On Fri, 21 Jun 2024 11:46:56 +0200 Andreas Enge <andr...@enge.fr> wrote:
> Am Fri, Jun 21, 2024 at 12:12:13PM +0300 schrieb MSavoritias: > > and as I mention in my first email I want to apply social pressure and make > > it clear to package authors what is happening so we can move to an opt-in > > model. > > Well, the opt-in model is in place: As soon as I put my code under a free > license on the Internet, I opt in for it to be harvested by SWH (and anybody > else, including non-friendly companies and state actors). That may be how you have understood it but that is not how most people understand it. See for example mirroring videos that creators have made online, or more recently some activitypub software harvesting posts for a search engine. As I have been saying a lot in this thread (because there seem to be a lot of people in the Guix community not familiar that legal are not the same as social rules): -Just because you CAN do something doesn't mean you SHOULD. In the sense that yes somebody can probably harvest all my posts from activitypub and post them somewhere else, in practise they are an asshole tho and probably are going to be deferated pretty fast for breaking the social rules of common human decency :) This is by design in activitypub btw the social rule of don't harvest stuff. Same way that it is in xmpp. Not that assholes don't exist of course, but nobody is exempt from common human decency and a following the rules of a place. See also https://www.consentfultech.io/ for a good read. Hope it answers some questions. - What you are saying even if it was true, is not indicated anywhere in the manual or the website. (which is part of what I want to do.) Add a warning for package authors and commiters and a proper procedure. We are ultimately living in a society that we have some good faith by default that everybody acts respectfully (dont leak my messages that i sent to you in private for example). If they don't we take measures to not include them anymore. I am not saying this for SWH mind you, its just an example. Saying that I can do whatever I want is a very reductionist point of view that I doubt would be acceptable inside Guix and FSF even. Given that GPL itself doesn't allow you to do whatever you want. TBH it seems you are not the only one in this thread not knowing that laws (legal rules of states) ie. the FSF licenses and work and whatever, are not the same as social rules. But given that Guix has a CoC and social rules on top of that I am hopeful :) > Now the code may not be found by SWH, and the moment someone makes a Guix > package out of it and adds it to the Guix main channel, SWH will find and > archive it; but the opt-in has happened before at the moment I put the code > online with its license. > > Maybe I misunderstood to what you want to apply the term "opt-in" (after > reading your other message in which you use the term, this seems to be > the case). If it is to source code of packages being used for AI training, > there is actually no need to have a separate opt-in. Either it is legal > under your license (and then you have effectively opted in), or it is > illegal (in which case explicit opt-in already is a requirement). Again as I wrote above legal has nothing to do with it really. Its about our social rules and what we have as common understanding in Guix. if you just do something just because you can, then that makes you an asshole in my book. See hostile forks for example that have happened. > Am Fri, Jun 21, 2024 at 11:14:18AM +0300 schrieb MSavoritias: > > Aside from that even Guix uploading all code from the packages to > > SWH that basically feeds it to a LLM model is indeed not honoring consent > > of the author of the package. > > Guix does not upload code to SWH. It gives them a pointer to a public git > repository that SWH then harvests or not according to their rules (see my > reply to Dale yesterday). These are not the same things at all. This is bikeshedding and arguing on schemantics. Guix gives them a url to download the source code from, so ultimately we (the Guix project) is responsible for the code showing up in there. Lets not argue over schemantics like this. It is even posted on their website in case you want to argue otherwise https://www.softwareheritage.org/2019/04/18/software-heritage-and-gnu-guix-join-forces-to-enable-long-term-reproducibility/ > Whether or not one agrees with the SWH policy on LLM training (and I have > not looked at it well enough to form my opinion), I do not think there > is anything we should change at the level of the Guix project. Maybe SWH > should put into place an opt-in procedure for feeding LLM; but I do not > think we in Guix should put into place an opt-in procedure for informing > SWH of the source code we package. (Which would be completely ineffective > anyway: One single person in the world would be enough to run the code in > "guix lint -c archival" on all Guix packages in all channels they have > access to. For instance, SWH themselves.) Sure they can. But it starts with showing an example ourselves how it is done. If we wait on others we might as well shut guix down and go develop on macs or something :P Putting it in Guix is the optimal way to act in good faith towards our community imo. Is it harder? sure. But its always harder to care about consent and privacy and such than otherwise. MSavoritias > > Andreas >
