gnu-linux-libre
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [GNU-linux-libre] Developing free non-gnu operating systems


From: Denis 'GNUtoo' Carikli
Subject: Re: [GNU-linux-libre] Developing free non-gnu operating systems
Date: Mon, 27 Sep 2021 09:32:23 +0200

On Sun, 26 Sep 2021 15:46:00 -0500
quiliro@riseup.net wrote:

> Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org> writes:
> > Not really. Guix is a real package manager with code to build
> > software and so on. The idea with Guix is that, even if there are
> > some official repositories of compiled packages, you are free to
> > run your own or use the ones you want, etc.
> >
> > Unlike Guix, ReactOS had nothing to do with the creation of these
> > binaries in the first place, it just had a software that downloaded
> > binaries that contained installers and executed these binaries.
> 
> So, Guix audits the freedom of every single commit of each version of
> the source packages that it recommends?

Reading the Guix source code[1] and documentation[2] would probably make
all that more clear:
- The Guix package manager and the packages are developed in a single
  git repository[1]. That repository is the official one.
- The installation instructions[2] have instructions to enable (or not
  enable) binary repositories.
- The install instructions also have instructions on how to enable
  other git repositories for the package definitions[4] but I didn't
  have the time to try that yet.

The best way to learn more is probably to try Guix and GuixSD out. Guix
can be installed on top other FSDG distributions.

Parabola even has a guix-installer package, and it can probably be
installed relatively easily on top of most GNU/Linux distributions.

As for audits I don't know how other people do that, but when I
contribute to Parabola I already know what is suspicious and I found
several issues that got fixed that way.

For instance in the past, the fat implementation of Tianocore wasn't
free software, so I looked if we had code derived from Tianocore in
Parabola and we fixed that. Now that's fixed upstream.

Also packages that may bundle firmwares are suspicious. Packages with
potential nonfree dependencies are also suspicious. And so on.

https://libreplanet.org/wiki/List_of_software_that_does_not_respect_the_Free_System_Distribution_Guidelines
can also help but I'm not sure how up to date it is and in most cases
software listed there is probably handled already by most FSDG
compliant distributions.

In Parabola I specifically look for things that other people might have
missed or that are new in GNU/Linux.

This is well adapted to Parabola as it reuses various repositories from
Arch Linux, Arch Linux 32, Arch Linux ARM. To handle that it has a
blacklist of nonfree packages that are removed and also replacement
packages for various reasons (freedom fixes, branding, etc) so things
evolves and sometimes things slip through and are fixed.

As for Guix I'm not sure that just reading the commit messages will
tell you about potential issues, you also need to know the context.

And with Guix as I understand if you don't have commit access your
patches are reviewed anyway, so the people sending patches and doing the
review are the ones that need to know this context.

PS: Parabola probably needs more people to help fixing freedom bugs and
    other bugs in general as there are a huge number of bugs open and
    probably not enough people to fix enough of them.

References:
-----------
[1]https://git.savannah.gnu.org/git/guix.git
[2]https://guix.gnu.org/manual/en/guix.html
[3]https://guix.gnu.org/manual/en/guix.html#Substitute-Server-Authorization
[4]https://guix.gnu.org/manual/en/guix.html#Channels

Denis.

Attachment: pgpOmmjNPrstR.pgp
Description: OpenPGP digital signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]