Le 26/09/2023 à 22:02, Connor Behan a écrit :
Sorry but I don't buy the logic here.
That's fine, that thread is there to debate :D
1 - This "extreme example" actually happened [1][2] (multiple other times than that in fact, those are just the 2 most recent examples), yet people were debating whether this should be kept/allowed on the AUR or not. That's actually the requests that started the discussion in the TU channel I was referring to. As extreme as it might be, this example is valid enough to be brought here in my opinion as that's actually the one that started it all. 2 - I purposely expanded the debate beyond the actual the abgx360 example as, in my opinion, the purpose of this thread should be about debating if and where we draw the line about "illegality/ethic" in a general way on the AUR. If anything, debating about the abgx360 specific should probably be done in the related AUR request thread instead [3].On Tue, Sep 26, 2023 at 4:21 PM Robin Candau <an...@archlinux.org <mailto:an...@archlinux.org>> wrote:Le 26/09/2023 à 20:11, netsysf...@das-labor.org <mailto:netsysf...@das-labor.org> a écrit : > abgx360 has been deleted recently (see > https://lists.archlinux.org/archives/list/aur-reque...@lists.archlinux.org/thread/VPDQERST63DRZFYFS7JH6YIDWXSFE5TX/#VPDQERST63DRZFYFS7JH6YIDWXSFE5TX <https://lists.archlinux.org/archives/list/aur-reque...@lists.archlinux.org/thread/VPDQERST63DRZFYFS7JH6YIDWXSFE5TX/#VPDQERST63DRZFYFS7JH6YIDWXSFE5TX>). I noticed it because https://wiki.archlinux.org/title/Burning_Xbox_360_games <https://wiki.archlinux.org/title/Burning_Xbox_360_games> has a broken link. > > There are two reasons for the deletion: > 1. Legality of home backups. Though we have stuff like popcorntime in > the AUR or even whipper in extra, so it should not matter. > 2. Bad licensing. > > There is no upstream license set, thus applying the default copyright > rules: > >> You're under no obligation to choose a license. However, without a >> license, the default copyright laws apply, meaning that you retain all >> rights to your source code and no one may reproduce, distribute, or >> create derivative works from your work. > > However, as the AUR only ships PKGBUILDs we are neither reproducing or > distributing it and it does also not seem like a derivative work. > Alad already poked upstream about this. > https://github.com/BakasuraRCE/abgx360/issues/7 <https://github.com/BakasuraRCE/abgx360/issues/7> > > This was also painstakingly discussed on IRC in both -aur and -wiki, > leading to walls of text. > Antiz made the decision to delete in good faith and there was apparently > also an internal discussion in the staff channel, which we agreed on > should have been public. > > My opinion is that the package should be restored. I do not even use it > and only noticed because of said dead link, yet the decision feels off. > Antiz said that they are rethinking it, too. Hi, Thanks for bringing this up in a ML thread! Allow me to bring a bit more context about this whole situation and the "painstakingly" discussion that followed: Some time ago, we had to deal with a deletion request about an unofficial game launcher allowing you to play the said paid game for free (basically a pirated game and thus illegal. That was even clearly written on upstream's website). A quick debate has then been launched in the private TU channel at the time to discuss whether we should reject it (and thus allow or simply don't care about quoted "illegal" stuff on the AUR) or accept it and take a position regarding this. The main argument in favor of rejecting this request basically was that the AUR is only hosting PKGBUILDs, not the actual sources. Meaning that we cannot be accused of redistributing illegal/copyrighted/whatever stuff as we are actually not redistributing anything, thus we shouldn't care about it. The main argument in favor of accepting this request is that, while the AUR only hosts PKGBUILDs and not sources, and that it is made clear that AUR packages are not officially supported; the AUR itself (meaning the actual platform) is an official Arch ressources that is managed, maintained and moderator by official Arch staff. As such we should keep a good image of this official ressource and not allow such quoted "illegal" software, whatever the reason could be: piracy, licensing violation (like it's the case for the software listed as an example), etc... As you probably guessed, my opinion goes into the above paragraph. While the argument of "the AUR is only hosting PKGBUILDs" is valid in situations where we would be accused of redistributing something without the proper permissions, I personally wouldn't want the AUR to become a privileged source to share/download/install illegal stuff because of the gray area the above brings in term of moderation and legality. What I'd like to highlight here is that it is an ethical matter more than a technical/juridical one. In that sense, I think it's totally fine to have a spotify AUR package, despite the fact it may not be authorized to redistribute it (because we're not actually redistributing it, that's the whole point). However, I don't think it's fine having "Minecraft-cracked" AUR package, not because of the (not) redistributing part but because of ethically of letting/allowing a **clearly** illegal package on the AUR.Minecraft-cracked is an extreme example because we know full well that the publisher of Minecraft intends to make an income from its sale. Such is not the case here.
By the way, I insist on the **clearly** part. To take the 2 examples
given in the initial message: I think the licensing violation/issue of
the abgx360 package was clear enough to accept its deletion.
As for whipper, I don't see any issue with it. While you can do illegal
stuff with it, a ripping software itself as nothing illegal. Everybody
own knives after all :p
As for popcorntime if it is **clearly** categorized as illegal, I would
personally vote for its removal.
If it turns out that the GitHub user BakasauraRCE has been acting with
authorization from Seacrest the entire time, it will turn out that the
package is legal. So it seems that the opposite standard has been
applied here. I.e. deleting a PKGBUILD unless what it links to is
clearly legal.
The deletion request wasn't blindly accepted.Upstream expressed themself about the deletion request [4] and basically said that only the original author (Seacrest) should have the right to legitimately call them out regarding the fact they use copyrighted code without authorization (in their opinion). That makes it pretty clear that they've been acting without permissions on that front, I don't think it can still be turned out the other way around.
Though, if upstream ever change/clarify this situation with Seacrest [5], they could re-upload their package on the AUR in total legitimacy.
Anyway, once again, I don't think this thread should be about the abgx360 specific case. It is the case that motivated it but I think this thread should actually be a broader debate about if we should allow "illegal/unethical" packages on the AUR or not and, if not, what should be categorized and treated as such (in the aim of having a clear guideline regarding this and avoid having such questioning about this currently grey area in the future).
Just a quick note about the painstakingly discussion that happened on IRC regarding this: I do agree that such a debate should have been discussed publicly and lead to a clear and established statement/decision (which we'll hopefully get now that it has been exposed here). As such, I want to say that the decision of removing the abgx360 AUR package was purely my own personal decision. To sum up, I think that the AUR itself should be maintained with the same ethics we try to apply to the Arch project as whole. In my opinion, stating not to care of such things can (and probably will) be interpreted as simply allowing/accepting it. Now, regardless of my opinion, my primary wish there is that we're able to conclude on an actual statement that I will accept, whatever the final decision is. It would just be great to have a proper guideline on this to avoid any more miss-understanding.-- Regards,Robin Candau / Antiz
[1] https://lists.archlinux.org/archives/list/aur-reque...@lists.archlinux.org/thread/FE6VG5SDKYONH5GXKIEMMXS2BWDPXAFV/ [2] https://lists.archlinux.org/archives/list/aur-reque...@lists.archlinux.org/thread/IU3UVJPD3EHNXQLMXKKSX727GCLMNGYL/ [3] https://lists.archlinux.org/archives/list/aur-reque...@lists.archlinux.org/thread/VPDQERST63DRZFYFS7JH6YIDWXSFE5TX/ [4] https://lists.archlinux.org/archives/list/aur-reque...@lists.archlinux.org/message/PD4OMAROBNEEPNQQ6FV7RYFILSZOZTEQ/
[5] https://github.com/BakasuraRCE/abgx360/issues/7 -- Regards, Robin Candau / Antiz
OpenPGP_0xFDC3040B92ACA748.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
