Hey. On Mon, Jan 4, 2016 at 10:13 AM, Bas Wijnen <wij...@debian.org> wrote: > debian-project, or hopefully debian-devel. -project for talking about the > idea, -devel for discussing an implementation.
Mehdi mentioned below that it would already land on debian-devel. So I'm not sure whether it makes sense to post it to debian-project as well, or whether people would get just annoyed because of cross-posting. > Having an implementation ready > hugely improves chances of it being done. The point is, at least for the 2nd part of my original mail, I wouldn't see much implementation work in kinds of code, or is there any? It would probably require some policy changes, the addition of a new suite (e.g. "non-open" or any better name), and identification of such non-free packages that would needed to be moved there. > Yes; I think the conclusion of that discussion was two things: > 1. Different people want different splits. Using something like debtags may > be > more useful, so users can block their own tag selection. At first I had thought one could simply add a package that conflicts any such packages for which there is no source code. But I think (and I'd believe that would apply to your debtags idea as well) that this is much less reliable, as it could be easily forgotten to be added. Having a separate suite for this has the appealing property that any software in it wouldn't even show up in the package management when it wasn't added in sources.list. > 2. The firmware category is special in that pretty much everyone needs it, so > we may want to make that its own section the old way. This allows people > to > use their hardware without enabling any (other) non-free sections and > without worrying about debtags filters (once implemented). But then I'd suggest to have something like e.g. "non-open/firmware", where it would again be easily clear for anyone: beware the code you're about to run is closed and may do anything. The installers could then for example ask: [ ] Do you want to enable non-open/closed-source software (Warning: this means <some security description>) and if this isn't selected there could be a: [ ] You're hardware XYZ was found to require non-open/closed-source firmware to work. Shall non-open firmware be enabled? > I agree that not shipping things (that we are allowed to ship) is a bad idea > most of the time (except if it's because nobody considers it a priority; > giving > upstream an incentive to release their software under a free license is good). > The exception is software that actively hurts the user (malware, spyware). > Which we can only block if we know about it, of course. I recently stumbled over several sites which try to sanitize firefox with several hidden settings in about:config. Seems per default it does all kinds of experiments, send telemetry data, transmits visited URLs to Google (couldn't really find out whether it does so for all Mozilla doesn't really document any of this properly) as well as hashsums of any downloaded file. Sounds quite like spyware. So the problem in the end is that we're in devil's circle. Some software vendors (as one sees: including open source software vendors) try to gain more and more power (e.g. shipping their own "package management", recording all kind of "telemetry" data and so on). The majority remains silent and that behavior gets more and more accepted until there is no way back. :-/ > This is a valid concern, but it shouldn't always be the deciding factor. Many > people (including me) use Debian because it easily allows installing a 100% > free system with a huge choice of packages. If the choice is "move a thing to > non-free, or keep it in main and disable the functionality", those people will > lose the software completely if it's moved to non-free. Well moving something to non-free or the non-open I've proposed should only happen when something really ships or downloads closed-source code. Not because something provides a plugin-system. It seems however quite worrisome, that there are more such big open source projects (Firefox, I think I once read about Chromium doing similar) that go to the dark side and install closed-source code. The distros accept this, and e.g. Debian is doing a good job in trying to prevent such rubbish, but since no one really shouts at these upstream guys such things will rather continue and get more and more difficult to be patched out. First one had OpenH264, on Windows Firefox users already get the Adobe DRM (surely no spyware) goodness. :-/ But it would of course be nice, if one could e.g. tell Debian's Firefox (Iceweasel): don't allow to download/use any add-ons that aren't part of Debian package. Or to tell josm, the same. Or Picard. In the end, I think these are really two distinct issues: - closed-source software in Debian, which I think could be best dealt wih a "non-open" suite (or e.g. "closed-source" or whatever people like best) - software that integrates automatic or manual downloading/installation of further code from 3rd parties, well I don't have a all-in-one solution for that Regards, Philippe
