Not so long ago there was a big bruhaha over the qt5-webengine package and whether or not it was free. I am not going to bring up the specifics of that issue, as it has its own thread, but I dislike the way that the situation was handled and I believe it can be improved.
First and foremost, I disliked how hard it was for me to find any evidence whatsoever about the topic. I also dislike how when the evidence was placed initially it was not put to the test either (much of it was actually pretty old). I also disliked how long it ended up taking with the lack of evidence that I saw. I am not against removing packages temporarily until freedom issues are either proven non-existent or solved (and permanently if neither), but I believe there should be a more strict policy on the matter so that one can easily analyze the information and so we aren't all running around like headless chickens having something that may be perfectly fine Free Software being blacklisted. My proposal is the following: when someone brings up a freedom issue (or even privacy, for that matter) they should also links to the information that lead them to this conclusion, once we see that these links have something behind them (a quick skim through the links) we can put in place the temporary quarantine of the package. After this point all information regarding the freedom issues with the package should be concentrated in one place (public place where everyone can see it) and a more thorough investigation of the matter (finding exact files that are non-free) should take place. If no actual evidence is found or the evidence has *all* been countered after X amount of time (I think a month or two should do) then the package is taken out of quarantine until more concrete evidence can be found. If evidence is found and cannot be countered then the package is labelled permanently as non-free until either upstream fixes the freedom issues (which *should be reported to upstream when found*) or we create a -libre package for it. The most important thing I want to be taken away from this is that information on the freedom issues of a package should be *easily available*. I shouldn't have to be asking absolutely everyone in the community who has the actual links so I can verify for my own eyes. What's more, the more eyes we have on the issue the more information we can obtain and the faster we can solve things. I brought up the qt5-webengine issue as an example, I did not send this e-mail to talk about it directly but something I noticed as a consequence of it. So please let's not make this thread about that (since I can see it coming). With a policy similar to this I believe we'll be able to handle these freedom issues in a much more orderly, organized, and effective manner. -- Nicolás Ortega Froysa (Deathsbreed) https://themusicinnoise.net/ http://uk7ewohr7xpjuaca.onion/ Public PGP Key: https://themusicinnoise.net/[email protected]_pub.asc http://uk7ewohr7xpjuaca.onion/[email protected]_pub.asc
signature.asc
Description: PGP signature
_______________________________________________ Dev mailing list [email protected] https://lists.parabola.nu/mailman/listinfo/dev
