[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Possible draft non-free firmware option with SC change

Phil Morrell <debian@emorrp1.name> writes:
> On Thu, Sep 08, 2022 at 11:55:43AM +0200, Jonathan Carter (highvoltage) wrote:

>> bug fixes and security updates depend entirely on their upstream developers

> This is definitely not *universally true*, think of e.g. GFDL invariants
> or packages that are "merely" non-commercial. Debian package maintainers
> can make absolutely any technical improvements they wish to these
> packages, the only thing they can't do is change the license to be
> DFSG-free. There's probably less motivation to work on non-free
> software, and there may not even be any remaining upstream, but I assume
> you were primarily thinking of non-free-firmware when drafting this
> phrase.

Yeah, I think this wording is not quite 100% correct.  I think what
Jonathan is getting at is that we do not provide security support for
non-free software as a matter of policy, in the sense that the security
team doesn't support it (at least that's my recollection).  But the
package maintainers often do provide some level of support.  I think we
may need a slightly different wording of this that makes it clear that
these packages receive a lower level of support and are therefore on
average somewhat riskier to use.

>> We encourage software vendors who make use of non-free packages to
>> carefully read the licenses of these packages to determine whether they
>> can distribute it on their media or products.

> I deliberately removed mention of software vendors and their media as
> our Social Contract wouldn't bind them anyway. #5 should be relevant for
> all our users, third party redistributors are just a subset.

We probably do need to say something about how you need to review the
licenses for non-free software before using or distributing it.  This is
true for users as well.

> It'd be nice having a fourth sentence that is a bit more negatively
> worded to put people off non-free where feasible. How about:

>     We encourage careful review of the licensing for your use-case and
>     how they put limits on our packaging efforts.

> Disclaimer: I'm not a DD (yet) so cannot formally propose any of this
> and please take with a lump of salt.

I like the first part of that.  I'm not sure anyone needs to care that
much about the impact on packaging.  I see what you're trying to get at,
but I think it's a bit indirect.

How about:

    We encourage careful review of the licensing of these packages before
    use or redistribution, since the guarantees of the Debian Free
    Software Guidelines do not apply to them.

-- 
Russ Allbery (rra@debian.org)              <https://www.eyrie.org/~eagle/>
Reply to: