Re: [GNU-linux-libre] DSFG in perpetuity
On 03/24/2018 09:20 PM, Robert Call wrote: > I don't think kicking distros off the list is a good approach (unless > they show they are not willing to fix real freedom issues). As for > kicking distros that don't release frequently, a better approach might > be to get them the help they need instead of punishing them. i hear ya, bob - i dont intend any disrespect to anyone - as for these current examples. i would not see it as punishing anyone - just to avoid recommending distros that can not attend to their users needs for whatever reason as for BLAG, it is not so much that they have not released recently; but it actually does not exist - both the distro and its maintainers seem to have evaporated and as for proteanos, if no one reads their mailing list, or communicates with their community in any way, then surely that qualifies as "not willing" i agree that it would be better if they could get help - i have expressed the sentiment recently that it would have been better for pureos to offer help to gnewsense instead of launching a new brand - but in any case, before anyone could offer help, the current maintainers first need to be contacted and asked if they want help - and for that to happen, they need to answer their mail or, at least, read this list i am not at all the type to just "throw it over the fence" and say: "*someone* should really do that thing" - i could probably be convinced to take over BLAG myself if i thought that anyone actually wanted to use it - i sent another message to the BLAG mailing list today to ask someone to join this discussion regarding their possible removal - so what to do if no one from the project as much as offers to defend it's very existence? is it really worth endorsing further? o/c *all* of these distros could use more help - a counter-point could easily be made that there are too many now for the small number of maintainers that are keeping them all going - and that it would be healthier to merge a few of them on the other hand, there are new ones coming in now - even if several of them merged or were demoted now, it would still be a net gain in the number of distros over the course of the next year signature.asc Description: OpenPGP digital signature
Re: [GNU-linux-libre] DSFG in perpetuity
geez, these reactions like: "condemnation" and "punishment" - im really only addressing the most extreme (stick a fork in it) cases here - i did not realize any were ever demoted for any reason for any period of time in the past - that is really all i hoped to establish as a baseline for On 03/24/2018 08:47 PM, Jason Self wrote: > Distros are expected to fix freedom problems but I don't know that the > FSDG can be read that a distro must provide support to its users > beyond providing for a way to report freedom problems. sure, BLAG and proteanos do have mailing lists on which freedom problems could be reported - but they are quite pointless if the maintainers do not read their mail On 03/24/2018 08:47 PM, Jason Self wrote: > The GNU Bucks > program, for example, conditions getting the Buck not merely on > *allegation* of a problem but "after the maintainer has confirmed that > the bug is valid." Why not tie program removal to that same standard? well, because i am of the mind that software should be considered non-free until proven otherwise - and probably a court would agree if it ever came to that - so such a program probably should have never gotten into a FSDG distro the first place if it has never been established as being distributable - one should hope that the question of whether or not a program is freely licensed is something objectively verifiable and in fact verified; rather than something to be subjectively decided by the each downstream i have said it again and again: i dont care what the actual answer is in this case - i just want everyone to agree what the answer is but if that is impossible to determine objectively, then the size of this program IS itself it's own worst problem; justifying, on that fact alone, not to provide this opaque behemoth to users - if no one (including it's own maintainers) can so much as determine the licensing of such a massive program; then HTF can anyone be confident enough to endorse what the executable code may or may not do once running on the users machine? signature.asc Description: OpenPGP digital signature
Re: [GNU-linux-libre] DSFG in perpetuity
On 2018年03月24日 20:47, Jason Self wrote: > My recollection of why they were put back is that the notion of if a > distro was actively maintained or not was supposed to be based on how > the maintainers of the distro classified it and not on some > externally-measurable thing like when the last release was, how > current the program versions are, or whatever. This allows, for > example, for distros that are slow-moving because of a lack of people > power to not find themselves kicked off the list because of a > popularity contest. And that's exactly what it would become: "I'm > sorry, but there are more people helping with Distro X and not Distro > Y so Distro Y hasn't been making much progress and hasn't had a > release in a while so you're gone." It's not supposed to be a > popularity contest and, if anything, slower-moving distros that have > less people power probably need more help than the more active & > popular ones do rather than condemnation and a push to remove them. I sent an email to this list not too long ago suggesting a set of rules for determining if a distro is considered to be current or not. Let's see... Ah, here it is: http://lists.nongnu.org/archive/html/gnu-linux-libre/2018-01/msg00011.html I suggested the following rules: 1. The distro's maintainers should annually do one of the following: (a) publish a new release; (b) publish a post summarizing work done on the distro in the prior year which directly impacts the distros users (for example, such a post could note important packages which have been updated in the current release and what these updates mean to the users); (c) write to the FSF to explain why no updates have been necessary in the respective year (and, in particular, why the security and hardware compatibility implications of this are unimportant). 2. The distro should ensure one of the following: (a) that all known security vulnerabilities are fixed for users of the current release of the distro in a reasonable timeframe; (b) that new, non-technical users of the distro can see that it has or may have security vulnerabilities, e.g. via a warning on the distro's website that security updates are not always delivered. 3. The distro should either: (a) be reasonably expected to be compatible with computers that can currently be bought from mainstream retailers; (b) indicate on its website what hardware it is compatible with. I came up with this set of rules to address specific potential concerns: * Concerns that the FSF may be recommending distros that are useless due to use of very old software. * Concerns that the FSF may be recommending distros that are unsafe to use. * Concerns that the FSF may be recommending distros that don't work on modern hardware, due to reliance on a very old version of Linux. * Concerns that addressing these other concerns would cause distros that don't need frequent updates to be unfairly affected. I understand the idea that shafting unpopular distros is undesirable, but the FSF's list is supposed to serve a particular purpose: to suggest distros for users to use. If a suggestion is for a distro that is vulnerable and never updated (e.g. BLAG), a user goes with that suggestion, and that user gets their credit card information stolen because of some really old vulnerability, who do you think they're going to blame? BLAG, possibly, but also the FSF for recommending it in the first place. -- Julie Marchant https://onpon4.github.io signature.asc Description: OpenPGP digital signature
Re: [GNU-linux-libre] DSFG in perpetuity
On Sat, 2018-03-24 at 13:51 -0400, bill-auger wrote: > i have been assuming that the FSDG is intended to be ongoing > requirements and not only a guide for initial consideration; and that > the post-review adfeno and i did last summer may have been the first, > not because it was unwelcome, but only because no one had yet taken > the > initiative to do it > > ... > admittedly, i have been kicking pureos a lot lately - mainly because > i > have been hoping to see someone from pureos defend it - it seems > quite > clear to me that no one from pureos is reading this list - i would > propose that one of the FSDG requirements should be for each distro > to > elect a delegate to follow, if not actively participate in the > discussions on this list on behalf of the distro - and ideally, to > stand > uniformly with the greater community in the grey areas of the FSDG > such > as the current chromium issue and the debian kernel > Some of the issues mentioned are critical issues, but not all of them. I don't think kicking distros off the list is a good approach (unless they show they are not willing to fix real freedom issues). As for kicking distros that don't release frequently, a better approach might be to get them the help they need instead of punishing them. Writing press releases or reaching out in our networks to find people wiling to help would make a world of difference instead of shrinking the choices of libre distros. -- Robert Call (Bob) b...@bobcall.me https://librecmc.org
Re: [GNU-linux-libre] DSFG in perpetuity
On 03/24/2018 08:47 PM, Jason Self wrote: > I don't understand the desire to boot distros off over how > "maintained" they are. before i read the rest of this - my desire is not to kick any off - i only am trying to clarify the grey areas "actively maintained" is one of the criteria - so what does that entail exactly? - surely, at the very least, "it must still exist"? and "there must be some indication that a human maintainer still exists" signature.asc Description: OpenPGP digital signature
Re: [GNU-linux-libre] DSFG in perpetuity
I don't understand the desire to boot distros off over how "maintained" they are. (Like how often releases happen, etc.) Both Blag and Ututo have been removed before. That can be seen in the log from the version control system [0]. One of the cited reasons, for Blag, was "it was last updated in 2011." My recollection for Ututo is that it was along similar lines. But, as you can see, they were both re-added (you can check the version control system log for that.) My recollection of why they were put back is that the notion of if a distro was actively maintained or not was supposed to be based on how the maintainers of the distro classified it and not on some externally-measurable thing like when the last release was, how current the program versions are, or whatever. This allows, for example, for distros that are slow-moving because of a lack of people power to not find themselves kicked off the list because of a popularity contest. And that's exactly what it would become: "I'm sorry, but there are more people helping with Distro X and not Distro Y so Distro Y hasn't been making much progress and hasn't had a release in a while so you're gone." It's not supposed to be a popularity contest and, if anything, slower-moving distros that have less people power probably need more help than the more active & popular ones do rather than condemnation and a push to remove them. Distros are expected to fix freedom problems but I don't know that the FSDG can be read that a distro must provide support to its users beyond providing for a way to report freedom problems. Your question of "should the new release be subject to a fresh review or grandfathered in on good faith" seems very similar to what you asked in the other thread. And so that brings up all of those same responses I wrote. There's no reason someone can't go do a review of any FSF-endorsed distro. I think the reason that they're not done is a lack of people power. Please feel free to start a review of Ututo or any other one. I don't have the free time to do that myself right now but I'm not going to stop anyone else that wants to do. AFAIK, no one has done the deep-dive into Chromium needed to make a determination one way or the other. I don't think there's any harm in distros removing Chromium (or any particular thing) if they want to -- after all, I don't think the FSDG can be read to compel any particular distro to carry any particular program -- but at the same time if a distro wants to instead wait until a particular issue has been properly researched and confirmed as valid so as to avoid unnecessarily removing packages only to put them back in later, I don't see how that would not be FSDG compliant. Especially on a large program like Chromium where much effort is required. The GNU Bucks program, for example, conditions getting the Buck not merely on *allegation* of a problem but "after the maintainer has confirmed that the bug is valid." Why not tie program removal to that same standard? That still wouldn't prevent distros from going further if they elected to. Like it doesn't require distros to remove programs over patent problems or require that non-functional data (I'm thinking wallpapers, etc.) be under a free culture license but at the same time it wouldn't prevent a distro from having such a policy either. > admittedly, i have been kicking pureos a lot lately - mainly because > i have been hoping to see someone from pureos defend it - it seems > quite clear to me that no one from pureos is reading this list - i > would propose that one of the FSDG requirements should be for each > distro to elect a delegate to follow, if not actively participate in > the discussions on this list on behalf of the distro That does seem a good idea. [0] http://web.cvs.savannah.gnu.org/viewvc/www/www/distros/free-distros.html?view=log
[GNU-linux-libre] DSFG in perpetuity
i have been assuming that the FSDG is intended to be ongoing requirements and not only a guide for initial consideration; and that the post-review adfeno and i did last summer may have been the first, not because it was unwelcome, but only because no one had yet taken the initiative to do it that being said, if the FSDG is to be applied perpetually; that puts several such issues on the table presently: * BLAG does not exist - this triggers multiple criteria ("Complete Distro", "Actively maintained") - not that i want to see it go away; but i think there should be, at the very least, some communication with it's former maintainers regarding any future plans - if no one takes on it's stewardship soon, then maybe it should be retired to a "historical mention" category * no one associated with proteanos answers the mailing list or participates in the distro's IRC channel; which still has a few straggling users that have not seen the maintainer in many months (perhaps a year now) - as with BLAG, i wrote to the mailing list asking about its future and got no response - i do think "Actively maintained" should be read to imply "answer your email" or "join you own IRC channel once in a while" * ututo completely uprooted their distro from a gentoo to a ubuntu base - should the new release be subject to a fresh review? or grandfathered in on good faith? * pureos has a long-standing open request to remove chromium in solidarity with the other FSDG distros - that issue is o/c a separate can of worms; but i think all distros should be projecting a uniform message, however vague the circumstance, until such controversies are resolved - or *at the very least*, all distros affected by the controversy should be participating in the discussions on this list * then, the other can of worms regarding the debian kernel - if this is what has been preventing connochaetos from being endorsed, then pureos and any future candidates should be held to that same standard without exception - again, at the very least, all distros affected by the controversy should be expected to participate in the discussion on this list admittedly, i have been kicking pureos a lot lately - mainly because i have been hoping to see someone from pureos defend it - it seems quite clear to me that no one from pureos is reading this list - i would propose that one of the FSDG requirements should be for each distro to elect a delegate to follow, if not actively participate in the discussions on this list on behalf of the distro - and ideally, to stand uniformly with the greater community in the grey areas of the FSDG such as the current chromium issue and the debian kernel signature.asc Description: OpenPGP digital signature