[Dev] Policy for Package Quarantines
Nicolás A. Ortega
deathsbreed at themusicinnoise.net
Sat Apr 15 00:15:45 GMT 2017
On Fri, Apr 14, 2017 at 08:31:22PM -0300, fauno wrote:
> "Nicolás A. Ortega" <deathsbreed at themusicinnoise.net> writes:
> > My proposal is the following: when someone brings up a freedom issue (or
> > even privacy, for that matter) they should also links to the information
> > that lead them to this conclusion, once we see that these links have
> > something behind them (a quick skim through the links) we can put in
> > place the temporary quarantine of the package. After this point all
> > information regarding the freedom issues with the package should be
> > concentrated in one place (public place where everyone can see it) and a
> > more thorough investigation of the matter (finding exact files that are
> > non-free) should take place. If no actual evidence is found or the
> > evidence has *all* been countered after X amount of time (I think a
> > month or two should do) then the package is taken out of quarantine
> > until more concrete evidence can be found. If evidence is found and
> > cannot be countered then the package is labelled permanently as non-free
> > until either upstream fixes the freedom issues (which *should be
> > reported to upstream when found*) or we create a -libre package for it.
> >
> > The most important thing I want to be taken away from this is that
> > information on the freedom issues of a package should be *easily
> > available*. I shouldn't have to be asking absolutely everyone in the
> > community who has the actual links so I can verify for my own eyes.
> > What's more, the more eyes we have on the issue the more information we
> > can obtain and the faster we can solve things.
> >
> > I brought up the qt5-webengine issue as an example, I did not send this
> > e-mail to talk about it directly but something I noticed as a
> > consequence of it. So please let's not make this thread about that
> > (since I can see it coming).
> >
> > With a policy similar to this I believe we'll be able to handle these
> > freedom issues in a much more orderly, organized, and effective manner.
>
> +1 would you open a pad? then it can be put on the wiki.
>
> contacting/involving upstream should be a requisite too, in the past
> we've failed to do so and i remember one case where they contacted us
> about it. it was about syslog-ng documentation license, which at the
> time of blacklisting was cc-by-sa-nc (iirc) and it was going to be
> changed to cc-by-sa (which i guess they did, because i see syslog-ng in
> repos now).
>
> --
> http://utopia.partidopirata.com.ar/
Alright, I made an etherpad: https://pad.riseup.net/p/QuarantinePolicyDraft
Y'all are greatly encouraged to edit it and improve the draft. Hope this
helps. (^_^)
--
Nicolás Ortega Froysa (Deathsbreed)
https://themusicinnoise.net/
http://uk7ewohr7xpjuaca.onion/
Public PGP Key:
https://themusicinnoise.net/deathsbreed@themusicinnoise.net_pub.asc
http://uk7ewohr7xpjuaca.onion/deathsbreed@themusicinnoise.net_pub.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20170415/957c7b72/attachment.sig>
More information about the Dev
mailing list