiveness: total" (even if non-free packages are still installable)
because those proposals resolve the conflict with the FSDG -
namely: they would it no longer recommend/suggest/steer-toward non-free recommends/suggests/steers-toward
* "effectiveness: partial" because TPPMs would be inaccessible by default -
the user would need to re-configure pacman, in order to access them
* "effectiveness: dubious" because the mechanism would rely entirely
on the honor and licensing knowledge of the third-party packager -
IIRC, this was discussed long ago, WRT AUR helpers; and it was decided
to exclude all AUR helpers, rather than patching them to filter based on
the PKGBUILD 'license' array
* "filter the search feature" may not be possible for some of these - it is
not yet know which, if any, expose licensing information via API/metadata
* "maintain libre repos as a GNU project" is obviously the ideal option;
but it is unlikely probably never going to happen
* IMHO, "disable default TPPM repo, make user-configurable" has the best chance
of being generally acceptable to all (it is exactly my plan for 'octopi')
* 'octopi');
although i would prefer "remove from the repos, accept packaging requests"
for the language-specific TPPMs
http://lists.nongnu.org/archive/html/gnu-linux-libre/2016-04/msg00070.html
http://lists.nongnu.org/archive/html/gnu-linux-libre/2016-04/msg00116.html
A lot of programming languages have own packages managers: npm (CSS/JavaScript), Bower (Web), pip (Python), RubyGems (Ruby), CPAN (Perl), Cargo (Rust), ..."
These things would qualify as "repositories" under the Free System Distribution Guidelines. And they do not limit themselves to only including free software. Until/unless Stallman's ideas of either convincing them to only include free software or develop a free replacement come along I propose disabling such things in Parabola.
---
UPDATE 2022-04:
summary of the proposed options:
|_.proposal |_.intrusiveness |_.workload |_.effectiveness |_.FSDG-fitness |
| remove from the repos | none | negligible | total | full |
| add a pacman hook to warn during install | none | negligible | none | dubious |
| move to a new 'your-system-sanity' pacman repo | none | medium | partial | dubious |
| disable default TPPM repo, make user-configurable | minimal | medium | total | full |
| disable the search feature | minimal | medium | total | full |
| filter the search feature | minimal | medium | dubious | dubious |
| remove from the repos, accept packaging requests | none | maximal | total | full |
| maintain libre repos as a GNU project | none | maximal | total | full |
NOTES: NOTES/RATIONALE:
* "intrusiveness: minimal" because those proposals entail patching the clients
* "workload: medium" because those proposals entail maintaining blacklist
replacements for each TPPM, even if unmodified
* "workload: maximal" because those proposals entail the perpetual burden of
package curation
* "effectiveness: total" (even if non-free packages are still installable)
because those proposals resolve the conflict with the FSDG -
namely: they would it no longer recommend/suggest/steer-toward non-free recommends/suggests/steers-toward
* "effectiveness: partial" because TPPMs would be inaccessible by default -
the user would need to re-configure pacman, in order to access them
* "effectiveness: dubious" because the mechanism would rely entirely
on the honor and licensing knowledge of the third-party packager -
IIRC, this was discussed long ago, WRT AUR helpers; and it was decided
to exclude all AUR helpers, rather than patching them to filter based on
the PKGBUILD 'license' array
* "filter the search feature" may not be possible for some of these - it is
not yet know which, if any, expose licensing information via API/metadata
* "maintain libre repos as a GNU project" is obviously the ideal option;
but it is unlikely probably never going to happen
* IMHO, "disable default TPPM repo, make user-configurable" has the best chance
of being generally acceptable to all (it is exactly my plan for 'octopi')
* 'octopi');
although i would prefer "remove from the repos, accept packaging requests"
for the language-specific TPPMs