[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[libreplanet-discuss] Libre Quarantine Policy

From: Nicolás A . Ortega
Subject: [libreplanet-discuss] Libre Quarantine Policy
Date: Tue, 9 May 2017 19:25:29 +0200
User-agent: Mutt

I've had this discussion in the Parabola Dev mailing list before,
however it did not gain much attention (due to a bunch of factors that
were going on at the time) and I also believe this is something that
would be more effective if done by a larger community such as this one,
where many of us are the same people involved in these Libre GNU/Linux

During the huge debate there was over Chromium and whether or not it is
free, and Qt5 Webengine falling along with it, I was disturbed to see a
few issues with the entire ordeal. Firstly: information was not being
concentrated in a central location where everyone could see it, instead
you had to read through tens of e-mails from the mailing lists (Parabola
ones alone, I bet it would be hundreds if we're talking about other
communities as well) just to start to find what people are talking
about; secondly: there was hardly anyone looking into the validity of
these claims, but rather people immediately started to think about how
to deal with programs that depended on Chromium (like qt5-webengine)
despite there being no concrete evidence of any sort; thirdly: the
entire process has been going on for *way* too long, and certain
essential packages (like qt5-webengine) are still on blacklists with no
evidence incriminating them. Therefore, some time ago, on the Parabola
Dev mailing list, I proposed a Quarantine Policy that could be put in
place to make sure this kind of thing doesn't happen. It would be nice
to see this done by all libre projects together collectively. So I will
post in this e-mail a draft I came up with way back when:

1. When a package is suspected of being non-free in any way or form some
superficial evidence should be provided, if not then the suspicion
should be lifted as there is not even the most minimal amount of
evidence. If there is, then we continue.

2. The packages in question should be put under quarantine. That is,
temporarily removed from the repos of our libre distros. At this point
an entry on some wiki (or even an etherpad) should be made where
*absolutely all evidence* should be posted. What's more, only evidence
posted in this place should be considered in order to encourage its use.

3. If after X amount of time (I think a month should do) no concrete
evidence has been found (that is, pointing to the actual files/code or
part of the project that is non-free where absolutely everyone can see
it for themselves without a need to rely on other people's judgement)
then the package should be removed from quarantine. If concrete evidence
has at any point been found then it should be kept blacklisted and
upstream should be notified of the problem *immediately*.

4. If the package has been released from quarantine and new evidence
arises then we move back to step 1. If this reoccurs several times then
it may be necessary to increase the amount of time in quarantine.

Changes to this process are welcome, but I don't like seeing things
being blacklisted for absolutely no reason, and I don't like that we're
all running around like headless chickens on this kind of issue. We need
to be organized, and organization among large groups will require some
kind of policy.

Nicolás Ortega Froysa (Deathsbreed)
Public PGP Key:

Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]