Questions about Linux-Libre's effectiveness
Denis 'GNUtoo' Carikli
GNUtoo at cyberdimension.org
Mon Aug 22 13:46:24 UTC 2022
On Fri, 19 Aug 2022 15:07:12 -0400
LUH LAH <welpthisdidnotwork at gmail.com> wrote:
> However, it seems quite foolish (to me) to disqualify Firefox solely
> because you "could" install non-free addons. I think that if I were to
> simply look on each developer's website (which Mozilla makes very
> easy), I could easily find out whether or not it's FLOSS.
FSDG compliant distributions makes sure that browsers do not come with
a repository of addons which also contains nonfree addons.
This is typically done by either patching the browser, changing its
build configuration or using a forks browsers (like icecat for
instance) that don't have these issues.
So we have browsers derived from Firefox, but they're not called
Firefox (look instead for icecat, iceweasel, gnuzilla, etc) because the
modifications are important enough to require to call it something
else, even if most of the code is the same.
Even looking for Firefox (with pacman -sS firefox or guix package -s
firefox) works because the description of the package often mention
that it's a browser that is based on Firefox.
Here the project that makes Firefox requires distributions to change
the name if the changes made to the code is too invasive, and that's
not necessarily a bad thing: if someone modifies linux-libre to add
nonfree software in it it would make sense to change the name along the
way, otherwise that would mislead users.
As for the repositories of software like the mozilla addon repository,
they raise many issues:
- First the FSDG requires to not refer to repositories that
contain nonfree software. So if distributions still want to refer to
these repositories, then they have the choice between working to
modify the FSDG or deciding not to follow them anymore. The
later is not a decision that is to be taken lightly.
- Then the FSDG has these requirement for good reasons, many users,
especially the less technical ones, can easily think that
everything in the repository is free software while it's not. If that
repository is not mentioned in any way or used in any way by an FSDG
compliant distribution, it's pretty clear that users are on their own.
If not, users make mistakes, and even technical users like me
sometimes make that mistakes because we don't have the time to check
everything.
Getting together and doing that work together is precisely what FSDG
compliant distributions enable people to do, so we are better off
doing that together because of time constraints.
In contrast with non-FSDG distributions having nonfree software is not
a bug, so nonfree software can't be removed by bug reporting and/or
contributing to remove it.
That leaves users alone to do all the checking work, but that is
almost as much work as doing an FSDG compliant distribution anyway,
so it doesn't make sense not to regroup together to do that work. And
for GNU/Linux distributions we also need to modify packages for it to
work as often in non-FSDG distributions some crucial packages contain
nonfree software.
And the alternative of hoping that everything is fine in non-FSDG
compliant distributions doesn't work either because things are not
fine.
- Anyone can claim that a given addon is free software. The question
here is that, if I understood well, it's up to each addon maker to
build the addon. So the current implementation of the mozilla addon
repository makes it extremely difficult to check licensing
information at a large scale. So again users have a hard time
collaborating to do the checks here.
The free software directory can help users collaborate to do freedom
checks on projects but again there is a limitation because this
project isn't concerned about binaries, it only check project source
code, and it doesn't even build the source code. So for instance
nonfree libraries and other things could be in the addons without the
ability for users to learn about it easily.
In contrast many distributions (including non-fsdg ones) do build
packages themselves. This makes checking much more easy and it scales
pretty well. Just building the package already tests many things
automatically (that there is no missing dependency, that nothing is
missing, etc). Combined that with manual review (like what the free
software directory does) can yield pretty good results.
Not combining building software and manual review however let too
many nonfree software in for package users.
- Different distributions have different licensing standard. For
instance Debian main is 100% free software (but not FSDG compliant),
so at least what it claims is free software usually is (but it might
refer to addons repositories that contain nonfree software for
instance).
FSDG compliant distributions are also very strict on that as they try
to do their best not to redistribute nonfree software. This
also includes not redistributing upstream source code with nonfree
software in it. Parabola has a mechanism (mksource()) that copes well
with that requirement for instance.
In contrast in many non-FSDG compliant distributions, Linux is
considered free software even if it has files that contain nonfree
software like arch/powerpc/platforms/8xx/micropatch.c.
Some nonfree firmwares (like signed firmwares that can't be
modified by the end users and the distributions) are also considered
as free by many of these distributions.
And here we're in a situation that is even worse because as I
understood each addon producer would have their own standards. So we
can safely say that there are freedom bugs that can't be fixed in
such repositories.
That said, it may be possible to make an FSDG compliant addon
repository out of the mozilla addon repository without rebuilding the
addons, but it would at least require a way to review the addons
and to be able to fix things (for instance by removing non-compliant
packages).
Parabola works a bit like that as it reuses the FSDG compliant Arch
Linux packages, but it also has the ability to replace the blacklisted
packages by packages of its own (because otherwise it wouldn't be able
to boot, because some packages like linux need to be replaced).
Denis.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://www.fsfla.org/pipermail/linux-libre/attachments/20220822/1ba30f44/attachment.sig>
More information about the linux-libre
mailing list