Re: Possible draft non-free firmware option with SC change
Phil Morrell <debian@emorrp1.name> writes:
> On Thu, Sep 08, 2022 at 11:55:43AM +0200, Jonathan Carter (highvoltage) wrote:
>> bug fixes and security updates depend entirely on their upstream developers
> This is definitely not *universally true*, think of e.g. GFDL invariants
> or packages that are "merely" non-commercial. Debian package maintainers
> can make absolutely any technical improvements they wish to these
> packages, the only thing they can't do is change the license to be
> DFSG-free. There's probably less motivation to work on non-free
> software, and there may not even be any remaining upstream, but I assume
> you were primarily thinking of non-free-firmware when drafting this
> phrase.
Yeah, I think this wording is not quite 100% correct. I think what
Jonathan is getting at is that we do not provide security support for
non-free software as a matter of policy, in the sense that the security
team doesn't support it (at least that's my recollection). But the
package maintainers often do provide some level of support. I think we
may need a slightly different wording of this that makes it clear that
these packages receive a lower level of support and are therefore on
average somewhat riskier to use.
>> We encourage software vendors who make use of non-free packages to
>> carefully read the licenses of these packages to determine whether they
>> can distribute it on their media or products.
> I deliberately removed mention of software vendors and their media as
> our Social Contract wouldn't bind them anyway. #5 should be relevant for
> all our users, third party redistributors are just a subset.
We probably do need to say something about how you need to review the
licenses for non-free software before using or distributing it. This is
true for users as well.
> It'd be nice having a fourth sentence that is a bit more negatively
> worded to put people off non-free where feasible. How about:
> We encourage careful review of the licensing for your use-case and
> how they put limits on our packaging efforts.
> Disclaimer: I'm not a DD (yet) so cannot formally propose any of this
> and please take with a lump of salt.
I like the first part of that. I'm not sure anyone needs to care that
much about the impact on packaging. I see what you're trying to get at,
but I think it's a bit indirect.
How about:
We encourage careful review of the licensing of these packages before
use or redistribution, since the guarantees of the Debian Free
Software Guidelines do not apply to them.
--
Russ Allbery (rra@debian.org) <https://www.eyrie.org/~eagle/>
Reply to: