Re: Are Web-API packages need to be in the 'main' repo ?

To: debian-user@lists.debian.org
Subject: Re: Are Web-API packages need to be in the 'main' repo ?
From: Camaleón <noelamac@gmail.com>
Date: Tue, 6 Dec 2011 17:47:03 +0000 (UTC)
Message-id: <[🔎] pan.2011.12.06.17.47.03@gmail.com>
References: <[🔎] CAOJ6w=EhP-5S-p03=8DQXTo_OUz0ygqAQzdM692zWo=1JY2Ydg@mail.gmail.com> <[🔎] pan.2011.12.04.17.24.10@gmail.com> <[🔎] CAOJ6w=FMw-1h4D5g9REF+c8PqW-96FnXrt1u3UjkrG1tDsiEvw@mail.gmail.com> <[🔎] pan.2011.12.04.18.52.01@gmail.com> <[🔎] CAOJ6w=FRckQT=q5OS4d7gAfbJ-h4NaeT2hYR51yZuudTrvoH7g@mail.gmail.com>

On Sun, 04 Dec 2011 21:14:18 +0200, Alexey Eromenko wrote:

>> But why have they to break? Afterall, it can "break" any package.
> 
> Nope.
> Things like the Linux kernel or OpenOffice will not just break. Even if
> they do -- they can be fixed, because it is Free Software.
> 
> We cannot fix applications, that are dependent on non-free web services.

Are you saying the API you are pointing to are not open source?

>>> It is the same as depending on a non-free library. In the future more
>>> packages will start depend on non-free web API, and a single change by
>>> non-free provider will wipe out a major chunk of Debian. It will be
>>> very costly then. Look what happened with xBSD family -- they were
>>> locked out of the market for 3 years due to legal battle, and had to
>>> rewrite major chunk of OS.
>>> So we must act before bad things happen.
>>
>> I can't make any additional comments on this because it's still unclear
>> to me what's the involved package(s) we are talking about and why you
>> are so afraid it becomes dependant on a non-free API :-?
> 
> They are already dependent on non-free API.
> 
> Those packages:
> 
> $ cat allpackages-debian6.txt | grep -i
> facebooklibjifty-plugin-authentication-facebook-perl (0.90000-1)

***
http://search.cpan.org/dist/Jifty-Plugin-Authentication-Facebook/
License 	The Perl 5 License (Artistic 1 & GPL 1)
***

Is this license compatible with DFSG? Let's see:

***
http://www.debian.org/social_contract.en.html

Example Licenses
The "GPL", "BSD", and "Artistic" licenses are examples of licenses that 
we consider "free".
***

It seems that it is.

> Facebook authentication plugin for Jiftylibwww-facebook-api-perl
> (0.4.18-1) 

http://search.cpan.org/dist/WWW-Facebook-API/
License 	The Perl 5 License (Artistic 1 & GPL 1)

Same as above.

> python-facebook (0.svn20100209-3)

https://github.com/sciyoshi/pyfacebook/

For this one I'm not sure about the license :-?

> Using those packages is a real time-bomb. 

Why? They now look like compliant to Debian guidelines.

> I'm afraid that Free Software (KDE photo viewers) and browsers will
> start depending on such APIs. Many developers are unwary of it's risks.

I remember a similar situation for an API, I don't recall if it was for 
Amarok or another KDE application, that stopped temporaly from gathering 
wikipedia information or something like that (wikipedia made a change at 
their API that was not available for the application and users had to 
recompile...).

In this case, there was no contract stablished by wikipedia to keep the 
API as is so it were developers who had to adapt the code again. I find 
this normal.

If Facebook changes the way their API works and does not make the 
modifications available to developers, these APIs will render unuseful 
but they will be still open source. In such hypothetical case, blame 
Facebook, not the APIs :-)

> Look here:
> http://en.wikipedia.org/wiki/Debian_Free_Software_Guidelines
> 
> debian-legal tests for DFSG compliance - "The Desert Island test" KDE 1
> was dependent on non-free Qt1 library -- this was the reason of a long
> fight within the community.
> 
> I can assure you that using non-free web APIs is *much* more risky than
> non-free library, and consequences will be fatal. (10 years from now it
> will result in huge code rewrites, wiping a big chunk of Debian, if we
> don't take care now)

I agree. But I don't find these APIs are non-free :-?

> The problem -- is that those Web APIs will be massively used across alll
> and any FOSS applications 10 years from now - as mandatory modules, if
> FOSS developers not warned now.

Well, they are a set of Perl and Python modules... there can be many 
others coming in the future.

> What needs to be done - is to warn users and developers about risks, to
> ensure they stay optional plug-ins, for users that want more convenience
> but want to sacrifice Freedom.
> 
> The only difference is that the 'non-free library' is installed on
> Facebook server this time, rather than on local machine. The dependency
> effect is similar, and perhaps worse.

Your claim is still a bit unclear to me, but of course, IANAL.

Greetings,

-- 
Camaleón

Reply to:

Follow-Ups:
- Re: Are Web-API packages need to be in the 'main' repo ?
  - From: Alexey Eromenko <al4321@gmail.com>

References:
- Are Web-API packages need to be in the 'main' repo ?
  - From: Alexey Eromenko <al4321@gmail.com>
- Re: Are Web-API packages need to be in the 'main' repo ?
  - From: Camaleón <noelamac@gmail.com>
- Re: Are Web-API packages need to be in the 'main' repo ?
  - From: Alexey Eromenko <al4321@gmail.com>
- Re: Are Web-API packages need to be in the 'main' repo ?
  - From: Camaleón <noelamac@gmail.com>
- Re: Are Web-API packages need to be in the 'main' repo ?
  - From: Alexey Eromenko <al4321@gmail.com>

Prev by Date: Re: disable beep for wall command
Next by Date: Re: Are Web-API packages need to be in the 'main' repo ?
Previous by thread: Re: Are Web-API packages need to be in the 'main' repo ?
Next by thread: Re: Are Web-API packages need to be in the 'main' repo ?
Index(es):
- Date
- Thread