[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Concerns/questions around Software Heritage Archive
|
From: |
Christopher Baines |
|
Subject: |
Re: Concerns/questions around Software Heritage Archive |
|
Date: |
Sat, 16 Mar 2024 17:50:10 +0000 |
|
User-agent: |
mu4e 1.10.8; emacs 29.1 |
Ian Eure <ian@retrospec.tv> writes:
> Hi Guixy people,
>
> I’d never heard of SWH before I started hacking on Guix last fall, and
> it struck me as rather a good idea. However, I’ve seen some things
> lately which have soured me on them.
>
> They appear to be using the archive to build LLMs:
> https://www.softwareheritage.org/2024/02/28/responsible-ai-with-starcoder2/
>
> I was also distressed to see how poorly they treated a developer who
> wished to update their name:
> https://cohost.org/arborelia/post/4968198-the-software-heritag
> https://cohost.org/arborelia/post/5052044-the-software-heritag
>
> GPL’d software I’ve created has been packaged for Guix, which I assume
> means it’s been included in SWH. While I’m dealing with their (IMO:
> unethical) opt-out process, I likely also need to stop new copies from
> being uploaded again in the future.
>
> Is there a way to indicate, in a Guix package, that it should *never*
> be included in SWH?
Not currently, and I don't really see the point in such a mechanism. If
you really never want them to store your code, then you need to license
it accordingly (and not make it free software).
> Is there a way to tell Guix to never download source from SWH?
Also no, and it's probably best to do this at the network level on your
systems/network if you want this to be the case.
Skipping back to this though:
> I was also distressed to see how poorly they treated a developer who
> wished to update their name:
> https://cohost.org/arborelia/post/4968198-the-software-heritag
> https://cohost.org/arborelia/post/5052044-the-software-heritag
This is probably worth thinking about as Guix is in a similar situation
regarding publishing source code, and people potentially wanting to
change historical source code both in things Guix packages and Guix
itself.
Like Software Heritage, there's cryptographical implications for
rewriting the Git history and modifying source tarballs or nars that
contain source code.
We have 17TiB of compressed source code and built software stored for
bordeaux.guix.gnu.org now and we should probably work out how to handle
people asking for things to be removed or changed (for any and all
reasons).
It's probably worth working out our position on this in advance of
someone asking.
signature.asc
Description: PGP signature
Re: Concerns/questions around Software Heritage Archive, Ryan Prior, 2024/03/16