* Guix role in a free society @ 2024-03-18 17:48 Vivien Kraus 2024-03-18 18:16 ` Tomas Volf 2024-03-20 17:44 ` Giovanni Biscuolo 0 siblings, 2 replies; 7+ messages in thread From: Vivien Kraus @ 2024-03-18 17:48 UTC (permalink / raw) To: guix-devel Hello, Free software enables cooperation in a free society. More precisely, it makes it easy for a user of a package to use a new version where the personal information has been corrected. The thread in [1] questions our handling of potential cases where a transgender contributor of Guix or one of its packages requests to change their name. While it would be nothing but cruel to deny such a request, I want to consider the broader case of updating personal information in general. If someone asks you to update your installation of a package to a new tarball with updated personal information (or a new tag in a rewritten history), then in a non-free society, you can only say, “Sorry, I’m not allowed to”. In a free society, you’re allowed to, and you have tools at your fingertips to make sure it’s harmless to you (diff with your old version, if you are alone, or collectively check that it follows semver, remember that it still has all the CVEs, and forget about the old thing). If accepting such a safe update makes a security system fire false positives (such as, guix pull saying there’s a downgrade attack if guix’ history has been safely rewritten), then it’s a limitation of the security system. If it’s too much work to silence this warning for a legitimate reason, then make an announcement about this particular false positive and let the user proceed. The guix users, I claim, would rather have a distribution of guix (and the packages it provides) with accurate personal information, even if it means to be annoyed for a moment with a security system. Best regards, Vivien [1] https://lists.gnu.org/archive/html/guix-devel/2024-03/msg00138.html P.S. I am desensitized to eye-rolling when I talk about free software ;) ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Guix role in a free society 2024-03-18 17:48 Guix role in a free society Vivien Kraus @ 2024-03-18 18:16 ` Tomas Volf 2024-03-18 18:26 ` MSavoritias 2024-03-20 17:44 ` Giovanni Biscuolo 1 sibling, 1 reply; 7+ messages in thread From: Tomas Volf @ 2024-03-18 18:16 UTC (permalink / raw) To: Vivien Kraus; +Cc: guix-devel [-- Attachment #1: Type: text/plain, Size: 849 bytes --] On 2024-03-18 18:48:27 +0100, Vivien Kraus wrote: > The guix users, I claim, would rather have a distribution of guix (and > the packages it provides) with accurate personal information, even if > it means to be annoyed for a moment with a security system. Single data point: As a Guix user (and occasional contributor, albeit not a committer), I would very much prefer a system that does not rewrite the history. When someone wants to correct their name (for whatever reason), I would prefer it to be done going forward, not retroactively. I think making such broad statements without some empirical study is not great, since it is, as you said yourself, just your claim not supported by anything (as far as I can tell). Tomas Volf -- There are only two hard things in Computer Science: cache invalidation, naming things and off-by-one errors. [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Guix role in a free society 2024-03-18 18:16 ` Tomas Volf @ 2024-03-18 18:26 ` MSavoritias 2024-03-18 19:08 ` Tobias Alexandra Platen ` (2 more replies) 0 siblings, 3 replies; 7+ messages in thread From: MSavoritias @ 2024-03-18 18:26 UTC (permalink / raw) To: Vivien Kraus, guix-devel On 3/18/24 20:16, Tomas Volf wrote: > On 2024-03-18 18:48:27 +0100, Vivien Kraus wrote: >> The guix users, I claim, would rather have a distribution of guix (and >> the packages it provides) with accurate personal information, even if >> it means to be annoyed for a moment with a security system. > Single data point: As a Guix user (and occasional contributor, albeit not a > committer), I would very much prefer a system that does not rewrite the history. > When someone wants to correct their name (for whatever reason), I would prefer > it to be done going forward, not retroactively. > > I think making such broad statements without some empirical study is not great, > since it is, as you said yourself, just your claim not supported by anything (as > far as I can tell). > > Tomas Volf > > -- > There are only two hard things in Computer Science: > cache invalidation, naming things and off-by-one errors. It pretty easy to see who most people that use Guix agree with that actually. Check what the CoC says right here -> https://git.savannah.gnu.org/cgit/guix.git/tree/CODE-OF-CONDUCT |We as members, contributors, and leaders pledge to make participation in our community a harassment-free experience for everyone, regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, caste, color, religion, or sexual identity and orientation. We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, and healthy community. | So since the Guix community have agreed to make it welcoming to everybody we have to take into account people that will want to change their names. Social inclusion and people are above any tech ideals we may have. We dont need to rewrite history at all also. There was a solution already by Gitlab which was also proposed in the other thread (for legal reasons) to do with UUIDs. MSavoritias ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Guix role in a free society 2024-03-18 18:26 ` MSavoritias @ 2024-03-18 19:08 ` Tobias Alexandra Platen 2024-03-18 20:05 ` Richard Sent 2024-03-18 22:24 ` Ludovic Courtès 2 siblings, 0 replies; 7+ messages in thread From: Tobias Alexandra Platen @ 2024-03-18 19:08 UTC (permalink / raw) To: guix-devel I am transgender and plan to contribute to Guix soon. Mostly submitting packages and so on. I never saw any violation of the code of conduct, but this does not mean they do not exist. On Mon, 2024-03-18 at 20:26 +0200, MSavoritias wrote: > > On 3/18/24 20:16, Tomas Volf wrote: > > On 2024-03-18 18:48:27 +0100, Vivien Kraus wrote: > > > The guix users, I claim, would rather have a distribution of guix > > > (and > > > the packages it provides) with accurate personal information, > > > even if > > > it means to be annoyed for a moment with a security system. > > Single data point: As a Guix user (and occasional contributor, > > albeit not a > > committer), I would very much prefer a system that does not rewrite > > the history. > > When someone wants to correct their name (for whatever reason), I > > would prefer > > it to be done going forward, not retroactively. > > > > I think making such broad statements without some empirical study > > is not great, > > since it is, as you said yourself, just your claim not supported by > > anything (as > > far as I can tell). > > > > Tomas Volf > > > > -- > > There are only two hard things in Computer Science: > > cache invalidation, naming things and off-by-one errors. > > It pretty easy to see who most people that use Guix agree with that > actually. Check what the CoC says right here -> > https://git.savannah.gnu.org/cgit/guix.git/tree/CODE-OF-CONDUCT > > > We as members, contributors, and leaders pledge to make > > participation > in our community a harassment-free experience for everyone, > regardless > of age, body size, visible or invisible disability, ethnicity, sex > characteristics, gender identity and expression, level of experience, > education, socio-economic status, nationality, personal appearance, > race, caste, color, religion, or sexual identity and orientation. We > pledge to act and interact in ways that contribute to an open, > welcoming, diverse, inclusive, and healthy community. | > > So since the Guix community have agreed to make it welcoming to > everybody we have to take into account people that will want to > change > their names. > > Social inclusion and people are above any tech ideals we may have. > > > We dont need to rewrite history at all also. There was a solution > already by Gitlab which was also proposed in the other thread (for > legal > reasons) to do with UUIDs. > > > MSavoritias > > ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Guix role in a free society 2024-03-18 18:26 ` MSavoritias 2024-03-18 19:08 ` Tobias Alexandra Platen @ 2024-03-18 20:05 ` Richard Sent 2024-03-18 22:24 ` Ludovic Courtès 2 siblings, 0 replies; 7+ messages in thread From: Richard Sent @ 2024-03-18 20:05 UTC (permalink / raw) To: MSavoritias; +Cc: Vivien Kraus, guix-devel > It pretty easy to see who most people that use Guix agree with that > actually. Check what the CoC says right here I believe that Guix can continue to achieve a welcoming, harassment-free environment even if we're not able to support repo authorship history modification. (Or non-destructive attribution.) I'm not in favor of (mandatory and global) UUIDs. To my understanding there are two options for how they could be implemented: a) UUIDs are used with .mailmap 1) This doesn't solve the problem since .mailmap itself is also tracked in git. Any old names/aliases are still in the repo. 2) This would mask the name change. To my knowledge unless someone is actively browsing .mailmap's log, the old name shouldn't appear. I understand why people may feel that's insufficient though. 3) I don't believe any mechanism stops someone from choosing to do this already? b) The UUID->Name mapping is stored out of band (GitLab's unimplemented solution) 1) This adds additional complication to development (need to fetch files over a network at some point, be sure you're using the right UUID even if you change machines, update your out of band copy regularly, etc). We may be able to partially resolve b) but I doubt it's possible to turn it into a "no-impact" process. It almost certainly would add steps for new contributors. We don't want even more barriers to their first patch. We could choose to allow people to opt-in to using UUIDs and also use out-of-band storage, I suppose, but that would only help those who already suspected they'd want to change their name, but didn't want to change it at that moment. Otherwise a) would suffice. Perhaps there are better options I'm not thinking of. Would UUIDs be valid for the copyright notices at the top of files? -- Take it easy, Richard Sent Making my computer weirder one commit at a time. ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Guix role in a free society 2024-03-18 18:26 ` MSavoritias 2024-03-18 19:08 ` Tobias Alexandra Platen 2024-03-18 20:05 ` Richard Sent @ 2024-03-18 22:24 ` Ludovic Courtès 2 siblings, 0 replies; 7+ messages in thread From: Ludovic Courtès @ 2024-03-18 22:24 UTC (permalink / raw) To: MSavoritias; +Cc: Vivien Kraus, guix-devel Hi MSavoritias, MSavoritias <email@msavoritias.me> skribis: > So since the Guix community have agreed to make it welcoming to > everybody we have to take into account people that will want to change > their names. As I wrote earlier, several Guix contributors changed names in the past. As a project, we always recognized the importance of calling people by their chosen name and so those changes went smoothly. So 💯 on your comment above. Now, I’d invite everyone to slow down on this conversation. There are important human and technical issues at stake, none of which is new or specific to Guix or SWH. Ludo’. ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Guix role in a free society 2024-03-18 17:48 Guix role in a free society Vivien Kraus 2024-03-18 18:16 ` Tomas Volf @ 2024-03-20 17:44 ` Giovanni Biscuolo 1 sibling, 0 replies; 7+ messages in thread From: Giovanni Biscuolo @ 2024-03-20 17:44 UTC (permalink / raw) To: Vivien Kraus, guix-devel [-- Attachment #1: Type: text/plain, Size: 1479 bytes --] Hello Vivien, Vivien Kraus <vivien@planete-kraus.eu> writes: > Free software enables cooperation in a free society. More precisely, it > makes it easy for a user of a package to use a new version where the > personal information has been corrected. The thread in [1] questions > our handling of potential cases where a transgender contributor of Guix > or one of its packages requests to change their name. While it would be > nothing but cruel to deny such a request Please do not frame the question that way because it's very different: the original request is _not_ to use the correct personal information in a new package to be distributed (and potentially used), the request is to modify the _correct_ personal information (self) published in the past by rewriting the git history of the SHW archived copy of the software. Guix contributors or package authors can change their personal information - usually their name and email in copyright attribution(s) and documentation - at any moment and that will be _authomatically_ propagated in all new Guix built artifacts and/or in the Guix git repositories. Also, git can _display_ a different name in git logs if instructed to to so via .mailmap The problem, let me call it a "rights clash", arises when pretenting that "rewriting the past" is a right people can exercise, protected by the european GDPR also. [...] Loving, Gio' -- Giovanni Biscuolo Xelera IT Infrastructures [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 849 bytes --] ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2024-03-20 17:44 UTC | newest] Thread overview: 7+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2024-03-18 17:48 Guix role in a free society Vivien Kraus 2024-03-18 18:16 ` Tomas Volf 2024-03-18 18:26 ` MSavoritias 2024-03-18 19:08 ` Tobias Alexandra Platen 2024-03-18 20:05 ` Richard Sent 2024-03-18 22:24 ` Ludovic Courtès 2024-03-20 17:44 ` Giovanni Biscuolo
Code repositories for project(s) associated with this public inbox https://git.savannah.gnu.org/cgit/guix.git This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).