> I thought the license name was a free text field.
I was partly mistaken. If you select "Other" you are indeed given a text
field in which to enter a different license. However, as you say, most free
addons are probably under one of the seven licenses listed, and anyone using
one of
>Rather, there shouldn't *be* a repo with non-free things in it. So: Copy the
free things into a new repo, and then all FSF-endorsed distros can change the
address in their copy of pypi to access the new location instead.
this.
Right. Those things (add-ons and Firefox and Thunderbird and other
Mozilla-branded things like the Rust programming language as well as other
things) are all good candidates to be handled in a cross-distro way as well.
Currently the FSF-endorsed distros each solve that problem on their own
Most that I'm aware of already are, though there's sometimes a problem of
them not being available for Python 3 (in particular Pygame and Pyglet; note,
both of these libraries work with Python 3, so this is a packaging problem in
both cases).
I tend to think of my own libraries (sge,
It occurs to me that if creating a cross-distro free replacement
repository is realistic, a better target might be addons.mozilla.org
Firefox and Thunderbird addons are used more frequently and by
non-developers, Trisquel is already attempting to maintain a free
replacement[1] manually, and the
> I tend to think that PyPI is less important than you might think.
Thanks, onpon4. You would know much better than I how useful pip is
to developers, so I'm sure you're right. Do you mind clarifying though
whether by
> important libraries
> should just be included in the regular repo.
you mean
> It's a nice idea but as you've said it's hard to do in an automated way.
> Some human intervention will always be needed.
Yeah, you're probably right. There's so much ambiguity in the license
statements that any automated approach aggressive enough to remove all
proprietary software would also
linux-libre isn't even allowed to mention the name of non-free
software.
I agree with onpon4. In addition, pip does not require cryptographic package
signing using tools such as GPG so you could be downloading altered packages
if someone breaks into the PyPI website and replaces a package with a
malicious version.
PyPI did in fact contain malicious packages in
I tend to think that PyPI is less important than you might think. Yes, it's
convenient. But it's a language-specific installer, easy to install yourself
if you really want it, and even if you don't have it, it's perfectly easy to
just download the files from PyPI, extract, and do
It's a nice idea but as you've said it's hard to do in an automated way. Some
human intervention will always be needed. This is probably why Trisquel is
doing what it's doing; It's easier to remove it than it is to filter and
maintain it.
This problem isn't specific to Trisquel though. It
(5) My programming experience is limited and I took this on partially as an
educational project, so technical feedback is also welcome.
As discussed in this bug report,[1] pip allows the user to search and install
software from pypi.org, some of which is proprietary. It looks like pip is
going to be removed entirely[2] to address this freedom issue. However, since
most software in the PyPI repository is free, I think it
13 matches
Mail list logo