On Thu, 30 Nov 2017 at 09:31:57 -0800, Josh Triplett wrote: > Ian Jackson wrote: > > The obvious example is web browsers with extension repositories > > containing both free and non-free software.
Another example that seems obvious in the context of Debian is libapt frontends. Like a web browser with extensions, a libapt frontend will happily install whatever packages it's pointed at. Some frontends, like apt(1), do what they're told and give no indication of the freeness or otherwise of what they're downloading. Other frontends, like aptitude and GNOME Software, make an attempt to indicate which packages are free and which are not (aptitude by knowing about the Section field, GNOME Software by reading AppStream metadata). I say "make an attempt" because both are dependent on the metadata provided by their source of packages matching their expectations. aptitude claims the packages in http://repo.steampowered.com/steam/ are in "The main Debian archive" (I've opened a bug), while GNOME Software can't say anything about repositories or packages that don't have AppStream metadata. I don't think it is or should be considered a bug that libapt frontends don't ask for confirmation before installing non-free software: they are just doing what the user asked them to do. IMO policing users' software choices is not, and should not be, our job. There is another very common way a web browser can offer to install non-free software: it can be directed to a website where non-free software (some of it in native Linux binaries, even) is made available, like gog.com. That clearly isn't a bug or a lack of freeness in the browser, and we shouldn't have policies that might be interpreted to imply that it was. > - Packages in main may provide a mechanism for the user to download and > install other software (e.g. extensions) from a collection of such > software. If they do, that mechanism should (note: not "must", and > this should not change to become stricter in the future) either > require that all software in the collection be Free Software, *or* > make it easy for the user to determine the license of the software > they're installing. This is a higher standard than the one we hold libapt frontends to. Most libapt frontends only tell me whether the software is Free, not its precise licensing. I think that's reasonable. smcv
