Freedom Issue #1035

Updated by bill-auger 6 months ago

From a conversation on the gnu-linux-libre mailing list:

A lot of programming languages have own packages managers: npm (CSS/JavaScript), Bower (Web), pip (Python), RubyGems (Ruby), CPAN (Perl), Cargo (Rust), ..."

These things would qualify as "repositories" under the Free System Distribution Guidelines. And they do not limit themselves to only including free software. Until/unless Stallman's ideas of either convincing them to only include free software or develop a free replacement come along I propose disabling such things in Parabola.

UPDATE 2022-04:
summary of the proposed options:
|_.proposal |_.intrusiveness |_.workload |_.effectiveness |_.FSDG-fitness |
| do nothing - ignore it like all other distros do | none | none | none | none |
remove all TPPMs from the repos - do nothing else | none | negligible | total | full |
| add a pacman hook to warn during install | none | negligible | none | dubious |
| move to a new 'dubious/dangerous' 'your-system-sanity' pacman repo | none | medium | partial | dubious |
| disable default TPPM repo, make user-configurable | minimal | medium | total | full |
| disable the search feature | minimal | medium | total | full |
| filter the search feature | minimal | medium | dubious | dubious |
| remove from the repos, accept packaging requests | none | maximal | total | full |
| maintain libre repos as a GNU project | none | maximal | total | full |
| convince the TPPM repos of licensing requirements | none | negligible | dubious | dubious

* "intrusiveness: minimal" because those proposals entail patching the clients
* "workload: medium" because those proposals entail maintaining blacklist replacements for each TPPM, even if unmodified
* "workload: maximal" because those proposals entail the perpetual burden of package curation
* "effectiveness: total" (even if non-free packages are still installable) because those proposals resolve the conflict with the FSDG - namely: they would no longer recommend/suggest/steer-toward non-free
* "effectiveness: partial" because TPPMs would be inaccessible by default - the user would need to re-configure pacman, in order to access them
* "effectiveness: dubious" because the mechanism would rely entirely on the honor and licensing knowledge of the third-party packager
* "filter the search feature" may not be possible for some of these - it is not yet know which, if any, expose licensing information via API/metadata
* "maintain libre repos as a GNU project" is obviously the ideal option; but it is unlikely to happen
* IMHO, "disable default TPPM repo, make user-configurable" has the best chance of being generally acceptable to all (it is exactly my plan for 'octopi')
* although i would prefer "remove from the repos, accept packaging requests" for the language-specific TPPMs