I've had this discussion in the Parabola Dev mailing list before, however it did not gain much attention (due to a bunch of factors that were going on at the time) and I also believe this is something that would be more effective if done by a larger community such as this one, where many of us are the same people involved in these Libre GNU/Linux distros.
During the huge debate there was over Chromium and whether or not it is free, and Qt5 Webengine falling along with it, I was disturbed to see a few issues with the entire ordeal. Firstly: information was not being concentrated in a central location where everyone could see it, instead you had to read through tens of e-mails from the mailing lists (Parabola ones alone, I bet it would be hundreds if we're talking about other communities as well) just to start to find what people are talking about; secondly: there was hardly anyone looking into the validity of these claims, but rather people immediately started to think about how to deal with programs that depended on Chromium (like qt5-webengine) despite there being no concrete evidence of any sort; thirdly: the entire process has been going on for *way* too long, and certain essential packages (like qt5-webengine) are still on blacklists with no evidence incriminating them. Therefore, some time ago, on the Parabola Dev mailing list, I proposed a Quarantine Policy that could be put in place to make sure this kind of thing doesn't happen. It would be nice to see this done by all libre projects together collectively. So I will post in this e-mail a draft I came up with way back when: 1. When a package is suspected of being non-free in any way or form some superficial evidence should be provided, if not then the suspicion should be lifted as there is not even the most minimal amount of evidence. If there is, then we continue. 2. The packages in question should be put under quarantine. That is, temporarily removed from the repos of our libre distros. At this point an entry on some wiki (or even an etherpad) should be made where *absolutely all evidence* should be posted. What's more, only evidence posted in this place should be considered in order to encourage its use. 3. If after X amount of time (I think a month should do) no concrete evidence has been found (that is, pointing to the actual files/code or part of the project that is non-free where absolutely everyone can see it for themselves without a need to rely on other people's judgement) then the package should be removed from quarantine. If concrete evidence has at any point been found then it should be kept blacklisted and upstream should be notified of the problem *immediately*. 4. If the package has been released from quarantine and new evidence arises then we move back to step 1. If this reoccurs several times then it may be necessary to increase the amount of time in quarantine. Changes to this process are welcome, but I don't like seeing things being blacklisted for absolutely no reason, and I don't like that we're all running around like headless chickens on this kind of issue. We need to be organized, and organization among large groups will require some kind of policy. -- Nicolás Ortega Froysa (Deathsbreed) https://themusicinnoise.net/ http://uk7ewohr7xpjuaca.onion/ Public PGP Key: https://themusicinnoise.net/[email protected]_pub.asc http://uk7ewohr7xpjuaca.onion/[email protected]_pub.asc
signature.asc
Description: PGP signature
_______________________________________________ libreplanet-discuss mailing list [email protected] https://lists.libreplanet.org/mailman/listinfo/libreplanet-discuss
