Re: Automatic downloading of non-free software by stuff in main

To: debian-policy@lists.debian.org
Subject: Re: Automatic downloading of non-free software by stuff in main
From: Simon McVittie <smcv@debian.org>
Date: Fri, 1 Dec 2017 09:21:28 +0000
Message-id: <[🔎] 20171201092128.GB9061@perpetual.pseudorandom.co.uk>
In-reply-to: <20171130173153.sko674os6exoo4ca@localhost>
References: <23072.3346.580272.421185@chiark.greenend.org.uk> <20171130173153.sko674os6exoo4ca@localhost>

On Thu, 30 Nov 2017 at 09:31:57 -0800, Josh Triplett wrote:
> Ian Jackson wrote:
> > The obvious example is web browsers with extension repositories
> > containing both free and non-free software.

Another example that seems obvious in the context of Debian is libapt
frontends.

Like a web browser with extensions, a libapt frontend will happily
install whatever packages it's pointed at. Some frontends, like apt(1),
do what they're told and give no indication of the freeness or otherwise
of what they're downloading. Other frontends, like aptitude and
GNOME Software, make an attempt to indicate which packages are free and
which are not (aptitude by knowing about the Section field, GNOME Software
by reading AppStream metadata).

I say "make an attempt" because both are dependent on the metadata
provided by their source of packages matching their expectations.
aptitude claims the packages in http://repo.steampowered.com/steam/
are in "The main Debian archive" (I've opened a bug), while GNOME
Software can't say anything about repositories or packages that don't
have AppStream metadata.

I don't think it is or should be considered a bug that libapt frontends
don't ask for confirmation before installing non-free software: they are
just doing what the user asked them to do. IMO policing users' software
choices is not, and should not be, our job.

There is another very common way a web browser can offer to install
non-free software: it can be directed to a website where non-free software
(some of it in native Linux binaries, even) is made available, like
gog.com. That clearly isn't a bug or a lack of freeness in the browser,
and we shouldn't have policies that might be interpreted to imply that
it was.

> - Packages in main may provide a mechanism for the user to download and
>   install other software (e.g. extensions) from a collection of such
>   software. If they do, that mechanism should (note: not "must", and
>   this should not change to become stricter in the future) either
>   require that all software in the collection be Free Software, *or*
>   make it easy for the user to determine the license of the software
>   they're installing.

This is a higher standard than the one we hold libapt frontends to.
Most libapt frontends only tell me whether the software is Free, not
its precise licensing. I think that's reasonable.

    smcv

Reply to:

Prev by Date: Bug#459427: changelog vs. NEWS handling
Next by Date: Re: Bug#877337: www.debian.org: Switch back to single page version of Policy Manual
Previous by thread: Re: Automatic downloading of non-free software by stuff in main
Next by thread: Re: Automatic downloading of non-free software by stuff in main
Index(es):
- Date
- Thread