From: Richard Stallman <rms@gnu.org>
To: Philip Kaludercic <philipk@posteo.net>
Cc: emacs-devel@gnu.org
Subject: Re: [ELPA] new package: tramp-docker
Date: Sat, 15 Oct 2022 16:43:48 -0400 [thread overview]
Message-ID: <E1ojo0a-0004or-5f@fencepost.gnu.org> (raw)
In-Reply-To: <874jwd43fw.fsf@posteo.net> (message from Philip Kaludercic on Sun, 09 Oct 2022 11:54:59 +0000)
[[[ To any NSA and FBI agents reading my email: please consider ]]]
[[[ whether defending the US Constitution against all enemies, ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]
> But you also don't need to
> use the site itself, the "docker"/"podman" commands take care of
> fetching everything you need, just like "apt-get" would.
apt-get fetches lists of packages from a web site, and then fetched
the packages themselves from it too. Is that what the `docker' and
`podman' commands do? It looks that way. If so, then running them
is a way of using the respective sites, not an alternative to doing so.
Accessing the site that way has an advantage: if `docker' and `podman'
are free programs, and assuming they don't silently run any software
fetched from the site, this avoids the danger that browsing the site
would run nonfree JS code.
So far, so much the better. But that leaves this problem:
> > Is there an easy way you can ensure that _all_ the programs you put
> > into a new container are free? Is there an easy way to verify that
> > the contents of a container are free?
> Without an index that would only host free software, I don't see how
> this would currently be possible.
That's what I expected. Alas, the natural consequence is that
building containers implies a risk of including nonfree software. The
more packages, the more risk.
As long as that is the case, we should warn people off of distributing
containers.
GNU Emacs is not the place to publish that general point, but where we
mention support for containers, let's include this.
Containers pose problems for software freedom. If you are careful,
you can make and then use a container with only free packages. But
when you make a container with more than a few packages, there is
nothing to help you make sure each and every one is free/libre, and
no easy way to verify this for an existing container. We recommend
staying away from containers made by others unless they explicitly
commit to carefully ensure the whole contents are free/libre.
--
Dr Richard Stallman (https://stallman.org)
Chief GNUisance of the GNU Project (https://gnu.org)
Founder, Free Software Foundation (https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)
next prev parent reply other threads:[~2022-10-15 20:43 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-23 15:58 [ELPA] new package: tramp-docker Brian Cully via Emacs development discussions.
2022-09-23 16:19 ` Philip Kaludercic
2022-09-23 17:47 ` Michael Albinus
[not found] ` <63d5f29a-05ed-f8c5-796c-a6eb9e28d575@spork.org>
2022-09-23 18:00 ` Michael Albinus
2022-09-23 18:09 ` Michael Albinus
2022-09-24 10:34 ` Michael Albinus
[not found] ` <44bd6537-316c-acc7-a4d6-6123bc32e2c0@spork.org>
2022-09-24 16:56 ` Michael Albinus
2022-09-24 17:31 ` Brian Cully via Emacs development discussions.
2022-09-27 16:54 ` Michael Albinus
2022-09-24 2:44 ` [ELPA] " Richard Stallman
2022-09-24 5:53 ` Robin Tarsiger
2022-09-24 10:45 ` Michael Albinus
2022-10-06 22:03 ` Richard Stallman
2022-10-07 7:35 ` Philip Kaludercic
2022-10-08 22:34 ` Richard Stallman
2022-10-09 11:54 ` Philip Kaludercic
2022-10-15 20:43 ` Richard Stallman
2022-10-15 20:43 ` Richard Stallman [this message]
2022-10-16 13:33 ` Philip Kaludercic
2022-10-17 12:30 ` zimoun
2022-10-19 17:02 ` Richard Stallman
2022-10-20 8:18 ` zimoun
2022-10-22 20:03 ` Richard Stallman
2022-10-15 20:43 ` Richard Stallman
2022-10-10 13:55 ` Brian Cully via Emacs development discussions.
2022-10-10 17:46 ` zimoun
2022-10-03 13:03 ` Philippe Vaucher
[not found] <bf072225-5933-aef0-6fed-4da031311766@spork.org>
2022-10-03 13:45 ` Brian Cully via Emacs development discussions.
2022-10-03 17:52 ` Michael Albinus
-- strict thread matches above, loose matches on Subject: below --
2022-10-16 4:46 Payas Relekar
2022-10-18 12:06 ` Richard Stallman
2022-10-18 9:11 ` Payas Relekar
2022-10-20 19:45 ` Richard Stallman
2022-10-21 11:35 ` Payas Relekar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=E1ojo0a-0004or-5f@fencepost.gnu.org \
--to=rms@gnu.org \
--cc=emacs-devel@gnu.org \
--cc=philipk@posteo.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).