From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Philip Kaludercic Newsgroups: gmane.emacs.devel Subject: Re: [ELPA] new package: tramp-docker Date: Sun, 09 Oct 2022 11:54:59 +0000 Message-ID: <874jwd43fw.fsf@posteo.net> References: <5674f36a-c276-fd77-b4d2-1525c75a1602@spork.org> <871qrkkrvv.fsf@posteo.net> Mime-Version: 1.0 Content-Type: text/plain Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="13449"; mail-complaints-to="usenet@ciao.gmane.io" Cc: emacs-devel@gnu.org To: Richard Stallman Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Sun Oct 09 13:55:58 2022 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1ohUuU-0003Iq-Ju for ged-emacs-devel@m.gmane-mx.org; Sun, 09 Oct 2022 13:55:58 +0200 Original-Received: from localhost ([::1]:42556 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ohUuT-0006pU-Dt for ged-emacs-devel@m.gmane-mx.org; Sun, 09 Oct 2022 07:55:57 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:56322) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ohUti-0005zG-Sy for emacs-devel@gnu.org; Sun, 09 Oct 2022 07:55:10 -0400 Original-Received: from mout01.posteo.de ([185.67.36.65]:51393) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ohUtc-0006KX-SF for emacs-devel@gnu.org; Sun, 09 Oct 2022 07:55:10 -0400 Original-Received: from submission (posteo.de [185.67.36.169]) by mout01.posteo.de (Postfix) with ESMTPS id 1AD50240027 for ; Sun, 9 Oct 2022 13:55:01 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017; t=1665316501; bh=w9Qv1t1q92TNqsq79797Of/cA3kVTyDInhuBuHGdPuM=; h=From:To:Cc:Subject:Autocrypt:Date:From; b=c1f0U9QUxwVCm7YPX/czEBucLaxzZa6JXpmzpVHPp2e9GIQmDWIqB7Nqng8rmfSZv Q7Fhfv0/WaRFv443RQc4nF9BFI/74FQZYmPOfiYrhaA+ZY/7dkRueH1DsvT3GDxgQ7 J5kNebjoZRNTO4OlHH1u1Wt+m+UyIWvYuBLHjYVOvj8+uzwNIhrXN6/NKdnPXqaWgg FmwTcktKw5mZhIm7jqf6J8wlsFUw8K5CliHeuQ5qbTs0Nq22dMaFGmLHRGkeYCKpVx Lvy9cHj3l5O9n5aKedbHbHYyQnWyf+fqPMb8rntFFjypXqOlgXWoJkzHT5wgSI6yEG dsyFUfw3HEbuw== Original-Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 4MlgTJ3ybDz6tnG; Sun, 9 Oct 2022 13:54:59 +0200 (CEST) In-Reply-To: (Richard Stallman's message of "Sat, 08 Oct 2022 18:34:06 -0400") Autocrypt: addr=philipk@posteo.net; prefer-encrypt=nopreference; keydata= mDMEYHHqUhYJKwYBBAHaRw8BAQdAp3GdmYJ6tm5McweY6dEvIYIiry+Oz9rU4MH6NHWK0Ee0QlBo aWxpcCBLYWx1ZGVyY2ljIChnZW5lcmF0ZWQgYnkgYXV0b2NyeXB0LmVsKSA8cGhpbGlwa0Bwb3N0 ZW8ubmV0PoiQBBMWCAA4FiEEDM2H44ZoPt9Ms0eHtVrAHPRh1FwFAmBx6lICGwMFCwkIBwIGFQoJ CAsCBBYCAwECHgECF4AACgkQtVrAHPRh1FyTkgEAjlbGPxFchvMbxzAES3r8QLuZgCxeAXunM9gh io0ePtUBALVhh9G6wIoZhl0gUCbQpoN/UJHI08Gm1qDob5zDxnIHuDgEYHHqUhIKKwYBBAGXVQEF AQEHQNcRB+MUimTMqoxxMMUERpOR+Q4b1KgncDZkhrO2ql1tAwEIB4h4BBgWCAAgFiEEDM2H44Zo Pt9Ms0eHtVrAHPRh1FwFAmBx6lICGwwACgkQtVrAHPRh1Fw1JwD/Qo7kvtib8jy7puyWrSv0MeTS g8qIxgoRWJE/KKdkCLEA/jb9b9/g8nnX+UcwHf/4VfKsjExlnND3FrBviXUW6NcB Received-SPF: pass client-ip=185.67.36.65; envelope-from=philipk@posteo.net; helo=mout01.posteo.de X-Spam_score_int: -39 X-Spam_score: -4.0 X-Spam_bar: ---- X-Spam_report: (-4.0 / 5.0 requ) BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.io gmane.emacs.devel:297249 Archived-At: Richard Stallman writes: > > To my knowledge there is the danger of either having a build-time or a > > run-time dependency on a non-free container, > > That's what was reported to me. > > Does Docker provide an easy way to verify that you have avoided such > dependencies? A way to make sure to avoid including them? As I said, I don't see any such option, but I am not an Docker expert. > though looking through a > > container index like (https://hub.docker.com/search?q=) > > I tried visiting http://hub.docker.com/ and got a blank window. It depends > on nonfree software to see even the first page. We must not refer anyone > to that site. > > Likewise for https://hub.docker.com/search. > > I surmise that the standard way to develop a container involves using > https://hub.docker.com/search. Is that correct? Not necessarily, both docker and podman have a "search" subcommand: $ podman search gnu NAME DESCRIPTION docker.io/library/bash Bash is the GNU Project's Bourne Again SHell docker.io/library/gcc The GNU Compiler Collection is a compiling s... docker.io/biocontainers/gnumed-server docker.io/biocontainers/gnumed-common docker.io/biocontainers/gnumed-client docker.io/biocontainers/gnumed-client-de docker.io/matpower/matpower A complete MATPOWER environment running on G... docker.io/matpower/octave A complete GNU Octave environment, with IPOP... docker.io/gnut3ll4/livy-k8s docker.io/gnubila/mhmd-documentation ... > Is that the _only_ way to develop a container? Is it possible, > practically speaking, to build a container without using that site at all? It should be possible, first of all because it is possible to configure what sites to use as an index for images. But you also don't need to use the site itself, the "docker"/"podman" commands take care of fetching everything you need, just like "apt-get" would. > Has anyone here had practical experience? > > , it appears that > > the overwhelming majority of popular software is free software, if only > > because distribution is easier. > > Alas, that does not by itself ensure that, supposing you build a container, > you won't consider including nonfree programs. > > Is there an easy way you can ensure that _all_ the programs you put > into a new container are free? Is there an easy way to verify that > the contents of a container are free? Without an index that would only host free software, I don't see how this would currently be possible. > After I get a little information here, I will ask on gnu-misc-discuss. > > > That being said, TRAMP+Docker is a popular combination for developing > > software, so what people often just do is use a distribution image > > (Ubuntu, Debian, Alpine) as the foundation and then instruct the > > container to install all the software they need using the distributions > > package manager, while building their own image. > > I see how that is buzarre, but paradoxically it might work in > freedom's favor here. If you use a free distro to build the > container, and put things in it with apt-get, you will get only free > software in it. Maybe that is a reliable method we could recommend. It also helps people that are stuck on non-free development platforms to reliably use free software. Though I should mention, that AFAIK the most popular package manager is Alpine's "apk", not Debian's "apt-get". > > > 3. Distributing free programs in containers tends to be bad for > > > the community's control over the program. Because people > > > don't build the program on the GNU/Linux distros they use, > > > and don't package it for those distros. > > > > > > This too we should use the opportunity to warn people about. > > > I think this could be added to the commentary section. > > Maybe so, but when you say "the commentary section", could you > be more precise? The commentary section of what documentation? The commentary section (;;; Commentary:) of an Emacs lisp file, as described in (elisp) Simple Packages. > After I get a little information here, I will move this to gnu-misc-discuss.