Re: About SWH, let avoid the wrong discussion
Hi MSavoritias, MSavoritias writes: >> Well, the opt-in model is in place: As soon as I put my code under a free >> license on the Internet, I opt in for it to be harvested by SWH (and anybody >> else, including non-friendly companies and state actors). > That may be how you have understood it but that is not how most people > understand it. See for example mirroring videos that creators have > made online, or more recently some activitypub software harvesting > posts for a search engine. > > As I have been saying a lot in this thread (because there seem to be a > lot of people in the Guix community not familiar that legal are not > the same as social rules): I feel the need to jump in here because that first paragraph, to me, implies that the silent members of the community agree with you. I do not. Mirroring/archiving code released under a free license is different then copying videos or posts that were not licensed. The two are so different that opposition to the latter can't be compared to opposition to the former. And yes, I do mean from a ethical perspective. These are wildly different issues. > Saying that I can do whatever I want is a very reductionist point of > view that I doubt would be acceptable inside Guix and FSF even. Given > that GPL itself doesn't allow you to do whatever you want. Restrictions for the purpose of maximizing freedom are different then restrictions for the purpose of limiting freedom. > Again as I wrote above legal has nothing to do with it really. Its > about our social rules and what we have as common understanding in > Guix. To some people (myself included), ensuring software is and remains free IS an ethical rule (along with the contents of Guix's Contributor Covenant of course). I do not believe any rules in said code of conduct are being violated here. >>`-x archival` does it, but it is too easy to forget and once the cat is >> out >> of the bag privacy is lost. I really think this should be default >> behaviour, >> or >> at least there should be a flag in the package definition. I would still be >> uncomfortable with the last option, as everyone would be relying on the >> collective of Guix maintainers to not screw up and accidentally leak private >> data. >> >> Dale > Yeah very much agree this should be the default behavior. Archiving > should be opt-in to avoid any surprises for the person running it. I > am surprised it became default actually. It is not my responsibility to ensure publicly available code released under a FOSS license is not archived. It is the developers responsibility to not release it under a FOSS license. (Perhaps nonfree private channels would benefit from a change in the default behavior but Guix should not tailor its defaults around such a use case.) I am opposed to any theoretical change in Guix's packaging policy that restricts software freedom. This would include a system that allows for marking individual packages as "do not upload to software heritage". To clarify. I am specifically opposed to a change in official Guix packages that allows for this statement: "Do not upload automatically to software heritage, and no one else can either." I have no objection to disabling archival for technical reasons. And of course, 3rd party channels are free to do whatever they want. As Felix said: > The new field looks to me like an amendment of the license terms, > especially if the field was added by the author pursuant to the > objections raised in this thread. I would rather not pollute my > systems with potentially unfree software. Nonfree software does not belong in Guix proper. I believe [1] is a relevant piece on this topic. It discusses some of the issues with adding additional restrictions to a GPL license. Here's a choice quote from the GPL: > All other non-permissive additional terms are considered "further > restrictions" within the meaning of section 10. If the Program as you > received it, or any part of it, contains a notice stating that it is > governed by this License along with a term that is a further > restriction, you may remove that term. And the rationale: > Here we were particularly concerned to address the problem of program > authors who purport to license their works in a misleading and > possibly self-contradictory fashion, using the GPL together with > unacceptable added restrictions that would make those works non-free > software. [1]: https://www.fsf.org/blogs/licensing/protecting-free-software-against-confusing-additional-restrictions -- Take it easy, Richard Sent Making my computer weirder one commit at a time.
Re: Nice meetup 22/06/2024
I'll probably participate in the next meetup if it is Germany or France. Last time I participated in a Guix event was 10 Years of Guix in Paris. There I also plan to introduce my new hardware project which will be supported by Guix, and is designed with Respects Your Freedom Certification in mind. I have kicad packaged via guix on my Talos II, because the version that comes with Debian is too old. Today I'll do a livestream how I design my own sensor board: https://trisquel.info/en/forum/next-librevr-livestream-tody#comment-176770 https://app.spacebar.chat/invite/5gv75x https://stream.isengaara.de/hls/librevr.m3u8
Re: About SWH, let avoid the wrong discussion
On Sat, 22 Jun 2024 09:06:20 -0400 Richard Sent wrote: > Hi MSavoritias, > > MSavoritias writes: > > >> Well, the opt-in model is in place: As soon as I put my code under a free > >> license on the Internet, I opt in for it to be harvested by SWH (and > >> anybody > >> else, including non-friendly companies and state actors). > > That may be how you have understood it but that is not how most people > > understand it. See for example mirroring videos that creators have > > made online, or more recently some activitypub software harvesting > > posts for a search engine. > > > > As I have been saying a lot in this thread (because there seem to be a > > lot of people in the Guix community not familiar that legal are not > > the same as social rules): > > I feel the need to jump in here because that first paragraph, to me, > implies that the silent members of the community agree with you. I do > not. > > Mirroring/archiving code released under a free license is different then > copying videos or posts that were not licensed. The two are so different > that opposition to the latter can't be compared to opposition to the > former. And yes, I do mean from a ethical perspective. These are wildly > different issues. > > > Saying that I can do whatever I want is a very reductionist point of > > view that I doubt would be acceptable inside Guix and FSF even. Given > > that GPL itself doesn't allow you to do whatever you want. > > Restrictions for the purpose of maximizing freedom are different then > restrictions for the purpose of limiting freedom. Thank you for proving my point :) That what "limits freedom" is very subjective that is. You have your opinion other people have yours. GPL has been called bad for restricting freedom after all if you dont know. > > Again as I wrote above legal has nothing to do with it really. Its > > about our social rules and what we have as common understanding in > > Guix. > > To some people (myself included), ensuring software is and remains free > IS an ethical rule (along with the contents of Guix's Contributor > Covenant of course). I do not believe any rules in said code of conduct > are being violated here. Does you ethics not include privacy and consent? Because mine do. see -> https://www.consentfultech.io > >>`-x archival` does it, but it is too easy to forget and once the cat is > >> out > >> of the bag privacy is lost. I really think this should be default > >> behaviour, > >> or > >> at least there should be a flag in the package definition. I would still > >> be > >> uncomfortable with the last option, as everyone would be relying on the > >> collective of Guix maintainers to not screw up and accidentally leak > >> private > >> data. > >> > >> Dale > > Yeah very much agree this should be the default behavior. Archiving > > should be opt-in to avoid any surprises for the person running it. I > > am surprised it became default actually. > > It is not my responsibility to ensure publicly available code released > under a FOSS license is not archived. It is the developers > responsibility to not release it under a FOSS license. (Perhaps nonfree > private channels would benefit from a change in the default behavior but > Guix should not tailor its defaults around such a use case.) > > I am opposed to any theoretical change in Guix's packaging policy that > restricts software freedom. This would include a system that allows for > marking individual packages as "do not upload to software heritage". > > To clarify. I am specifically opposed to a change in official Guix > packages that allows for this statement: > > "Do not upload automatically to software heritage, and no one else can > either." Let me put this more clear Richard, the statement above that archiving should be off by default means: - Guix respects the consent of the person using guix lint and their expectations. (that lint actually lints) - Respects their privacy - Respects their autonomy. Now if you want to disagree that people should have privacy or expectations then I fear we are becoming the next Google. Personally I do not want Guix to become the next google but I instead want to respect privacy, autonomy and consent. If you do not believe in these then I fear we have a fundamental disagreement here. Regards, MSavoritias
Re: About SWH, let avoid the wrong discussion
On Fri, 21 Jun 2024 13:51:17 -0700 Vagrant Cascadian wrote: Hey, I am really tempted to just write this off as a bad faith argument (which it mostly is) but either way i replied some things more down because I am trying to believe you are arguing in good faith. If its not a bad faith argument, please consider the time and place and the context of things before arguing next time. > On 2024-06-21, MSavoritias wrote: > > On Fri, 21 Jun 2024 09:51:30 -0700 > > Vagrant Cascadian wrote: > > > >> On 2024-06-21, MSavoritias wrote: > >> > On Fri, 21 Jun 2024 11:46:56 +0200 > >> > Andreas Enge wrote: > >> >> Am Fri, Jun 21, 2024 at 12:12:13PM +0300 schrieb MSavoritias: > >> >> > and as I mention in my first email I want to apply social pressure > >> >> > and make it clear to package authors what is happening so we can move > >> >> > to an opt-in model. > >> >> > >> >> Well, the opt-in model is in place: As soon as I put my code under a > >> >> free > >> >> license on the Internet, I opt in for it to be harvested by SWH (and > >> >> anybody > >> >> else, including non-friendly companies and state actors). > >> > > >> > That may be how you have understood it but that is not how most people > >> > understand it. > >> > See for example mirroring videos that creators have made online, or more > >> > recently some activitypub software harvesting posts for a search engine. > >> > > >> > >> I think the fundamental difference is that such videos or activitypub > >> posts are not necessarily released under a license that *expressly* > >> permits sharing. > >> > >> In most cases, those posts and videos are often released without any > >> license at all, and the person retains the legal, social, moral and > >> ethical rights to decide how that content is shared if at all. (I am > >> speaking with those terms in the "plain" english sense, although they > >> may have specific legal meanings in some contexts) > > > > Its not actually. License doesn't matter to fediverse communities (I am > > talking ones that are part of the BadSpace here) > > It is a social issue and treat accordinly. As in defederate (dont > > assosiate) with people who dont respect your community rules. > > Laws, and licenses have nothing to do with it. > > What is a license other than an explicit set of community rules > pertaining to the community around which that license is relevent > (e.g. a specific piece of software)? A license is a state instrument that compels somebody to do something otherwise they may get taken to state courts and have violence used against them by police > The simplest definition is "A license is a promise not to sue", because a > license usually either permits the licensed party to engage in an illegal > activity, and subject to prosecution, without the license From https://en.wikipedia.org/wiki/License You may equate license as social rules but outside of FSF and/or GNU nobody else really does. I havent seen it used anywhere like this. Also nobody is using licenses as social rules (not Gnu, not Guix, not Debian) nobody really. And GPL would make a horrible community anyway because it doesnt say anything about racism or sexism for example. > >> With something released under a Free Software license, calling someone > >> an "asshole" simply for using the permissions granted by that license, > >> by the very person who granted those permissions, starts to feel a bit > >> like a baited trap and honestly, maybe outright duplicitous. Certainly > >> rude, at the very least. > >> > >> Again, that is different from some arbitrary post or video or cat > >> picture on the internet, which more likely than not has no explicit > >> permissions granted. > > > > See about fediverse again. Its understood socially to be a bad thing not > > legally. > > Because after all mostly nobody has the time and money for state laws to > > work. > > If I tell you "go ahead and do X with this cool thing I made, as long as > you respect Y, forever, honest" and then you say "stop doing X now, I > take it back because Z" ... that might come across as socially > inappropriate weather there are laws involved or not; the law is > irrelevent as far as I am concerned. What somebody "tell you" is not only the license. You may try to make it simpler to make your life easier feel free. But what "somebody told you" is literally that. Just ask the person :) Anything else is pretending its all good to yourself. > Of course, context matters; maybe Z is something nobody had ever thought > of before, and it is a surprise to everyone... and maybe even pretty > undesireable. Maybe Z is a pretty arbitrary whim... and everything > in-between. Maybe, just maybe, there is a big ambiguous grey area or > even a gray area... > > A license is just a social arrangement, a codified set of social rules, > promises and expectations, just because it has some codified legal > enforcement mechanism does not change that.
Draft: dry-run + Exclude checker with package properties
Hi, Patch #71697 [1] introduces dry-run for the checkers and a way to exclude some checkers directly in the package definition. In addition to exclude checkers from the command-line. FWIW, I think it covers: > but it is too easy to forget and once the cat is out > of the bag privacy is lost Well, the way to display can be improved, IMHO. 1: https://issues.guix.gnu.org/71697#4 Cheers, simon
Missing packages in guix, was Nice meetup 22/06/2024
Soon I'll package wxFormBuilder which I need for my work with Kicad 7. Then I'll attempt to fix the bug that kicad does not find the standard footprint library on my Talos II. Finally I'll package libsurvive and try to get guixandrouid working.
Breath, let take a short break :-)
Hi MSavoritias, This message is not to cut any discussion but maybe it could be helpful or a bit saner if you refrain to rehash again and again the same to all messages, replying the same (or almost) to each person expressing different opinions. No blame, and I also include myself: being very enthusiastic to defend ideas and values. However, a storm of replies is maybe not the best mean to achieve such defense. :-) I think people got your points and your opinion, quickly summarized as: 1. SWH broke “implicit social rules”, 2. Because of that, Guix must make a clear public “pressure” against SWH. Let look how the thread looks like: https://yhetil.org/guix/87a5jfjoey@gmail.com/T/#rc72a0743026006ee9d4758cfa794df42a9964a55 (or this other one: https://yhetil.org/guix/87il1mupco.fsf@meson/#r) Then, for what my humble point of view is worth here, I think that your opinion is maybe not the consensus. Obviously, the discussion is still open and your opinion is welcome – yeah obviously welcome! – but maybe not by replying to all, each time. You are advocating for a safe place, right? From my eyes, when I see the structure of the thread, it does not generate a safe place where collaboration is encouraged. My feeling, when I do a step back and look to the structure of the thread, is that some opinions are silent because it’s hard to have the space to express them. Sometimes, a breath is helpful. Somehow, FWIW, I suggest you to let the discussion aside, then some days later read again some messages, try to differently understand what other peers are trying to express, and comment to few on a fresh mindset. All opinions are very welcome. We are all here because we value Free Software, community, people, etc. and not necessary in that order. And that’s very important to be able to express all the diversity. Again, this message is not a mean to cut any discussion. Instead, this message is a call to slow down. :-) WDYT? Cheers, simon
Re: About SWH, let avoid the wrong discussion
MSavoritias writes: >> To clarify. I am specifically opposed to a change in official Guix >> packages that allows for this statement: >> >> "Do not upload automatically to software heritage, and no one else can >> either." > > Let me put this more clear Richard, the statement above that archiving should > be off by default means: > > - Guix respects the consent of the person using guix lint and their > expectations. (that lint actually lints) > - Respects their privacy > - Respects their autonomy. User autonomy is not curtailed by informing an aligned service's crawler that an update has occurred. You have a first class option to disable whatever checks you don't want to run. That's autonomy. Since time immemorial "guix lint" has done more than strictly checking that code is formatted correctly. "guix lint" is a contributor's tool. Its features encode values that "we" want to preserve as new packages are added. The intended purpose of "guix lint" is to encourage "high quality" packages. We arrived at this meaning of "high quality" (as approximated by the workings of "guix lint") through years of collective work on packages. Since we've seen source code disappear, which negates Guix reproducibility guarantees by robbing users of Guix of their practical freedoms to the software, the modules of "guix lint" include discouraging the use of volatile URLs (like generated tarballs), suggesting the use of mirrors, and relatedly notifies SWH that the Guix software collection is about to change to increase your chances of getting identical source code years from now. All that because software freedom is void without source code. Here is a list of other checks that talk to the internet: --8<---cut here---start->8--- - home-page: Validate home-page URLs - source: Validate source URLs ... - cve: Check the Common Vulnerabilities and Exposures (CVE) database - refresh: Check the package for new upstream releases - archival: Ensure source code archival on Software Heritage --8<---cut here---end--->8--- Are these all privacy leaks? Are they in opposition of the goals of "guix lint"? In opposition to the goals of those who use "guix lint"? If so: why? > Now if you want to disagree that people should have privacy or > expectations then I fear we are becoming the next Google. This is jumping the shark, and I think it is a statement that is (unintentionally?) rather insulting to those of us who have been contributing to Guix for a long time and have spent many excess calories wringing their brains to make sure Guix is not your average tech bro project. It is disappointing to see the levity with which statements of this severity are dropped here. The Guix community that I choose to remember was less prone to making inflammatory statements when disagreements became apparent. -- Ricardo
