Re: Next Steps For the Software Heritage Problem (Dale Mellor)
On Thu, 20 Jun 2024 14:43:30 -0700 Andy Tai wrote: > > Date: Wed, 19 Jun 2024 09:36:29 +0100 > > From: Dale Mellor > > I use Guix as a tool to develop my own projects, private and > > personal for reasons I'm keeping to myself. As part of that I write package > > definitions for them, and use the Guix machinery to build and test. I > > *cannot* > > have Guix just giving my code away to anybody, that is just fundamentally > > wrong. > > > If you release software as free software, you are giving away > software, to anybody and everybody. Legally yes. But I think Dale talks about the social rules that I have been repeating in these threads :) > > We need to ask what is Guix? A free operating system, a framework for > > developing free operating systems, or a more generic tool for software > > development and deployment? If the latter it *cannot* do nefarious things > > without explicit consent. > > Guix is a free operating system _and_ a generic tool for software > development and deployment. It makes no sense to say it does nefarious > things > without explicit consent. Just like you cannot try to prohibit GNU > Make from being used to do nefarious things like building malware. > You cannot place usage restriction on free software. We already do tho! We restrict what one can do if they interact with GPL code. Aside from that even Guix uploading all code from the packages to SWH that basically feeds it to a LLM model is indeed not honoring consent of the author of the package. What you can do legally doesn't matter if you are an asshole after all. So in this context it absolutely makes sense. Because we have social rules around consent and Guix doesn't seem to be following them currently. MSavoritias
About SWH, let avoid the wrong discussion
Hi all, For the record, the Software Heritage initiative is supportive of the Guix project since years. It means that members of Guix community have or had interactions with Software Heritage (SWH) teams since years. For example, the blog post “Connecting reproducible deployment to a long-term source code archive” [1] published in 2019. And more recently, the scientific communication “Source Code Archiving to the Rescue of Reproducible Deployment” [2]. Almost 6 years of friendly interactions and shared values. Could we avoid to express definitive opinions based on partial considerations about multi-dimensional topics? Since years, several members of Guix community are helped in one way or the other by SWH team members in improving free software ecosystem. Well, I speak for myself: I have been invited to several events organized by SWH and it’s up to you to trust me when I say: SWH team works very hard to embrace all the diversity of FOSS communities. For example, I recently attended to a talk organized by SWH about Commons; that talk had been a very good food for thought and maybe it could feed our current discussion about governance/sociocracy via comments here or there I could commit, I do not know, maybe. Well, I am very grateful for the opportunity to interact with SWH teams. For the record, SWH provided various supports for the organization of 10 Years of Guix, back in 2022. Please remember that SWH team members were there and some stayed all the three days; probably because we are a nice community? All the video stream and good videos of the 10 Years of Guix event you probably watched or maybe watch again is because the tireless work of multi-hats person (Debian Developer, Debian Video Team, … and working at SWH) helped by Guix community members. Please check the Copyright header for the subcommand “guix locate”. Yes, it had been partly written by one SWH team member because, yes they run Guix. Yes, their day-job is at SWH and they are also part of our Guix community by contributing to Guix source code. Now, you take it as it is: I am sad by what people are concluding! Yes I understand why people are angry. Yes discussions must happen. However, I was expecting more benefit of the doubt considering history and track record. Hum, even, maybe, I am asking myself if Guix community is indeed nice or if this time the community is just harsh and unfair. Do we forget the track record and the common history? Then, for what my opinion is worth, fighting against SWH while thinking it’s fighting against LLM/AI is the wrong fight. Because 1. we are all in the team. And 2. because SWH could be a facilitator for helping in some regulations, maybe, I do not know. Somehow, I agree with Ekaitz. You take it as it is: I was expecting more humility by Guix community members. Do you really think that a collective of people involved in various FOSS communities with different roles, dedicating their free time to free software or open source movements, do you think they are the bad actors here? My humility tells me, as I expressed several times, nothing is ignored. Yes I also got the point about the lack of transparency. As I said above, FWIW, I am in touch with SWH team. Well, I do not have special information from SWH and I trust them to have listened or are still listening various communities. So my understanding is: work is in progress… Somehow, wait and see. Yes I know we cannot wait forever. Again, do we forget the track record and the common history? Do we consider that a multi-layers topic involving legal or ethics questions is straightforward to articulate? My humility tells me to wait to have clear and better understanding about SWH motivations, their rationale, the measures and counter-measures they maybe have in mind. Be patient and tolerant as I am with my friends. Long enough email and thread. That’s all from me! :-) My last message. Not because I am bored but because one week of holidays is starting now for me. ;-) 1: https://guix.gnu.org/en/blog/2019/connecting-reproducible-deployment-to-a-long-term-source-code-archive/ 2: https://hal.science/hal-04586520v1 Cheers, simon
Re: Next Steps For the Software Heritage Problem
On Thu, 2024-06-20 at 22:59 +0200, Ekaitz Zarraga wrote: > Hi, > > On 2024-06-20 22:54, Andreas Enge wrote: > > Am Thu, Jun 20, 2024 at 07:42:44PM +0100 schrieb Dale Mellor: > > > I'm sure guix lint tried to push my code out to them the last time I > > > tried. > > > > Ah indeed, there is this in guix/lint.scm: > > > > So it does not push code, but a URL from which the code can be downloaded. > > Thus it requires the code to be available from the Internet; local code > > is "safe" from SWH. But this is still leaking information. > > Now I do not know what will happen if you save your code as a git > > repository at a hidden URL. For instance, does SWH check the license? > > I would hope so. Hope is not really good enough, there needs to be certainty in this. > > For this specific case we could add some flag to the command line like > `--do-not-archive` or something like that. `-x archival` does it, but it is too easy to forget and once the cat is out of the bag privacy is lost. I really think this should be default behaviour, or at least there should be a flag in the package definition. I would still be uncomfortable with the last option, as everyone would be relying on the collective of Guix maintainers to not screw up and accidentally leak private data. Dale
Re: Next Steps For the Software Heritage Problem
On Thu, 20 Jun 2024 16:35:10 +0200 Ekaitz Zarraga wrote: > > 2. You seem to imply that Free Software or code is apolitical. (in the > > sense of social or state politics not) Which it is not. Nothing is. > > For example Free Software is explicitly pro-capitalist and > > pro-Google/big companies. I am not saying I disagree, but its good > > to keep in mind that politics exist and do exist always. And in the case > > I'm not one of those people that think everything is politics but that's > not a debate I want to open. Free Software can be understood from many > ways. I don't think it's pro-capitalist, but pro-freedom, but that > freedom affects the capitalists too, and it's a *value* they have. But > freedom is also an anarchist value, and it can be an anti-capitalist > value too it becomes more politic when you put more things around it. > The issue I was trying to point is Free Software attracts many people > from many different backgrounds and politics, and trying to push for one > side defeats its purpose: making people stay together because they have > some shared value. I agree up to point. There is a lot of ifs and buts here and the CoC covers some of the already. Not every political opinion should be respected. > >> There are many valid reasons why someone might criticize the Free > >> Software movement and people behind it, but making free software only > >> has 4 simple rules. If you don't comply with them you are not free > >> software anymore. It's as simple as that, and that simple it should > >> be. > >> > >> Free Software gives me the FREEDOM to print the code, make a roll > >> with it and shove it up my ass if I want to (and even distribute my > >> modified copies for other people to do so). The same freedom I have > >> to upload it to github. If you prevent me from doing one or the other > >> you are restricting my freedom and that's defeating the purpose of > >> free software and we cannot consider your code free software anymore. > >> The line is clear, and trying to pretend to be free software while > >> restricting people's freedoms (regardless of what they are) is absurd. > > > > This is missing the context that GPL does indeed restrict people's > > freedom to license code as the see fit. Because it was written to > > further the political goals of FSF. It is on purpose. So we are already > > restricting the freedom of people to do what they want on purpose. > > It does restrict your freedom but only if your goal is restrict other > people's software freedom. I'd say the argument here was that GPL > provides more absolute freedom in the current world than other licenses > but I don't think the GPL was a very easy decision to make for the > radical freedom fighters. That's why some people don't like it. Sure I agree. My point was more that we already restrict stuff to make room for better things. Same way the CoC restricts some people from participating so that our spaces can be safer for people to participate. Its the tradeoffs you have to do. By allowing everybody to do whatever they want or allowing everybody to say whatever they want, you end losing everybody. As you said yourself. > > And lets not forget > > "your freedom ends where the other persons freedom begins" > > and consent of course in the issue at hand. > > Yes, but I don't think this is a matter Free Software needs to deal > with. And my original message was around that. > > Now, we should do something as a set of people that collaboratively work > in a project. Probably not under the Free Software label, because what > free software is is already pretty clear and well defined, but as > something else, may that be Guix users and contributors, if we wish. yep. I agree. And this is exactly what I wanted to do in my proposal in the first place :D > >> The Free Software movement can be labeled (and is often labeled) as a > >> political movement but I'd say it's more of an ethical movement. It's > >> a way to share *values* and the value we share here is freedom. We > >> might or might not share other values, politics, religion or > >> anything, but as long as we put the freedom in the first place we > >> should agree that free software is better than any other software > >> model we have. > >> > >> There are bad actors in the world (say thieves, killers or... GitHub > >> and AI), and we can discuss about how we should deal with them but I > >> don't think the answer is putting our *values* aside but embrace them > >> harder (one value, freedom, in our case). > > > > Definetily agree. The solution is not to embrace propietary software or > > restrict software. Its to write down some common social rules that are > > rooted in consent. > > > >> If people is not happy with the Free Software movement because it > >> puts the freedom first, I can only understand it as people being mad > >> about Free Software because it's about software. > >> > >> For other values, we can start othe
Re: Next Steps For the Software Heritage Problem
On Thu, 20 Jun 2024 16:40:57 +0200 Simon Tournier wrote: > Being concrete and explicit, could you please share: > > 1. Which part of your code is included in the pretraining dataset? > > It’s easy, you can copy/paste a snippet and it returns the location > from where it comes from. > > https://huggingface.co/spaces/bigcode/search-v2a > > > 2. What is your code that is included in SWH archive? > > Again, it’s easy: checkout some commit of your repository, then > inside this repository, you can run: > > echo "https://archive.softwareheritage.org/swh:1:dir:$(guix hash -S git > -f hex -H sha1 .)" > > Do not miss the ’.’ (dot) once entering the repository. This > command returns SWHID. Other said, using this identifier, you might > know if the repository is stored by SWH. (Be careful with temporary > artifacts as .go files or else.) > > Or you can also check for one specific content: > > $ echo "https://archive.softwareheritage.org/swh:1:cnt:$(guix hash -S git > -f hex -H sha1 COPYING)" > > https://archive.softwareheritage.org/swh:1:cnt:94a9ed024d3859793618152ea559a168bbcbb5e2 > > And the URL display the content of the file COPYING. Here GPL 3 > license for instance. > > > 3. Where such source code from #2 and #3 is packaged by Guix? my code is not yet in Guix. The question and actions I said came about because I want to commit my package to Guix but the minute I do it its shared without my consent with SWH. > That said, if the source is hosted on GitHub or GitLab.com or SourceHut > or CodeBerg or some other popular forges or even mirrored without your > consent on one of these, please consider that your code had been > ingested by ChatGPT without any mean to verify. Obviously, that’s not > an argument to accept the situation with HuggingFace and I understand > that you do not want that your publicly release copyleft source code > could be reused by any LLM. > > However, as said several times, rooting this willing of non-inclusion is > larger than your own willing once you publicly released such source code > under some copyleft license. I hope we agree on that. > > Again, I am not trying to avoid something. And again, we all have heard > your points. Nothing is ignored. To my knowledge, the path forward is > not yet well-defined. > > Since we are discussing at length with various different inputs, it > means that a common understanding and/or opinion does not seem obvious. Let me put it more clearly. I am NOT asking for SWH to stop training the LLM. and I am NOT asking Guix to take a stance against LLMs. and I do know that my code is going to be harvested anyway yeah. what I DO ask is: 1. for SWH to make the sharing of code to the LLM strictly opt-in. 2. For Guix not to enable that behavior until that is fixed because it is against our social rules and CoC The second step I have already outlined in the first emails some steps we could take to protect our package authors and show our disagreement. And also in the xmpp chat it was shared that guix can just stop sending new package code until it an opt-in system is in place > >> Well, I do not know if the outcome will be aligned with your current > >> opinion, but be sure that your concerns as the others raised by Guix > >> community members are taking into account. > > > > Thank you for giving me an honest and detailed answer. > > I feel you are pushy on the topic and for what my opinion is worth, it > is not helpful to raise again and again that you want a way to opt-out. > Yeah, people got it. :-) And you are probably not alone, I guess. Ah I am not pushing for what I want tho this is not how the thread started :) The thread started with me saying what I am going to DO concertely about the SWH problem that is all. I already have some practical things if you read it and I am going to start sending pr/mr/emails as i said soonish to move it forward. I just wanted to give a heads up to the list so it doesn't come out of nowhere. > I do not have special information from SWH but I am sure SWH people are > working on the topic. And again, maybe the outcome will not be aligned > with your opinion. Another story. > > Now, the other question you ask to Guix: do we continue to help SWH in > harvesting? You propose to stop, IIUC. Ok, we got it, too. :-) From my > point of view, the path forward is not to speak on the abstract but to > root on concrete numbers; it would help in bounding what we are speaking > about. > > Concretely, if you would like to be able to opt-out, could you point: > > 1. the piece from the Guix source code you are the author? > > 2. source code you are the author that is packaged by Guix? > > Again, I am not trying to avoid the discussion. Instead, I would prefer > to root the discussion on concrete examples. Then it would appear to me > easier to make progress. > > As Greg or Ekaitz also wrote: opting out has implications on the m
Re: About SWH, let avoid the wrong discussion
On Fri, 21 Jun 2024 10:39:50 +0200 Simon Tournier wrote: Hey, Just wanted to send a quick reply that as I have mentioned elsewhere I do not wish to see SWH go. I think they are doing great work. and as I mention in my first email I want to apply social pressure and make it clear to package authors what is happening so we can move to an opt-in model. It was never my intent to make it seem like we need to burn all bridges with SWH. I do think they have done mistakes but that is not a reason to break apart. We definetily need something like SWH and I do hope to see them come around to a consentual model. MSavoritias > Hi all, > > For the record, the Software Heritage initiative is supportive of the > Guix project since years. > > It means that members of Guix community have or had interactions with > Software Heritage (SWH) teams since years. For example, the blog post > “Connecting reproducible deployment to a long-term source code archive” > [1] published in 2019. And more recently, the scientific communication > “Source Code Archiving to the Rescue of Reproducible Deployment” [2]. > > Almost 6 years of friendly interactions and shared values. > > Could we avoid to express definitive opinions based on partial > considerations about multi-dimensional topics? > > Since years, several members of Guix community are helped in one way or > the other by SWH team members in improving free software ecosystem. > > Well, I speak for myself: I have been invited to several events > organized by SWH and it’s up to you to trust me when I say: SWH team > works very hard to embrace all the diversity of FOSS communities. For > example, I recently attended to a talk organized by SWH about Commons; > that talk had been a very good food for thought and maybe it could feed > our current discussion about governance/sociocracy via comments here or > there I could commit, I do not know, maybe. > > Well, I am very grateful for the opportunity to interact with SWH teams. > > For the record, SWH provided various supports for the organization of 10 > Years of Guix, back in 2022. Please remember that SWH team members were > there and some stayed all the three days; probably because we are a nice > community? All the video stream and good videos of the 10 Years of Guix > event you probably watched or maybe watch again is because the tireless > work of multi-hats person (Debian Developer, Debian Video Team, … and > working at SWH) helped by Guix community members. > > Please check the Copyright header for the subcommand “guix locate”. > Yes, it had been partly written by one SWH team member because, yes they > run Guix. Yes, their day-job is at SWH and they are also part of our > Guix community by contributing to Guix source code. > > Now, you take it as it is: I am sad by what people are concluding! > > Yes I understand why people are angry. Yes discussions must happen. > > However, I was expecting more benefit of the doubt considering history > and track record. Hum, even, maybe, I am asking myself if Guix > community is indeed nice or if this time the community is just harsh and > unfair. > > Do we forget the track record and the common history? > > Then, for what my opinion is worth, fighting against SWH while thinking > it’s fighting against LLM/AI is the wrong fight. Because 1. we are all > in the team. And 2. because SWH could be a facilitator for helping in > some regulations, maybe, I do not know. Somehow, I agree with Ekaitz. > > You take it as it is: I was expecting more humility by Guix community > members. Do you really think that a collective of people involved in > various FOSS communities with different roles, dedicating their free > time to free software or open source movements, do you think they are > the bad actors here? > > My humility tells me, as I expressed several times, nothing is ignored. > > Yes I also got the point about the lack of transparency. As I said > above, FWIW, I am in touch with SWH team. Well, I do not have special > information from SWH and I trust them to have listened or are still > listening various communities. So my understanding is: work is in > progress… Somehow, wait and see. > > Yes I know we cannot wait forever. Again, do we forget the track record > and the common history? Do we consider that a multi-layers topic > involving legal or ethics questions is straightforward to articulate? > > My humility tells me to wait to have clear and better understanding > about SWH motivations, their rationale, the measures and > counter-measures they maybe have in mind. Be patient and tolerant as I > am with my friends. > > Long enough email and thread. That’s all from me! :-) > > My last message. Not because I am bored but because one week of > holidays is starting now for me. ;-) > > 1: > https://guix.gnu.org/en/blog/2019/connecting-reproducible-deployment-to-a-long-term-source-code-archive/ > 2: https://hal.science/hal-04586520v1 > > Cheers, >
Re: Next Steps For the Software Heritage Problem
On Fri, 21 Jun 2024 09:41:10 +0100 Dale Mellor wrote: > On Thu, 2024-06-20 at 22:59 +0200, Ekaitz Zarraga wrote: > > Hi, > > > > On 2024-06-20 22:54, Andreas Enge wrote: > > > Am Thu, Jun 20, 2024 at 07:42:44PM +0100 schrieb Dale Mellor: > > > > I'm sure guix lint tried to push my code out to them the last time I > > > > tried. > > > > > > Ah indeed, there is this in guix/lint.scm: > > > > > > So it does not push code, but a URL from which the code can be downloaded. > > > Thus it requires the code to be available from the Internet; local code > > > is "safe" from SWH. > >But this is still leaking information. > > > > Now I do not know what will happen if you save your code as a git > > > repository at a hidden URL. For instance, does SWH check the license? > > > I would hope so. > >Hope is not really good enough, there needs to be certainty in this. > > > > > For this specific case we could add some flag to the command line like > > `--do-not-archive` or something like that. > >`-x archival` does it, but it is too easy to forget and once the cat is out > of the bag privacy is lost. I really think this should be default behaviour, > or > at least there should be a flag in the package definition. I would still be > uncomfortable with the last option, as everyone would be relying on the > collective of Guix maintainers to not screw up and accidentally leak private > data. > > Dale Yeah very much agree this should be the default behavior. Archiving should be opt-in to avoid any surprises for the person running it. I am surprised it became default actually. MSavoritias
Re: About SWH, let avoid the wrong discussion
Am Fri, Jun 21, 2024 at 12:12:13PM +0300 schrieb MSavoritias: > and as I mention in my first email I want to apply social pressure and make > it clear to package authors what is happening so we can move to an opt-in > model. Well, the opt-in model is in place: As soon as I put my code under a free license on the Internet, I opt in for it to be harvested by SWH (and anybody else, including non-friendly companies and state actors). Now the code may not be found by SWH, and the moment someone makes a Guix package out of it and adds it to the Guix main channel, SWH will find and archive it; but the opt-in has happened before at the moment I put the code online with its license. Maybe I misunderstood to what you want to apply the term "opt-in" (after reading your other message in which you use the term, this seems to be the case). If it is to source code of packages being used for AI training, there is actually no need to have a separate opt-in. Either it is legal under your license (and then you have effectively opted in), or it is illegal (in which case explicit opt-in already is a requirement). Am Fri, Jun 21, 2024 at 11:14:18AM +0300 schrieb MSavoritias: > Aside from that even Guix uploading all code from the packages to > SWH that basically feeds it to a LLM model is indeed not honoring consent of > the author of the package. Guix does not upload code to SWH. It gives them a pointer to a public git repository that SWH then harvests or not according to their rules (see my reply to Dale yesterday). These are not the same things at all. Whether or not one agrees with the SWH policy on LLM training (and I have not looked at it well enough to form my opinion), I do not think there is anything we should change at the level of the Guix project. Maybe SWH should put into place an opt-in procedure for feeding LLM; but I do not think we in Guix should put into place an opt-in procedure for informing SWH of the source code we package. (Which would be completely ineffective anyway: One single person in the world would be enough to run the code in "guix lint -c archival" on all Guix packages in all channels they have access to. For instance, SWH themselves.) Andreas
Re: About SWH, let avoid the wrong discussion
On Fri, 21 Jun 2024 11:46:56 +0200 Andreas Enge wrote: > Am Fri, Jun 21, 2024 at 12:12:13PM +0300 schrieb MSavoritias: > > and as I mention in my first email I want to apply social pressure and make > > it clear to package authors what is happening so we can move to an opt-in > > model. > > Well, the opt-in model is in place: As soon as I put my code under a free > license on the Internet, I opt in for it to be harvested by SWH (and anybody > else, including non-friendly companies and state actors). That may be how you have understood it but that is not how most people understand it. See for example mirroring videos that creators have made online, or more recently some activitypub software harvesting posts for a search engine. As I have been saying a lot in this thread (because there seem to be a lot of people in the Guix community not familiar that legal are not the same as social rules): -Just because you CAN do something doesn't mean you SHOULD. In the sense that yes somebody can probably harvest all my posts from activitypub and post them somewhere else, in practise they are an asshole tho and probably are going to be deferated pretty fast for breaking the social rules of common human decency :) This is by design in activitypub btw the social rule of don't harvest stuff. Same way that it is in xmpp. Not that assholes don't exist of course, but nobody is exempt from common human decency and a following the rules of a place. See also https://www.consentfultech.io/ for a good read. Hope it answers some questions. - What you are saying even if it was true, is not indicated anywhere in the manual or the website. (which is part of what I want to do.) Add a warning for package authors and commiters and a proper procedure. We are ultimately living in a society that we have some good faith by default that everybody acts respectfully (dont leak my messages that i sent to you in private for example). If they don't we take measures to not include them anymore. I am not saying this for SWH mind you, its just an example. Saying that I can do whatever I want is a very reductionist point of view that I doubt would be acceptable inside Guix and FSF even. Given that GPL itself doesn't allow you to do whatever you want. TBH it seems you are not the only one in this thread not knowing that laws (legal rules of states) ie. the FSF licenses and work and whatever, are not the same as social rules. But given that Guix has a CoC and social rules on top of that I am hopeful :) > Now the code may not be found by SWH, and the moment someone makes a Guix > package out of it and adds it to the Guix main channel, SWH will find and > archive it; but the opt-in has happened before at the moment I put the code > online with its license. > > Maybe I misunderstood to what you want to apply the term "opt-in" (after > reading your other message in which you use the term, this seems to be > the case). If it is to source code of packages being used for AI training, > there is actually no need to have a separate opt-in. Either it is legal > under your license (and then you have effectively opted in), or it is > illegal (in which case explicit opt-in already is a requirement). Again as I wrote above legal has nothing to do with it really. Its about our social rules and what we have as common understanding in Guix. if you just do something just because you can, then that makes you an asshole in my book. See hostile forks for example that have happened. > Am Fri, Jun 21, 2024 at 11:14:18AM +0300 schrieb MSavoritias: > > Aside from that even Guix uploading all code from the packages to > > SWH that basically feeds it to a LLM model is indeed not honoring consent > > of the author of the package. > > Guix does not upload code to SWH. It gives them a pointer to a public git > repository that SWH then harvests or not according to their rules (see my > reply to Dale yesterday). These are not the same things at all. This is bikeshedding and arguing on schemantics. Guix gives them a url to download the source code from, so ultimately we (the Guix project) is responsible for the code showing up in there. Lets not argue over schemantics like this. It is even posted on their website in case you want to argue otherwise https://www.softwareheritage.org/2019/04/18/software-heritage-and-gnu-guix-join-forces-to-enable-long-term-reproducibility/ > Whether or not one agrees with the SWH policy on LLM training (and I have > not looked at it well enough to form my opinion), I do not think there > is anything we should change at the level of the Guix project. Maybe SWH > should put into place an opt-in procedure for feeding LLM; but I do not > think we in Guix should put into place an opt-in procedure for informing > SWH of the source code we package. (Which would be completely ineffective > anyway: One single person in the world would be enough to run the code in > "guix lint -c archival" on all Guix packages in all c
Re: Rust-team branch status?
On Thu, Jun 20, 2024 at 05:10:11PM -0700, Ian Eure wrote: > Hi Guixers, > > I want to update the Librewolf package, but it now depends on Rust >= 1.76, > which is newer than what's in master. I see the rust-team branch has > versions up to 1.77 — is there a timeline for merging that, or a TODO list of > things that need to be done to merge it? I'm not sure if I can help there, > but would rather direct efforts towards getting rust updated than patching > Librewolf to build with older versions. I managed to burn myself out on rust stuff a few months ago and I'm finally coming back to the rust-team branch. There are still hundreds of patches sent for the branch which I had hoped to catch-up on, but I'm fairly certain that the branch is in a good state for merging even now. Currently it has rust-1.77.1. There is a newer 1.77.2 available, and the newest version is 1.79. After merging the current branch I hope to be able to move the version of rust on the rust-team branch to whatever the latest version is. -- Efraim Flashner רנשלפ םירפא GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted signature.asc Description: PGP signature
Re: Rust-team branch status?
Hi Efraim, On Fri, Jun 21 2024, Efraim Flashner wrote: > I managed to burn myself out on rust stuff a few months ago Thank you for your hard work. Rust is perhaps the most complex part in the Guix packaging effort. > After merging the current branch I hope to be able to move the version > of rust on the rust-team branch to whatever the latest version is. Please leave it for now. It will still be there after you come back from hiking a mountain, reading a novel, or spending time with family---or whatever it is you do to get away. A good weekend, Felix
Re: About SWH, let avoid the wrong discussion
On Fri, 21 Jun 2024 13:45:04 + Luis Felipe wrote: > El 21/06/24 a las 10:44, MSavoritias escribió: > > On Fri, 21 Jun 2024 11:46:56 +0200 > > Andreas Enge wrote: > > > >> Am Fri, Jun 21, 2024 at 11:14:18AM +0300 schrieb MSavoritias: > >>> Aside from that even Guix uploading all code from the packages to > >>> SWH that basically feeds it to a LLM model is indeed not honoring consent > >>> of the author of the package. > >> Guix does not upload code to SWH. It gives them a pointer to a public git > >> repository that SWH then harvests or not according to their rules (see my > >> reply to Dale yesterday). These are not the same things at all. > > This is bikeshedding and arguing on schemantics. Guix gives them a url to > > download the source code from, so ultimately we (the Guix project) is > > responsible for the code showing up in there. > > Lets not argue over schemantics like this. It is even posted on their > > website in case you want to argue otherwise > > https://www.softwareheritage.org/2019/04/18/software-heritage-and-gnu-guix-join-forces-to-enable-long-term-reproducibility/ > > > > I think the differentiation between sending code and sending a URL is > necessary. Saying that Guix sends your code or your source files to SWH > leads people to think that Guix *will* transmit those files from your > local machine over the Internet to SWH machines when you run "guix lint > YOUR_PRIVATE_PACKAGE". And that's not the case, is it? But I didnt say that tho did I? the context you are reading as from the quote is Guix uploading all code from its packages to SWH. Not any private repos. So i have no idea what you are reffering to here tbh. MSavoritias
Re: About SWH, let avoid the wrong discussion
Hi, MSavoritias, Am Freitag, dem 21.06.2024 um 17:15 +0300 schrieb MSavoritias: > But I didnt say that tho did I? the context you are reading as from > the quote is Guix uploading all code from its packages to SWH. > Not any private repos. So i have no idea what you are reffering to > here tbh. I hate to say that, but you kinda did. It was implicit on the mailing list (at least in the OP), but very explicit in the XMPP room, where you say "it automatically sen[d]s your repo (and all your code) that is reachable through the internet to Software Heritage […] with no way to opt-out at any of the process and no flag with `guix lint` to disable it" Now, you stand corrected on both accounts (the automatic sending of code and the inability to disable it), but I'd like to poke at another tangent. Currently, the StarCoder LLM endorsed by SWH, claims to only ingest GitHub and to filter out both commercial and copyleft code, thus training on non-copyleft "open source" software only [1]. So, at the time of writing, you do have an "easy" opt-out by way of using the GPL. Except, that, of course, their script to detect licenses is buggy – what else did you expect? Just search for GNOME using their tool.[2] It will print out repos like the unlicensed releng [3] – although for some reason, being unlicensed appears to be fair game to them anyway [1] – or the GPL'd devhelp [4]. So, in my opinion, the collaboration between SWH and StarCoder should trigger some side-eyeing; and if only to exclude the archival lint for the time being. We can still consider SWH as a software mirror if all else fails, and they should probably be quick enough in updating as well. Long term, we might want to look into options that do not openly endorse tools which make such questionable decisions. On the notion of consent, I do think that "I license my code under the MIT license, because then companies will like me" ought to count as consent here. [3] and [4] on the other hand very much don't. Also, "sign up with GitHub, so that you can opt out" is not a great consent model either – at the very least accept bleeping email. As per Doctorow's law of enshittification, there is a good chance that "ethical AI" to SWH will become "any AI" if we do nothing to communicate that this is not what we as Guix expect. Cheers [1] https://arxiv.org/abs/2402.19173 [2] https://huggingface.co/spaces/bigcode/in-the-stack [3] https://github.com/GNOME/releng [4] https://github.com/GNOME/devhelp
Re: About SWH, let avoid the wrong discussion
On 2024-06-21, MSavoritias wrote: > On Fri, 21 Jun 2024 11:46:56 +0200 > Andreas Enge wrote: >> Am Fri, Jun 21, 2024 at 12:12:13PM +0300 schrieb MSavoritias: >> > and as I mention in my first email I want to apply social pressure and >> > make it clear to package authors what is happening so we can move to an >> > opt-in model. >> >> Well, the opt-in model is in place: As soon as I put my code under a free >> license on the Internet, I opt in for it to be harvested by SWH (and anybody >> else, including non-friendly companies and state actors). > > That may be how you have understood it but that is not how most people > understand it. > See for example mirroring videos that creators have made online, or more > recently some activitypub software harvesting posts for a search engine. I think the fundamental difference is that such videos or activitypub posts are not necessarily released under a license that *expressly* permits sharing. In most cases, those posts and videos are often released without any license at all, and the person retains the legal, social, moral and ethical rights to decide how that content is shared if at all. (I am speaking with those terms in the "plain" english sense, although they may have specific legal meanings in some contexts) > As I have been saying a lot in this thread (because there seem to be a > lot of people in the Guix community not familiar that legal are not > the same as social rules): > -Just because you CAN do something doesn't mean you SHOULD. In the sense that > yes somebody can probably harvest all my posts from activitypub and post them > somewhere else, > in practise they are an asshole tho and probably are going to be > deferated pretty fast for breaking the social rules of common human > decency :) With something released under a Free Software license, calling someone an "asshole" simply for using the permissions granted by that license, by the very person who granted those permissions, starts to feel a bit like a baited trap and honestly, maybe outright duplicitous. Certainly rude, at the very least. Again, that is different from some arbitrary post or video or cat picture on the internet, which more likely than not has no explicit permissions granted. > TBH it seems you are not the only one in this thread not knowing that laws > (legal rules of states) ie. the FSF licenses and work and whatever, are not > the same as social rules. > But given that Guix has a CoC and social rules on top of that I am hopeful :) Well... free software ... is a bunch of social rules. Licenses are social rules. Contracts are social rules. Laws are social rules. Admittedly, a lot of the mechanics involved in law creation and enforcement are dubious and suspect and weighted in the favor large, wealthy and/or otherwise powerful entities... I am not sure arguing about social vs. legal vs. whatever is even really a useful direction... almost missing the point entirely. I would rather ask... what is the intention of the Free Software movement? The licenses are merely imperfect tools to achieve those aims, and a clever way to leverage some specific legal mechanisms, but the licenses are not an end unto themselves. For me personally, it is about creating a shared commons that can be used to build healthy thriving local, regional, global and virtual communities that do useful or interesting things... I dare dream that some of those collaboration skills leak into other aspects of life too, not just software! I have a lot of doubts that the LLM training from SWH data is going to further this vision for free software... while the overall work of SWH most definitely does. Given my crude understanding of how LLM training works, it seems hard to imagine that it could actually produce models that comply with all of the license terms of innumerable free software projects, some of which have mutually incompatible terms. For just a handful of examples that are incompatible with the GPL: https://www.gnu.org/licenses/license-list.html#GPLIncompatibleLicenses So unless they are very extremely exceedingly excruciatingly careful about not including incompatible licenses... I have significant doubts. The incentives are just not there. I am a bit disappointed with the very optimistic take SWH has regarding LLMs for code: https://www.softwareheritage.org/2023/10/19/swh-statement-on-llm-for-code/ Even with all the identifiers to show which code a model was trained on, the whole point of a large model is it is built from a huge dataset... my guess is it takes significantly more effort to audit that dataset than to create an LLM with it. Which is to say license compliance, one of the few tools of the Free Software movement, seems unlikely to be effective. It is barely effective with more traditional software development. In short, er, at length, I am really not sure what to do. I find the opt-out/opt-in angle to be almost tangential. I find all the hype, and more im
Re: Next Steps For the Software Heritage Problem
Hi, El 21/06/24 a las 9:19, MSavoritias escribió: On Fri, 21 Jun 2024 09:41:10 +0100 Dale Mellor wrote: `-x archival` does it, but it is too easy to forget and once the cat is out of the bag privacy is lost. I really think this should be default behaviour, or at least there should be a flag in the package definition. I would still be uncomfortable with the last option, as everyone would be relying on the collective of Guix maintainers to not screw up and accidentally leak private data. Dale Yeah very much agree this should be the default behavior. Archiving should be opt-in to avoid any surprises for the person running it. I am surprised it became default actually. MSavoritias, Dale, I think this is one specific point you could report as an issue (https://issues.guix.gnu.org/), track it with a number and maybe provide patches if you are able to. OpenPGP_0x0AB0D067012F08C3.asc Description: OpenPGP public key OpenPGP_signature Description: OpenPGP digital signature
Re: About SWH, let avoid the wrong discussion
El 21/06/24 a las 10:44, MSavoritias escribió: On Fri, 21 Jun 2024 11:46:56 +0200 Andreas Enge wrote: Am Fri, Jun 21, 2024 at 11:14:18AM +0300 schrieb MSavoritias: Aside from that even Guix uploading all code from the packages to SWH that basically feeds it to a LLM model is indeed not honoring consent of the author of the package. Guix does not upload code to SWH. It gives them a pointer to a public git repository that SWH then harvests or not according to their rules (see my reply to Dale yesterday). These are not the same things at all. This is bikeshedding and arguing on schemantics. Guix gives them a url to download the source code from, so ultimately we (the Guix project) is responsible for the code showing up in there. Lets not argue over schemantics like this. It is even posted on their website in case you want to argue otherwise https://www.softwareheritage.org/2019/04/18/software-heritage-and-gnu-guix-join-forces-to-enable-long-term-reproducibility/ I think the differentiation between sending code and sending a URL is necessary. Saying that Guix sends your code or your source files to SWH leads people to think that Guix *will* transmit those files from your local machine over the Internet to SWH machines when you run "guix lint YOUR_PRIVATE_PACKAGE". And that's not the case, is it? OpenPGP_0x0AB0D067012F08C3.asc Description: OpenPGP public key OpenPGP_signature Description: OpenPGP digital signature
Re: About SWH, let avoid the wrong discussion
El 21/06/24 a las 14:15, MSavoritias escribió: On Fri, 21 Jun 2024 13:45:04 + Luis Felipe wrote: El 21/06/24 a las 10:44, MSavoritias escribió: On Fri, 21 Jun 2024 11:46:56 +0200 Andreas Enge wrote: Am Fri, Jun 21, 2024 at 11:14:18AM +0300 schrieb MSavoritias: Aside from that even Guix uploading all code from the packages to SWH that basically feeds it to a LLM model is indeed not honoring consent of the author of the package. Guix does not upload code to SWH. It gives them a pointer to a public git repository that SWH then harvests or not according to their rules (see my reply to Dale yesterday). These are not the same things at all. This is bikeshedding and arguing on schemantics. Guix gives them a url to download the source code from, so ultimately we (the Guix project) is responsible for the code showing up in there. Lets not argue over schemantics like this. It is even posted on their website in case you want to argue otherwise https://www.softwareheritage.org/2019/04/18/software-heritage-and-gnu-guix-join-forces-to-enable-long-term-reproducibility/ I think the differentiation between sending code and sending a URL is necessary. Saying that Guix sends your code or your source files to SWH leads people to think that Guix *will* transmit those files from your local machine over the Internet to SWH machines when you run "guix lint YOUR_PRIVATE_PACKAGE". And that's not the case, is it? But I didnt say that tho did I? the context you are reading as from the quote is Guix uploading all code from its packages to SWH. Not any private repos. So i have no idea what you are reffering to here tbh. No, you didn't. What I'm trying to say is that I don't think specifying what Guix sends/uploads to SWH is "bikeshedding". For example, when you say "Guix uploading all code from its packages to SWH", it's ambiguous to me. I don't understand whether you are referring to the package definitions or to the source files those packages refer to. And, if I understand correctly, Guix doesn't upload any of these to SWH. OpenPGP_0x0AB0D067012F08C3.asc Description: OpenPGP public key OpenPGP_signature Description: OpenPGP digital signature
Re: Nice meetup 22/06/2024
Given the ongoing national crisis and calls from major trade unions to protest tomorrow during the time slot that was planned for this event, the event is cancelled. I hope to propose another meeting for a later date.
Debugging failing shepherd startup
Hi, I have an issue with my Guix configuration. From a certain update my system fails to boot. It successfully boots into kernel and starts shepherd. But after that shepherd fails to activate some necessary service and the system is softlocked. The problem is that I can't neither control the system in the booted state at that point nor I can check the logs, as logd wasn't started yet, so kernel messages are only preserved in memory and on the screen. But I cannot scroll the screen, and can't interact with the system in any way. I can at least display some of them with disabling silent kernel, but the issue is the root cause is scrolled away too fast to be read. My question is, is there a way to debug this? I mostly need help with identifying the failing service, once I have it, I think I can sort it out. Best regards, Maya signature.asc Description: PGP signature
Re: About SWH, let avoid the wrong discussion
On Fri, 21 Jun 2024 16:33:40 + Luis Felipe wrote: > El 21/06/24 a las 14:15, MSavoritias escribió: > > On Fri, 21 Jun 2024 13:45:04 + > > Luis Felipe wrote: > > > >> El 21/06/24 a las 10:44, MSavoritias escribió: > >>> On Fri, 21 Jun 2024 11:46:56 +0200 > >>> Andreas Enge wrote: > >>> > Am Fri, Jun 21, 2024 at 11:14:18AM +0300 schrieb MSavoritias: > > Aside from that even Guix uploading all code from the packages to > > SWH that basically feeds it to a LLM model is indeed not honoring > > consent of the author of the package. > Guix does not upload code to SWH. It gives them a pointer to a public git > repository that SWH then harvests or not according to their rules (see my > reply to Dale yesterday). These are not the same things at all. > >>> This is bikeshedding and arguing on schemantics. Guix gives them a url to > >>> download the source code from, so ultimately we (the Guix project) is > >>> responsible for the code showing up in there. > >>> Lets not argue over schemantics like this. It is even posted on their > >>> website in case you want to argue otherwise > >>> https://www.softwareheritage.org/2019/04/18/software-heritage-and-gnu-guix-join-forces-to-enable-long-term-reproducibility/ > >>> > >> I think the differentiation between sending code and sending a URL is > >> necessary. Saying that Guix sends your code or your source files to SWH > >> leads people to think that Guix *will* transmit those files from your > >> local machine over the Internet to SWH machines when you run "guix lint > >> YOUR_PRIVATE_PACKAGE". And that's not the case, is it? > > But I didnt say that tho did I? the context you are reading as from the > > quote is Guix uploading all code from its packages to SWH. > > Not any private repos. So i have no idea what you are reffering to here > > tbh. > > No, you didn't. > > What I'm trying to say is that I don't think specifying what Guix > sends/uploads to SWH is "bikeshedding". For example, when you say "Guix > uploading all code from its packages to SWH", it's ambiguous to me. I > don't understand whether you are referring to the package definitions or > to the source files those packages refer to. And, if I understand > correctly, Guix doesn't upload any of these to SWH. From the `guix lint` documentation: archival ¶ Checks whether the package’s source code is archived at Software Heritage. When the source code that is not archived comes from a version-control system (VCS)—e.g., it’s obtained with git-fetch, send Software Heritage a “save” request so that it eventually archives it. This ensures that the source will remain available in the long term, and that Guix can fall back to Software Heritage should the source code disappear from its original host. The status of recent “save” requests can be viewed on-line. When source code is a tarball obtained with url-fetch, simply print a message when it is not archived. As of this writing, Software Heritage does not allow requests to save arbitrary tarballs; we are working on ways to ensure that non-VCS source code is also archived. Software Heritage limits the request rate per IP address. When the limit is reached, guix lint prints a message and the archival checker stops doing anything until that limit has been reset. This is run for all packages in the Guix tree in case you didnt know. (and by default in guix lint) MSavoritias
Re: About SWH, let avoid the wrong discussion
On Fri, 21 Jun 2024 09:51:30 -0700 Vagrant Cascadian wrote: > On 2024-06-21, MSavoritias wrote: > > On Fri, 21 Jun 2024 11:46:56 +0200 > > Andreas Enge wrote: > >> Am Fri, Jun 21, 2024 at 12:12:13PM +0300 schrieb MSavoritias: > >> > and as I mention in my first email I want to apply social pressure and > >> > make it clear to package authors what is happening so we can move to an > >> > opt-in model. > >> > >> Well, the opt-in model is in place: As soon as I put my code under a free > >> license on the Internet, I opt in for it to be harvested by SWH (and > >> anybody > >> else, including non-friendly companies and state actors). > > > > That may be how you have understood it but that is not how most people > > understand it. > > See for example mirroring videos that creators have made online, or more > > recently some activitypub software harvesting posts for a search engine. > > I think the fundamental difference is that such videos or activitypub > posts are not necessarily released under a license that *expressly* > permits sharing. > > In most cases, those posts and videos are often released without any > license at all, and the person retains the legal, social, moral and > ethical rights to decide how that content is shared if at all. (I am > speaking with those terms in the "plain" english sense, although they > may have specific legal meanings in some contexts) Its not actually. License doesn't matter to fediverse communities (I am talking ones that are part of the BadSpace here) It is a social issue and treat accordinly. As in defederate (dont assosiate) with people who dont respect your community rules. Laws, and licenses have nothing to do with it. Also bear in mind that the same communities opposed and blocked search engines that tried to make the posts searchable. That is why it became opt-in in the end :D > > As I have been saying a lot in this thread (because there seem to be a > > lot of people in the Guix community not familiar that legal are not > > the same as social rules): > > > -Just because you CAN do something doesn't mean you SHOULD. In the sense > > that yes somebody can probably harvest all my posts from activitypub and > > post them somewhere else, > > in practise they are an asshole tho and probably are going to be > > deferated pretty fast for breaking the social rules of common human > > decency :) > > With something released under a Free Software license, calling someone > an "asshole" simply for using the permissions granted by that license, > by the very person who granted those permissions, starts to feel a bit > like a baited trap and honestly, maybe outright duplicitous. Certainly > rude, at the very least. > > Again, that is different from some arbitrary post or video or cat > picture on the internet, which more likely than not has no explicit > permissions granted. See about fediverse again. Its understood socially to be a bad thing not legally. Because after all mostly nobody has the time and money for state laws to work. > > TBH it seems you are not the only one in this thread not knowing that laws > > (legal rules of states) ie. the FSF licenses and work and whatever, are not > > the same as social rules. > > But given that Guix has a CoC and social rules on top of that I am hopeful > > :) > > Well... free software ... is a bunch of social rules. Licenses are > social rules. Contracts are social rules. Laws are social > rules. Admittedly, a lot of the mechanics involved in law creation and > enforcement are dubious and suspect and weighted in the favor large, > wealthy and/or otherwise powerful entities... > > I am not sure arguing about social vs. legal vs. whatever is even really > a useful direction... almost missing the point entirely. > > I would rather ask... what is the intention of the Free Software > movement? > > The licenses are merely imperfect tools to achieve those aims, and a > clever way to leverage some specific legal mechanisms, but the licenses > are not an end unto themselves. > > For me personally, it is about creating a shared commons that can be > used to build healthy thriving local, regional, global and virtual > communities that do useful or interesting things... I dare dream that > some of those collaboration skills leak into other aspects of life too, > not just software! That is all well and good but sadly Free Software says nothing about social rules. For example what is Guix supposed to do when racists come in the chat? or what if there is a hostile fork with the same name and submits itself for Guix inclusion? or what if like a few months ago you have a trans person saying in the mailing list that you deadnamed them? Do we not change the software even if FSF free software says we can do whatever we want? I doubt the last case would go well with a lot of people in the Guix community. These are just some examples that Free Software can't solve for better or for worse. So it is
Re: About SWH, let avoid the wrong discussion
Hi Vagrant, On Fri, Jun 21 2024, Vagrant Cascadian wrote: > I have to cut myself off now. Please feel free to keep going. Out of the dozens of comments here, including my own, yours was the most valuable. +1 to your fatigue with LLM hype; to the critique of the excess expenditure of precious resources; to the legal/social observations; and also to the balance of your message. Thank you for saving me from having to write all that myself! Kind regards Felix
Exclude checker with package properties [draft PATCH]
On Fri, 21 Jun 2024 at 09:41, Dale Mellor wrote:
>`-x archival` does it, but it is too easy to forget
[...]
> at least there should be a flag in the package definition.
See attached the patch implementing that.
>From 8cb162bcde91d3b39453de576caadb9a6f8f8733 Mon Sep 17 00:00:00 2001
Message-ID: <8cb162bcde91d3b39453de576caadb9a6f8f8733.1718990517.git.zimon.touto...@gmail.com>
From: Simon Tournier
Date: Fri, 21 Jun 2024 19:17:57 +0200
Subject: [PATCH] guix: lint: Honor 'no-archival?' package property.
* guix/lint.scm (check-archival): Skip the checker if the package is marked.
* doc/guix.texi: Document it.
Change-Id: I2e21b60ee4f02255f298740a2e9ebb1717e490ff
---
doc/guix.texi | 15 -
guix/lint.scm | 154 ++
2 files changed, 93 insertions(+), 76 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 769ca1399f..5c1cb89686 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -71,7 +71,7 @@
Copyright @copyright{} 2019 Alex Griffin@*
Copyright @copyright{} 2019, 2020, 2021, 2022 Guillaume Le Vaillant@*
Copyright @copyright{} 2020 Liliana Marie Prikler@*
-Copyright @copyright{} 2019, 2020, 2021, 2022, 2023 Simon Tournier@*
+Copyright @copyright{} 2019, 2020, 2021, 2022, 2023, 2024 Simon Tournier@*
Copyright @copyright{} 2020 Wiktor Żelazny@*
Copyright @copyright{} 2020 Damien Cassou@*
Copyright @copyright{} 2020 Jakub Kądziołka@*
@@ -15380,6 +15380,19 @@ Invoking guix lint
prints a message and the @code{archival} checker stops doing anything until
that limit has been reset.
+Sometimes it is not desired to send a request for archiving each time
+@command{guix lint} is run. The package might be marked to skip the
+@code{archival} checker by honoring the @code{no-archival?} property in
+package definition:
+
+@lisp
+(define-public python-scikit-learn
+ (package
+(name "python-scikit-learn")
+;; @dots{}
+(properties '((no-archival? . #t)
+@end lisp
+
@item cve
@cindex security vulnerabilities
@cindex CVE, Common Vulnerabilities and Exposures
diff --git a/guix/lint.scm b/guix/lint.scm
index 68d532968d..4c33ec6598 100644
--- a/guix/lint.scm
+++ b/guix/lint.scm
@@ -1717,84 +1717,88 @@ (define (check-archival package)
(lookup-directory-by-nar-hash (content-hash-value hash)
(content-hash-algorithm hash)))
- (parameterize ((%allow-request? skip-when-limit-reached))
-(catch #t
- (lambda ()
-(match (package-source package)
- (#f ;no source
- '())
- ((and (? origin? origin)
-(= origin-uri (? git-reference? reference)))
- (define url
- (git-reference-url reference))
- (define commit
- (git-reference-commit reference))
- (define hash
- (origin-hash origin))
-
- (match (or (lookup-by-nar-hash hash)
- (if (commit-id? commit)
- (or (lookup-revision commit)
- (lookup-origin-revision url commit))
- (lookup-origin-revision url commit)))
- ((or (? string?) (? revision?))
- '())
- (#f
- ;; Revision is missing from the archive, attempt to save it.
- (save-package-source package
- ((? origin? origin)
- (if (and=> (origin-hash origin) ;XXX: for ungoogled-chromium
- content-hash-value) ;& icecat
- (let ((hash (origin-hash origin)))
- (match (or (lookup-by-nar-hash hash)
-(lookup-content (content-hash-value hash)
-(symbol->string
- (content-hash-algorithm hash
- (#f
-;; If ORIGIN is a version-control checkout, save it now.
-;; If not, check whether HASH is in the Disarchive
-;; database ("Save Code Now" does not accept tarballs).
-(if (vcs-origin origin)
-(save-package-source package)
-(match (lookup-disarchive-spec hash)
- (#f
- (list (make-warning package
- (G_ "source not archived on Software \
+ (if (not (assq 'no-archival? (package-properties package)))
+(parameterize ((%allow-request? skip-when-limit-reached))
+ (catch #t
+(lambda ()
+ (match (package-source package)
+(#f ;no source
+ '())
+((and (? origin? origin)
+ (= origin-uri (? git-reference? reference)))
+ (define url
+ (git-reference-url reference))
+ (define commit
+ (git-reference-commit r
Re: Exclude checker with package properties [draft PATCH]
Hi Simon, On Fri, Jun 21 2024, Simon Tournier wrote: > Is debbugs.gnu.org having issues? Yes, the community0p server crashed this morning. Luckily, Debbugs appears to be back online and added messages I sent during the outage. Maybe yours will get there, too. > See attached the patch implementing that. Thank you! Do you see a chance we can amend the patch so I can block such package definitions from being used by 'guix deploy', 'guix system reconfigure' and 'guix home reconfigure'? The new field looks to me like an amendment of the license terms, especially if the field was added by the author pursuant to the objections raised in this thread. I would rather not pollute my systems with potentially unfree software. Also, for all the controversy surrounding LLMs, which I read with great interest, SHW still provides a valuable service by making sure the sources I depend upon to configure my systems do not disappear. Due to my custom patches, I regularly bootstrap Guix. I cannot be caught in a situation from which I cannot recover. Kind regards Felix
Re: Exclude checker with package properties [draft PATCH]
On Fri, 21 Jun 2024 at 19:51, Simon Tournier wrote: > Well, thinking about indeed it could helpful in some context to specify > the checkers to exclude at the package definition level. Other said, > this patch could be generalized. Work in progress… :-) Done here: https://issues.guix.gnu.org/71697#1 Cheers, simon
Re: Exclude checker with package properties [draft PATCH]
Hi Felix, On Fri, 21 Jun 2024 at 20:37, Felix Lechner wrote: > > Is debbugs.gnu.org having issues? > > Yes, the community0p server crashed this morning. Luckily, Debbugs > appears to be back online and added messages I sent during the outage. > Maybe yours will get there, too. Thanks. Yeah the message reached issues.guix.gnu.org so I guess all is fine. :-) > > See attached the patch implementing that. > > Thank you! Do you see a chance we can amend the patch so I can block > such package definitions from being used by 'guix deploy', 'guix system > reconfigure' and 'guix home reconfigure'? My input of this will wait after my holidays. ;-) Cheers, simon
Re: Debugging failing shepherd startup
Hi Maya, On Fri, Jun 21 2024, m...@zenmaya.xyz wrote: > From a certain update my system fails to boot. It successfully boots > into kernel and starts shepherd. But after that shepherd fails to > activate some necessary service and the system is softlocked. I have had the same problem repeatedly one one piece of equipment. It is vexing to the n-th degree. > My question is, is there a way to debug this? I mostly need help with > identifying the failing service, once I have it, I think I can sort it > out. I disable all suspect services and then add them back with an ad-hoc geometric algorithm: I add half and, if those works, add a quarter, and then an eighth... There is some disagreement one how the Shepherd can produce better logging output. Some information may be in /var/log/messages but it can be hard to find. You are not alone. Please post a reproducer if you have one. Kind regards Felix
Re: About SWH, let avoid the wrong discussion
On 2024-06-21, MSavoritias wrote: > On Fri, 21 Jun 2024 09:51:30 -0700 > Vagrant Cascadian wrote: > >> On 2024-06-21, MSavoritias wrote: >> > On Fri, 21 Jun 2024 11:46:56 +0200 >> > Andreas Enge wrote: >> >> Am Fri, Jun 21, 2024 at 12:12:13PM +0300 schrieb MSavoritias: >> >> > and as I mention in my first email I want to apply social pressure and >> >> > make it clear to package authors what is happening so we can move to an >> >> > opt-in model. >> >> >> >> Well, the opt-in model is in place: As soon as I put my code under a free >> >> license on the Internet, I opt in for it to be harvested by SWH (and >> >> anybody >> >> else, including non-friendly companies and state actors). >> > >> > That may be how you have understood it but that is not how most people >> > understand it. >> > See for example mirroring videos that creators have made online, or more >> > recently some activitypub software harvesting posts for a search engine. >> >> I think the fundamental difference is that such videos or activitypub >> posts are not necessarily released under a license that *expressly* >> permits sharing. >> >> In most cases, those posts and videos are often released without any >> license at all, and the person retains the legal, social, moral and >> ethical rights to decide how that content is shared if at all. (I am >> speaking with those terms in the "plain" english sense, although they >> may have specific legal meanings in some contexts) > > Its not actually. License doesn't matter to fediverse communities (I am > talking ones that are part of the BadSpace here) > It is a social issue and treat accordinly. As in defederate (dont assosiate) > with people who dont respect your community rules. > Laws, and licenses have nothing to do with it. What is a license other than an explicit set of community rules pertaining to the community around which that license is relevent (e.g. a specific piece of software)? When people break community rules, there may be consequences... and whatever relevent community figures out what to do about it, with whatever explicit or ad-hoc process they have at hand... some of those methods work out better than others. I see no notable difference with the way the fediverse works; people or communities choose to associate or disassociate from other people or communities when a common set of norms cannot be established. If you repeatedly or severely break the rules (a.k.a. laws) of a particular community, you probably will no longer be welcome in that community. >> With something released under a Free Software license, calling someone >> an "asshole" simply for using the permissions granted by that license, >> by the very person who granted those permissions, starts to feel a bit >> like a baited trap and honestly, maybe outright duplicitous. Certainly >> rude, at the very least. >> >> Again, that is different from some arbitrary post or video or cat >> picture on the internet, which more likely than not has no explicit >> permissions granted. > > See about fediverse again. Its understood socially to be a bad thing not > legally. > Because after all mostly nobody has the time and money for state laws to work. If I tell you "go ahead and do X with this cool thing I made, as long as you respect Y, forever, honest" and then you say "stop doing X now, I take it back because Z" ... that might come across as socially inappropriate weather there are laws involved or not; the law is irrelevent as far as I am concerned. Of course, context matters; maybe Z is something nobody had ever thought of before, and it is a surprise to everyone... and maybe even pretty undesireable. Maybe Z is a pretty arbitrary whim... and everything in-between. Maybe, just maybe, there is a big ambiguous grey area or even a gray area... A license is just a social arrangement, a codified set of social rules, promises and expectations, just because it has some codified legal enforcement mechanism does not change that. Obviously, due to systematic power imbalances, it is probably different than breaking a promise to meet someone for a picnic tomorrow afternoon. >> > TBH it seems you are not the only one in this thread not knowing that laws >> > (legal rules of states) ie. the FSF licenses and work and whatever, are >> > not the same as social rules. >> > But given that Guix has a CoC and social rules on top of that I am hopeful >> > :) >> >> Well... free software ... is a bunch of social rules. Licenses are >> social rules. Contracts are social rules. Laws are social >> rules. Admittedly, a lot of the mechanics involved in law creation and >> enforcement are dubious and suspect and weighted in the favor large, >> wealthy and/or otherwise powerful entities... >> >> I am not sure arguing about social vs. legal vs. whatever is even really >> a useful direction... almost missing the point entirely. >> >> I would rather ask... what is the intention of the Free Software >> movement? >> >
