On Fri, 19 Aug 2022 15:07:12 -0400 LUH LAH <[email protected]> wrote: > However, it seems quite foolish (to me) to disqualify Firefox solely > because you "could" install non-free addons. I think that if I were to > simply look on each developer's website (which Mozilla makes very > easy), I could easily find out whether or not it's FLOSS. FSDG compliant distributions makes sure that browsers do not come with a repository of addons which also contains nonfree addons.
This is typically done by either patching the browser, changing its build configuration or using a forks browsers (like icecat for instance) that don't have these issues. So we have browsers derived from Firefox, but they're not called Firefox (look instead for icecat, iceweasel, gnuzilla, etc) because the modifications are important enough to require to call it something else, even if most of the code is the same. Even looking for Firefox (with pacman -sS firefox or guix package -s firefox) works because the description of the package often mention that it's a browser that is based on Firefox. Here the project that makes Firefox requires distributions to change the name if the changes made to the code is too invasive, and that's not necessarily a bad thing: if someone modifies linux-libre to add nonfree software in it it would make sense to change the name along the way, otherwise that would mislead users. As for the repositories of software like the mozilla addon repository, they raise many issues: - First the FSDG requires to not refer to repositories that contain nonfree software. So if distributions still want to refer to these repositories, then they have the choice between working to modify the FSDG or deciding not to follow them anymore. The later is not a decision that is to be taken lightly. - Then the FSDG has these requirement for good reasons, many users, especially the less technical ones, can easily think that everything in the repository is free software while it's not. If that repository is not mentioned in any way or used in any way by an FSDG compliant distribution, it's pretty clear that users are on their own. If not, users make mistakes, and even technical users like me sometimes make that mistakes because we don't have the time to check everything. Getting together and doing that work together is precisely what FSDG compliant distributions enable people to do, so we are better off doing that together because of time constraints. In contrast with non-FSDG distributions having nonfree software is not a bug, so nonfree software can't be removed by bug reporting and/or contributing to remove it. That leaves users alone to do all the checking work, but that is almost as much work as doing an FSDG compliant distribution anyway, so it doesn't make sense not to regroup together to do that work. And for GNU/Linux distributions we also need to modify packages for it to work as often in non-FSDG distributions some crucial packages contain nonfree software. And the alternative of hoping that everything is fine in non-FSDG compliant distributions doesn't work either because things are not fine. - Anyone can claim that a given addon is free software. The question here is that, if I understood well, it's up to each addon maker to build the addon. So the current implementation of the mozilla addon repository makes it extremely difficult to check licensing information at a large scale. So again users have a hard time collaborating to do the checks here. The free software directory can help users collaborate to do freedom checks on projects but again there is a limitation because this project isn't concerned about binaries, it only check project source code, and it doesn't even build the source code. So for instance nonfree libraries and other things could be in the addons without the ability for users to learn about it easily. In contrast many distributions (including non-fsdg ones) do build packages themselves. This makes checking much more easy and it scales pretty well. Just building the package already tests many things automatically (that there is no missing dependency, that nothing is missing, etc). Combined that with manual review (like what the free software directory does) can yield pretty good results. Not combining building software and manual review however let too many nonfree software in for package users. - Different distributions have different licensing standard. For instance Debian main is 100% free software (but not FSDG compliant), so at least what it claims is free software usually is (but it might refer to addons repositories that contain nonfree software for instance). FSDG compliant distributions are also very strict on that as they try to do their best not to redistribute nonfree software. This also includes not redistributing upstream source code with nonfree software in it. Parabola has a mechanism (mksource()) that copes well with that requirement for instance. In contrast in many non-FSDG compliant distributions, Linux is considered free software even if it has files that contain nonfree software like arch/powerpc/platforms/8xx/micropatch.c. Some nonfree firmwares (like signed firmwares that can't be modified by the end users and the distributions) are also considered as free by many of these distributions. And here we're in a situation that is even worse because as I understood each addon producer would have their own standards. So we can safely say that there are freedom bugs that can't be fixed in such repositories. That said, it may be possible to make an FSDG compliant addon repository out of the mozilla addon repository without rebuilding the addons, but it would at least require a way to review the addons and to be able to fix things (for instance by removing non-compliant packages). Parabola works a bit like that as it reuses the FSDG compliant Arch Linux packages, but it also has the ability to replace the blacklisted packages by packages of its own (because otherwise it wouldn't be able to boot, because some packages like linux need to be replaced). Denis.
pgpbeulM63Rw7.pgp
Description: OpenPGP digital signature
_______________________________________________ linux-libre mailing list [email protected] http://www.fsfla.org/cgi-bin/mailman/listinfo/linux-libre
