[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [GNU-linux-libre] Third-Party Package Managers
|
From: |
Richard Stallman |
|
Subject: |
Re: [GNU-linux-libre] Third-Party Package Managers |
|
Date: |
Fri, 04 Aug 2023 21:56:27 -0400 |
[[[ To any NSA and FBI agents reading my email: please consider ]]]
[[[ whether defending the US Constitution against all enemies, ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]
> sry then - i should have kept that more focused - all of them will raise the
> same fundamental questions, whether investigated one by one or in tandem
I am sure that is true. So we can be sure that each of these systems
is a problem. That level of the issue won't take much thought.
But when it comes to _what to do about it_, the little details will
affect which solutions will function. That is what we will have to
study one by one.
> can we rely on the terse 'GPL3', 'MIT', 'BSD3' labels declared by anonymous
> uploaders, without looking at the code-base? - it is a simple question, and
> will be relevant to nearly all of these package managers - let is answer it
now
Ok.
As you're hinting at we can't really _rely_ on those tags.
But they are better than nothing. So I suggest considering this policy:
* By default, if a program has a tag suggesting it is free, treat it as
free.
* Maintain an override list, of packages in that repo which we found
to be nonfree.
* To judge a package, check our override list first, If the package is
not mentioned in our override list, then judge by whatever tag it has.
I think this is a good compromise between (1) being roughly correct
and (2) not requiring an awful amount of work.
However, even if several repos have the same general approach, they
may not be similar in practice. Maybe in language A, the users are
careful, and have upload few nonfree packages, and those are all
labeled. Maybe in language B they are sloppy.
The same code for an override list might be good for both A and B
but the overall solution might need to be different
--
Dr Richard Stallman (https://stallman.org)
Chief GNUisance of the GNU Project (https://gnu.org)
Founder, Free Software Foundation (https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)
- Re: [GNU-linux-libre] third-party package managers, (continued)
- Re: [GNU-linux-libre] third-party package managers, Richard Stallman, 2023/08/01
- Re: [GNU-linux-libre] Third-Party Package Managers, bill-auger, 2023/08/02
- Re: [GNU-linux-libre] Third-Party Package Managers, Michael McMahon, 2023/08/02
- Re: [GNU-linux-libre] Third-Party Package Managers, Denis 'GNUtoo' Carikli, 2023/08/05
- Re: [GNU-linux-libre] Third-Party Package Managers, Michael McMahon, 2023/08/15
- Re: [GNU-linux-libre] Third-Party Package Managers, Denis 'GNUtoo' Carikli, 2023/08/26
- Re: [GNU-linux-libre] Third-Party Package Managers, Michael McMahon, 2023/08/27
- Re: [GNU-linux-libre] Third-Party Package Managers, Denis 'GNUtoo' Carikli, 2023/08/31
Re: [GNU-linux-libre] Third-Party Package Managers,
Richard Stallman <=
Re: [GNU-linux-libre] Third-Party Package Managers, Denis 'GNUtoo' Carikli, 2023/08/10
Re: [GNU-linux-libre] Third-Party Package Managers, Richard Stallman, 2023/08/11