Hi, just a quick note to begin: Please do not cross-post to multiple mailing lists because it tends to cause confusion for everyone reading those lists. I have included only guix-devel in the CC list for this reply.
On Wed, Nov 20, 2019 at 5:02 AM Raghav Gururajan <raghavgurura...@disroot.org> wrote: > > (b) Facilitation of non-free information/code/program/software: > As per FSDG, free system should neither steer users nor refer to third- > party repositories, to obtain information/code/program/software that > can contain non-free parts. Let's consider the same two main things > provided by Guix, that are, (i) Package Definitions (Scheme Code) and > (ii) Subsitiutes (Pre-Built Binary). If we take substitutes,they are > pre-built binaries, built on the guix build farm, where the source is > obtained, de-blobbed (if required) and compiled. Since guix provides > substitutes only for free software/programs, there is no facilitation > of non-free information/code/program/software here. If we take the > package definitions, that is were issue rises. When no substitutes are > available or when the program/software is chosen to be built, guix on > the user's system does this: downloads source directly from upstream > (along with non-free parts if it contains), then strips out non-free > parts (if any), then builds and installs binaries. So these package > definitions, contains information/lines-of-code, that steer users or > refer to third-party repositories, to obtain > information/code/program/software that can contain non-free parts. > Therefore, Guix DOES violate FSDG in this aspect. I believe this is incorrect and I will explain why. This exact circumstance was brought up in the early days of the Guix project when FSDG compliance was a big topic of discussion because Ludovic and RMS were making sure that Guix conformed to it. It is true that Guix will download source archives for packages that *may* contain files with a nonfree license. However, Guix has a special mechanism developed specifically to deal with this issue. In Guix, the <origin> data type is used to store information about a package's source code. In this data structure there is a field called "snippet" which may contain a custom procedure written by the person that wrote the package. The role of the snippet procedure is to *remove* any files in the source archive that are not freely licensed. The result is a new source archive that contains only freely licensed files. The most important part of this process is that the original source archive is *never* accessible to the Guix user via any Guix tools. The original archive is discarded and does not end up in the canonical location for Guix data: /gnu/store. Thus, running `guix build --source problematic-package` will only ever return the cleaned archive, never the original with nonfree files. Therefore, Guix has taken sufficient technical measures to avoid steering its user towards nonfree software and thus Guix is compliant with the FSDG. Hope this helps, - Dave
