From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Gregory Heytings <gregory@heytings.org>
Newsgroups: gmane.emacs.devel
Subject: Re: [PROPOSAL] Builder, a build system integration for Emacs
Date: Mon, 29 May 2023 22:05:29 +0000
Message-ID: <be1dff20e01faeca3cd9@heytings.org>
References: <95980ffc-86e7-ad54-4a20-539d8c6ea5d0@mailo.com>
 <db80c4c7-f2f5-f90c-8930-19fc9c064446@gmail.com>
 <3f68f4bc-d426-0bcc-1329-674c12b29386@mailo.com>
 <ae8100bc-3fdb-32fd-d312-db93c309f1d7@gmail.com>
 <76e12f7c-335f-476b-ffb3-fd8e8e4ab5d0@mailo.com>
 <87pm6rx4ea.fsf@yahoo.com> <e5369a89-cfc3-2b61-0704-51716ed615b9@mailo.com>
 <87wn0ytefw.fsf@gmail.com> <E1q1w97-0001Hv-Jz@fencepost.gnu.org>
 <beae68ea91366e2f4caf@heytings.org> <ZG7dTDSFOB3kJ2ab@tuxteam.de>
 <beae68ea91318e085b3e@heytings.org> <83h6s0n95y.fsf@gnu.org>
 <beae68ea91e6ab2063f1@heytings.org> <83edn4myz4.fsf@gnu.org>
 <beae68ea9180a65a4837@heytings.org> <83a5xsmuc0.fsf@gnu.org>
 <beae68ea9188c4433e8d@heytings.org> <E1q2enT-0007co-3D@fencepost.gnu.org>
 <3a315ddd3a25a56c8d6a@heytings.org>
 <E1q3OFi-0000hj-Jp@fencepost.gnu.org>
Mime-Version: 1.0
Content-Type: text/plain; format=flowed; charset=us-ascii
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="3630"; mail-complaints-to="usenet@ciao.gmane.io"
Cc: emacs-devel@gnu.org
To: Richard Stallman <rms@gnu.org>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Tue May 30 00:05:59 2023
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>)
	id 1q3l03-0000eS-IU
	for ged-emacs-devel@m.gmane-mx.org; Tue, 30 May 2023 00:05:59 +0200
Original-Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <emacs-devel-bounces@gnu.org>)
	id 1q3kzf-0006jQ-Tv; Mon, 29 May 2023 18:05:35 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <gregory@heytings.org>)
 id 1q3kze-0006gO-Ah
 for emacs-devel@gnu.org; Mon, 29 May 2023 18:05:34 -0400
Original-Received: from heytings.org ([95.142.160.155])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <gregory@heytings.org>)
 id 1q3kzc-0005MJ-OP; Mon, 29 May 2023 18:05:34 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=heytings.org;
 s=20220101; t=1685397930;
 bh=8/hb5fVsxBPUtblLiucwtNisH7ue9R4eEdhbzmyVJcg=;
 h=Date:From:To:cc:Subject:In-Reply-To:Message-ID:References:From;
 b=obcIqLSYeEazg4d+zlcEAOdjYMIxEbJbkQa0Hg69WPpLZAPj07DPCeMQS3IBew7WM
 M34lyCTqWPF6c6pykGVSBf2YOQK+oYr4msw/PEv26Z6zl0jLGuXszEaniGU3W2kbaV
 xW6XzjDTKfnlvFvCKUCcfsgHiSCASxy4MkzKZh2JFRDRmO5SzI/83fOOQ6kOniXAmD
 0I+mzF5waoA5bqSboA9/DQOl57vBC4apxRUK/96jO7WSI91OgAPVxQUVsT8eZsFTDW
 /4CudcSWzSnZvzldVwkoYgzw/E6+RvFiVER/QlOPNHHrn3N+VonfqZQzQntg1v8Mvk
 G+zBKXNzNsVOg==
In-Reply-To: <E1q3OFi-0000hj-Jp@fencepost.gnu.org>
Received-SPF: pass client-ip=95.142.160.155; envelope-from=gregory@heytings.org;
 helo=heytings.org
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001,
 SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org
Xref: news.gmane.io gmane.emacs.devel:306394
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/306394>


>
> So if you build a Rust program Foo, its dependencies will cause some 
> libraries to be loaded from crates.io, and their dependencies will cause 
> other libraries to be loaded from crates.io, and so on recursively.  Is 
> that right?
>

That is right.

>
> And if any of those libraries specifies a nonfree dependency, that 
> nonfree code will get compiled into the program Foo -- right?
>

That is right.

>
> If so, that puts freedom at risk.  It means that any time you build a 
> Rust program that you have not thoroughly studied, you don't know 
> whether it will incorporate nonfree software.
>
> Have I made any mistake in this reasoning?
>

The mistake is that those who care about software freedom can easily check 
whether a program incorporates non-free code, _without_ thoroughly 
studying that program.

There are at least two options to do that, which were already mentioned 
upthread: (1) running "cargo tree -f '{l}'", which will display the 
license of each of the dependencies of the program, recursively (that 
option works out of the box), and (2) installing a plugin for cargo, named 
"cargo deny", which is itself free software, and with which you can check, 
again recursively, whether all the dependencies of a program are free 
(more precisely: have a license that is present in the list of licenses 
you have chosen to allow).

>
> I think we should move this to gnu-prog-disc.
>

I'm not subscribed to that mailing list, which AFAIK is an internal 
mailing list with restricted access.