From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Philip Kaludercic <philipk@posteo.net>
Newsgroups: gmane.emacs.devel
Subject: Re: [ELPA] new package: tramp-docker
Date: Sun, 16 Oct 2022 13:33:37 +0000
Message-ID: <8735bn51vy.fsf@posteo.net>
References: <5674f36a-c276-fd77-b4d2-1525c75a1602@spork.org>
 <E1obv9b-0001kH-ES@fencepost.gnu.org>
 <d83a592d-30a7-feb7-92b5-5b84561f7e6a@dasyatidae.com>
 <E1ogYyE-0001fZ-H5@fencepost.gnu.org> <871qrkkrvv.fsf@posteo.net>
 <E1ohIOU-0007lO-75@fencepost.gnu.org> <874jwd43fw.fsf@posteo.net>
 <E1ojo0a-0004or-5f@fencepost.gnu.org>
Mime-Version: 1.0
Content-Type: text/plain
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="8418"; mail-complaints-to="usenet@ciao.gmane.io"
Cc: emacs-devel@gnu.org
To: Richard Stallman <rms@gnu.org>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Sun Oct 16 15:37:26 2022
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>)
	id 1ok3pV-00021f-KQ
	for ged-emacs-devel@m.gmane-mx.org; Sun, 16 Oct 2022 15:37:25 +0200
Original-Received: from localhost ([::1]:57224 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>)
	id 1ok3pU-0003M4-9A
	for ged-emacs-devel@m.gmane-mx.org; Sun, 16 Oct 2022 09:37:24 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:37542)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <philipk@posteo.net>)
 id 1ok3lt-0000ra-PD
 for emacs-devel@gnu.org; Sun, 16 Oct 2022 09:33:42 -0400
Original-Received: from mout02.posteo.de ([185.67.36.66]:42011)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <philipk@posteo.net>)
 id 1ok3lr-0001v4-9x
 for emacs-devel@gnu.org; Sun, 16 Oct 2022 09:33:41 -0400
Original-Received: from submission (posteo.de [185.67.36.169]) 
 by mout02.posteo.de (Postfix) with ESMTPS id A9A57240105
 for <emacs-devel@gnu.org>; Sun, 16 Oct 2022 15:33:37 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017;
 t=1665927217; bh=u5pOhONatd4QwywFt9yg8OjGGDUoKejJpJof5ke73QI=;
 h=From:To:Cc:Subject:Autocrypt:Date:From;
 b=DbNa4fjVliDVfJ57FuGC+njGiUYrnOg8T8sPQRcY+27U2LffjtsHzK/8vSLer0p1m
 fZmX6mp3XjEvAeHLO8P+mcuUjH72Gh7ZVsEynn1esNXesrJAsWQl9spz9J8KYQycb/
 kpLGv7tHAJyT5N8kcC7zAGy1oJz+muO30KwZJYxPuOslvURtLRd8CGkET+Vt5gTkoX
 B7gt4LpUlKQn3aBJ85p1aqgnmxY3CvFmj6vmty12JVT8n35/uHCafMsdSHMO7w+leo
 /3uyB9xun9yx1rptnionFn77rE/+IMl7H1XyzxrmanLLHPHdMLyAnvJP+z1TBOFjkY
 3wOoXzmXahEbw==
Original-Received: from customer (localhost [127.0.0.1])
 by submission (posteo.de) with ESMTPSA id 4Mr1Ks2FlNz9rxK;
 Sun, 16 Oct 2022 15:33:37 +0200 (CEST)
In-Reply-To: <E1ojo0a-0004or-5f@fencepost.gnu.org> (Richard Stallman's message
 of "Sat, 15 Oct 2022 16:43:48 -0400")
Autocrypt: addr=philipk@posteo.net; prefer-encrypt=nopreference; keydata=
 mDMEYHHqUhYJKwYBBAHaRw8BAQdAp3GdmYJ6tm5McweY6dEvIYIiry+Oz9rU4MH6NHWK0Ee0QlBo
 aWxpcCBLYWx1ZGVyY2ljIChnZW5lcmF0ZWQgYnkgYXV0b2NyeXB0LmVsKSA8cGhpbGlwa0Bwb3N0
 ZW8ubmV0PoiQBBMWCAA4FiEEDM2H44ZoPt9Ms0eHtVrAHPRh1FwFAmBx6lICGwMFCwkIBwIGFQoJ
 CAsCBBYCAwECHgECF4AACgkQtVrAHPRh1FyTkgEAjlbGPxFchvMbxzAES3r8QLuZgCxeAXunM9gh
 io0ePtUBALVhh9G6wIoZhl0gUCbQpoN/UJHI08Gm1qDob5zDxnIHuDgEYHHqUhIKKwYBBAGXVQEF
 AQEHQNcRB+MUimTMqoxxMMUERpOR+Q4b1KgncDZkhrO2ql1tAwEIB4h4BBgWCAAgFiEEDM2H44Zo
 Pt9Ms0eHtVrAHPRh1FwFAmBx6lICGwwACgkQtVrAHPRh1Fw1JwD/Qo7kvtib8jy7puyWrSv0MeTS
 g8qIxgoRWJE/KKdkCLEA/jb9b9/g8nnX+UcwHf/4VfKsjExlnND3FrBviXUW6NcB
Received-SPF: pass client-ip=185.67.36.66; envelope-from=philipk@posteo.net;
 helo=mout02.posteo.de
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no
X-Spam_action: no action
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org
Original-Sender: "Emacs-devel"
 <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>
Xref: news.gmane.io gmane.emacs.devel:297864
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/297864>

Richard Stallman <rms@gnu.org> writes:

> [[[ To any NSA and FBI agents reading my email: please consider    ]]]
> [[[ whether defending the US Constitution against all enemies,     ]]]
> [[[ foreign or domestic, requires you to follow Snowden's example. ]]]
>
>   >   But you also don't need to
>   > use the site itself, the "docker"/"podman" commands take care of
>   > fetching everything you need, just like "apt-get" would.
>
> apt-get fetches lists of packages from a web site, and then fetched
> the packages themselves from it too.  Is that what the `docker' and
> `podman' commands do?  It looks that way.  If so, then running them
> is a way of using the respective sites, not an alternative to doing so.
>
> Accessing the site that way has an advantage: if `docker' and `podman'
> are free programs, and assuming they don't silently run any software
> fetched from the site, this avoids the danger that browsing the site
> would run nonfree JS code.

This is my understanding as well, albeit as someone who has never taken
the time to take a look at the internal details of how this is
implemented.

> So far, so much the better.  But that leaves this problem:
>
>   > > Is there an easy way you can ensure that _all_ the programs you put
>   > > into a new container are free?  Is there an easy way to verify that
>   > > the contents of a container are free?
>
>   > Without an index that would only host free software, I don't see how
>   > this would currently be possible.
>
> That's what I expected.  Alas, the natural consequence is that
> building containers implies a risk of including nonfree software.  The
> more packages, the more risk.
>
> As long as that is the case, we should warn people off of distributing
> containers.
>
> GNU Emacs is not the place to publish that general point, but where we
> mention support for containers, let's include this.
>
>   Containers pose problems for software freedom.  If you are careful,
>   you can make and then use a container with only free packages.  But
>   when you make a container with more than a few packages, there is
>   nothing to help you make sure each and every one is free/libre, and
>   no easy way to verify this for an existing container.  We recommend
>   staying away from containers made by others unless they explicitly
>   commit to carefully ensure the whole contents are free/libre.

I think this sounds good.