[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [GNU-linux-libre] Violations of GPL in GuixSD packaging design
|
From: |
Jean Louis |
|
Subject: |
Re: [GNU-linux-libre] Violations of GPL in GuixSD packaging design |
|
Date: |
Wed, 6 Apr 2016 19:47:13 +0200 |
Hello Ludovic,
First, great system, it will be the best. Even though it has been
designed well, that does not release one from responsibilities in
regards to Licenses.
A free software distribution shall, in my opinion, be the first one to
respect the GPL licenses.
I have asked you on the IRC, to point out to the correspoding source
that accompanies the object or executable program, but neither you nor
someone else could point to it.
So, far I assume there is no such.
On Wed, Apr 06, 2016 at 03:07:10PM +0200, Ludovic Courtès wrote:
> Hello,
>
> I believe these accusations are wrong, as I and others have already
> tried to explain Jean-Louis on IRC.
>
> To correct any misunderstandings, I’ll summarize a few relevant points
> about Guix and that distinguish it from most other package managers.
>
> • Guix is inherently a source-based tool: all it provides is a bunch
> of executable recipes to build packages.
I understand that part of design, that sounds very commons sense and
more secure to build packages by oneself.
However, I am referring to Hydra and other mirrors, where it says for
example here:
http://hydra.gnu.org/
2013-07-12 18:09:53 by Ludovic Courtès
Welcome! This is the continuous integration farm of the GNU distribution
built with GNU Guix, providing you with binaries to save you the need to
build packages locally.
So these are your words. Who is distributing it I don't know.
I am pointing out to the fact that distribution of binary or object form
on Hydra, shall be accompanied by the corresponding source code in
relation to several of GPL licences.
That shall be viewed from viewpoint that anybody can download binary
substitutes from Hydra, not only Guix users. When we speak of complete
corresponding source code, that shall be in the form of a package in my
understanding.
Substitutes are basically executable or object code in many of such
packages. If they are GPL 2 licensed (and maybe other GPL related
licenses), there shall be accompanying source code.
While one can see the sources on hydra more or less, that spread of
sources in files,
> As an optimization, users can choose to fetch pre-built binaries as
> substitutes for local builds. This is often a good idea since
Absolutely! Only that the corresponding source code shall be there
too. Users shall be able to download the corresponding source code.
I have tried it again with the package wicd. The object code was
distributed from:
https://mirror.hydra.gnu.org/nar/a7wf728najvbcmyxqjbm8jp3pfyx9p8y-wicd-1.7.3
Please point me to the complete corresponding source code that is to
accompany that object or executable distribution?
I have already made that question on IRC, and I wish that it is clear
where is the corresponding source code.
> • The source, including patches, used to build a package is specified
> in the package definition:
>
> <https://www.gnu.org/software/guix/manual/html_node/Defining-Packages.html>.
The source code shall accompany the object or executable form at the
point of distribution. Is it? I am not sure, as I have not completed the
research. I am waiting for input of someone, as so far I could not get
the complete corresponding source code that accompanies the object or
executable distribution.
So far I cannot find the source code on Hydra, for example for
Pulseaudio. I could not find it simply. Point it to me.
If there is link to executable or object code on Hydra or any mirror,
that is distribution of that software. There shall be also the link to
the corresponding source.
> For instance, the ‘pulseaudio’ package has a couple of patches, as
> can be seen at:
>
>
> http://git.savannah.gnu.org/cgit/guix.git/tree/gnu/packages/pulseaudio.scm#n115
> https://www.gnu.org/software/guix/packages/#pulseaudio
>
> The ‘guix build --source foo’ command returns the source code of
> ‘foo’ with all patches applied.
By following your instructions, I have done following test. I have done
this:
guix build --source wicd
and I could see that following is being downloaded:
https://mirror.hydra.gnu.org/nar/p0kpcqzs4ylyni5yj8dv18kgj0x12zjb-wicd-1.7.3.tar.xz
After downloading of that file, I have checked the file with md5sum,
result being: e426afe01fcf003147a35c4826b81c5e for the downloaded file:
p0kpcqzs4ylyni5yj8dv18kgj0x12zjb-wicd-1.7.3.tar.xz
This downloaded file, first I would assume it is the "complete
corresponding code that accompany the object distributed". But I could
not unpack the file, file format is not recognized. So far I could not
get the complete corresponding source code from distribution server.
The output of the command gave me the link on my system:
/gnu/store/p0kpcqzs4ylyni5yj8dv18kgj0x12zjb-wicd-1.7.3.tar.xz
This seems to be modified file because the MD5SUM shows:
50f918b7a31eabe97f0ffa3c1bf08452
/gnu/store/p0kpcqzs4ylyni5yj8dv18kgj0x12zjb-wicd-1.7.3.tar.xz
That file I could unpack and get the source code.
The point is not that "I can build or construct the source code" on my
computer. I am saying if there are links to object or executable codes
on Hydra server, that is distribution, and than in that case there must
be the corresponding source code.
Of course, it does not matter if user is using guix or what. They can
simply use wget to get the object code. It should be possible to use
browser, wget or any Internet based OS to get the complete corresponding
source code.
If there is such for wicd, please show me where it is?
> • By design, Guix provides a direct correspondence between source and
> build results. “Source” is taken very broadly: it includes source
> tarballs, build scripts, and in fact the whole graph of dependencies
> that produce the result.
While that may work with BSD and other licenses, it cannot work with GPL
2 license in my opinion. Please prove me or demonstrate me, with simple
link to download the complete corresponding source code?
> • Thanks to this direct mapping, users who use substitutes do not have
> to trust third-party binary servers. They can challenge binaries
> that those servers provide using ‘guix build --check’ or ‘guix
> challenge’.
Absolutely good idea. I am only concerned that free software
distribution shall be first to comply with GPL licenses.
Great work and much effort have been put into it. I am thankful, and
will continue making contributions from my side.
Please also address the issue of lacking licenses in the object code or
executables, packaged and distributed from Hydra.
Thank you much,
Jean Louis
Re: [GNU-linux-libre] Violations of GPL in GuixSD packaging design, Riley Baird, 2016/04/06
Re: [GNU-linux-libre] Violations of GPL in GuixSD packaging design, Ludovic Courtès, 2016/04/06
- Re: [GNU-linux-libre] Violations of GPL in GuixSD packaging design,
Jean Louis <=
- Re: [GNU-linux-libre] Violations of GPL in GuixSD packaging design, Ludovic Courtès, 2016/04/06
- Re: [GNU-linux-libre] Violations of GPL in GuixSD packaging design, Jean Louis, 2016/04/06
- Re: [GNU-linux-libre] Violations of GPL in GuixSD packaging design, Joshua Gay, 2016/04/07
- Re: [GNU-linux-libre] Violations of GPL in GuixSD packaging design, Jean Louis, 2016/04/08
- Re: [GNU-linux-libre] Violations of GPL in GuixSD packaging design, Ludovic Courtès, 2016/04/09
- Re: [GNU-linux-libre] Violations of GPL in GuixSD packaging design, ng0, 2016/04/10