On Mon, 10 Jul 2023 01:52:34 -0400 bill-auger <bill-auger@peers.community> wrote: > the solution chosen for docker is not ideal because it sacrifices > "libre-effectiveness" - because dicker, like most of these, do not > expose licensing meta-data to the client, the only way to achieve 100% > libre-effectiveness for those, is either to reject them entirely > (very easy), or to host curated repos (very demanding) Most docker containers are created from other docker containers that contain distributions rootfs.
So if Debian or Ubuntu official or semi-official docker images are not FSDG compliant (which was my assumption when creating this fix), then there aren't many docker images that are OK. As far as I know, PureOS is the only FSDG compliant distribution to have official docker images on Docker Hub. And that image can still be downloaded and used anyway (by using 'registry-1.docker.io/pureos/byzantium' to refer to the pureos/byzantium image for instance). Then remains the non-distributions images like busybox that ship standalone software not depending on a distribution to run, but in that case that kind of software likely depends on a non-FSDG distributions to build, and that distribution is typically declared inside the DockerFile that builds that software. So now if we setup a docker repository, we would either need to convince PureOS to also publish their image in our repository, or to run their own repository and also publish their image there, or we would need to just download their images are republish them. Then we probably also need other FSDG distributions to also publish images in our docker repository. At this point we'd have more FSDG compliant images than on Docker Hub and we could probably start having drop-in replacements for Ubuntu made with Trisquel, drop-in replacements for Debian made with PureOS, etc. And then we could probably start auditing other DockerFiles and try to see if replacing Ubuntu by Trisquel works fine, and if the software being packaged in this way is also FSDG compliant, and then add more and more docker images in this way. But if So if some docker images of non-FSDG compliant distributions are FSDG compliant, then we can probably reconsider the strategy. Denis.
pgpJ_qskizozX.pgp
Description: OpenPGP digital signature
