Re: About SWH, let avoid the wrong discussion

[Ricardo Wurmus]

MSavoritias <email@msavoritias.me> writes:

>> To clarify. I am specifically opposed to a change in official Guix
>> packages that allows for this statement:
>> 
>> "Do not upload automatically to software heritage, and no one else can
>> either."
>
> Let me put this more clear Richard, the statement above that archiving should 
> be off by default means:
>
> - Guix respects the consent of the person using guix lint and their 
> expectations. (that lint actually lints)
> - Respects their privacy
> - Respects their autonomy.

User autonomy is not curtailed by informing an aligned service's crawler
that an update has occurred.  You have a first class option to disable
whatever checks you don't want to run.  That's autonomy.

Since time immemorial "guix lint" has done more than strictly checking
that code is formatted correctly.  "guix lint" is a contributor's tool.
Its features encode values that "we" want to preserve as new packages
are added.  The intended purpose of "guix lint" is to encourage "high
quality" packages.  We arrived at this meaning of "high quality" (as
approximated by the workings of "guix lint") through years of collective
work on packages.  Since we've seen source code disappear, which negates
Guix reproducibility guarantees by robbing users of Guix of their
practical freedoms to the software, the modules of "guix lint" include
discouraging the use of volatile URLs (like generated tarballs),
suggesting the use of mirrors, and relatedly notifies SWH that the Guix
software collection is about to change to increase your chances of
getting identical source code years from now.  All that because software
freedom is void without source code. 

Here is a list of other checks that talk to the internet:

--8<---------------cut here---------------start------------->8---
- home-page: Validate home-page URLs
- source: Validate source URLs
...
- cve: Check the Common Vulnerabilities and Exposures (CVE) database
- refresh: Check the package for new upstream releases
- archival: Ensure source code archival on Software Heritage
--8<---------------cut here---------------end--------------->8---

Are these all privacy leaks?  Are they in opposition of the goals of
"guix lint"?  In opposition to the goals of those who use "guix lint"?
If so: why?

> Now if you want to disagree that people should have privacy or
> expectations then I fear we are becoming the next Google.

This is jumping the shark, and I think it is a statement that is
(unintentionally?) rather insulting to those of us who have been
contributing to Guix for a long time and have spent many excess calories
wringing their brains to make sure Guix is not your average tech bro
project.

It is disappointing to see the levity with which statements of this
severity are dropped here.  The Guix community that I choose to remember
was less prone to making inflammatory statements when disagreements
became apparent.

-- 
Ricardo