guix-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: About SWH, let avoid the wrong discussion

From: Msavoritias
Subject: Re: About SWH, let avoid the wrong discussion
Date: Fri, 21 Jun 2024 20:04:01 +0300 
On Fri, 21 Jun 2024 16:33:40 +0000
Luis Felipe <sirgazil@zoho.com> wrote:

> El 21/06/24 a las 14:15, MSavoritias escribió:
> > On Fri, 21 Jun 2024 13:45:04 +0000
> > Luis Felipe <sirgazil@zoho.com> wrote:
> >  
> >> El 21/06/24 a las 10:44, MSavoritias escribió:  
> >>> On Fri, 21 Jun 2024 11:46:56 +0200
> >>> Andreas Enge <andreas@enge.fr> wrote:
> >>>     
> >>>> Am Fri, Jun 21, 2024 at 11:14:18AM +0300 schrieb MSavoritias:  
> >>>>> Aside from that even Guix uploading all code from the packages to
> >>>>> SWH that basically feeds it to a LLM model is indeed not honoring 
> >>>>> consent of the author of the package.  
> >>>> Guix does not upload code to SWH. It gives them a pointer to a public git
> >>>> repository that SWH then harvests or not according to their rules (see my
> >>>> reply to Dale yesterday). These are not the same things at all.  
> >>> This is bikeshedding and arguing on schemantics. Guix gives them a url to 
> >>> download the source code from, so ultimately we (the Guix project) is 
> >>> responsible for the code showing up in there.
> >>> Lets not argue over schemantics like this. It is even posted on their 
> >>> website in case you want to argue otherwise 
> >>> https://www.softwareheritage.org/2019/04/18/software-heritage-and-gnu-guix-join-forces-to-enable-long-term-reproducibility/
> >>>   
> >> I think the differentiation between sending code and sending a URL is
> >> necessary. Saying that Guix sends your code or your source files to SWH
> >> leads people to think that Guix *will* transmit those files from your
> >> local machine over the Internet to SWH machines when you run "guix lint
> >> YOUR_PRIVATE_PACKAGE". And that's not the case, is it?  
> > But I didnt say that tho did I? the context you are reading as from the 
> > quote is Guix uploading all code from its packages to SWH.
> > Not any private repos. So i have no idea what you are reffering to here 
> > tbh.  
> 
> No, you didn't.
> 
> What I'm trying to say is that I don't think specifying what Guix 
> sends/uploads to SWH is "bikeshedding". For example, when you say "Guix 
> uploading all code from its packages to SWH", it's ambiguous to me. I 
> don't understand whether you are referring to the package definitions or 
> to the source files those packages refer to. And, if I understand 
> correctly, Guix doesn't upload any of these to SWH.

From the `guix lint` documentation:

archival ¶

    Checks whether the package’s source code is archived at Software Heritage.

    When the source code that is not archived comes from a version-control 
system (VCS)—e.g., it’s obtained with git-fetch, send Software Heritage a 
“save” request so that it eventually archives it. This ensures that the source 
will remain available in the long term, and that Guix can fall back to Software 
Heritage should the source code disappear from its original host. The status of 
recent “save” requests can be viewed on-line.

    When source code is a tarball obtained with url-fetch, simply print a 
message when it is not archived. As of this writing, Software Heritage does not 
allow requests to save arbitrary tarballs; we are working on ways to ensure 
that non-VCS source code is also archived.

    Software Heritage limits the request rate per IP address. When the limit is 
reached, guix lint prints a message and the archival checker stops doing 
anything until that limit has been reset.

This is run for all packages in the Guix tree in case you didnt know. (and by 
default in guix lint)

MSavoritias
reply via email to
[Prev in Thread] Current Thread [Next in Thread]