On Mon, 3 Apr 2023 00:28:28 -0400 bill-auger <bill-auger@peers.community> wrote:
> On Mon, 3 Apr 2023 04:26:54 +0200 Denis wrote: > > And as you pointed in another mail, that's already covered as in an > > "actively maintained" criteria. > > a bit too vaguely though, to capture this "action-ability" > concern - uruk would pass most of the criteria transitively > via pureos, including "actively maintained"; but it is > maintained by another distro, so not "actionable" by the uruk > maintainers If the goal is to respect the FSDG, users can also report to PureOS directly. > the FSDG only requires that distros are willing to address > freedom bugs - it does not explicitly say that they must be > _able_ to - presumably, that "action-ability" was taken for > granted (not specified, because it was assumed to always be the > case); but in the case of a supplemental spin-off, it is not the > case - such distros can only manage the supplemental packages I think that the section about that is here: > Most distribution development teams don't have the resources to > exhaustively check that their distribution meet all these criteria. > Neither do we. So we expect distros to occasionally contain mistakes: > nonfree software that slipped through, etc. We don't reject a > distribution over mistakes. Our requirement is for the distribution > developers to have a firm commitment to promptly correct any mistakes > that are reported to them. But distributions probably cannot have firm commitment to correct mistakes if they are knowingly setup specifically to not be able to correct these mistakes. Though they could also make mistake about their infrastructure, setup, dependencies and so on and accidentally get in a situation where they cannot easily fix things. Parabola is in this situation with the licenses of the packages definition that isn't very clear. So depending on the authors, the specific packages definitions, and maybe the licenses of the packages depending on how you interpret the GPL(v2/3?), it could be considered nonfree, non-copyrightable or under free licenses (a minority of packages definitions have licenses). Replicant also got in a situation like that because at some point it depended on Debian main instead of FSDG approved distributions (I've spent a lot of time trying various approaches to fix that but it's not easy, so help would be welcome there). We'd also need help to review the repositories licenses as some nonfree source code can more easily slip in Replicant than in distributions that have package definitions. This text also seems to work with the situation where there is just too much packages to fix (for instance with third party package managers that slip in everywhere): the "firm commitment" can work if the distribution start addressing the problem. Denis.
pgp4oE6IW4WXb.pgp
Description: OpenPGP digital signature