From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms8.migadu.com with LMTPS id QEX3N7Px9WVMHAAA62LTzQ:P1 (envelope-from ) for ; Sat, 16 Mar 2024 20:23:32 +0100 Received: from aspmx1.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1.migadu.com with LMTPS id QEX3N7Px9WVMHAAA62LTzQ (envelope-from ) for ; Sat, 16 Mar 2024 20:23:31 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=none; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1710617011; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post; bh=DnqFmABeyjrM1yahEdhC1cvYJxNPg6yzSHLeyoC9OAU=; b=jz2DQwxv8v63YgbHoX22OpHfld0HQXHj5hqauQI35IKatotRLnCtKlQ0aDLEcqxstPmz+k Pv7B7BQam2DZSgzW5njBebEOz37CRVqo16HdoJTrNaDaKf5zGneXL2JIjOHgc3Rcgw0B29 t/8gBRVlk7VZusYadBQiigyb2WGJtht9lKELyQUiJ/wM+meoqTILvSo4rbmp2ik/2z1idD Uh2B69FI4hnsGBNxFo245n1D+LvFy+o6FHmqHWNxqxpR5j7RN8YUhptsiPihQG0nrCJrRZ POx0y2gdmZfIldCbzbEojGFfD/8iG7P89gy1wBAyKuw+PCZsDR0cg4kNHiqbFA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"; dmarc=none ARC-Seal: i=1; s=key1; d=yhetil.org; t=1710617011; a=rsa-sha256; cv=none; b=IF4AwZMGFVobgtARS5g7G9Eun2pjLCd6B3Sfn+YCazYgvSP4Csy52F2t9CAQzqj8MkpeX5 /dmFvY7aO0UyuQF5RGbDAyLy1s05Wp8GdbpyvchlxDgEVIc9guCe6eDhOPahgX2GqF6PYz BpzJcdtZfIi4kt/k1BcHFovIOl0VwtdhhGe+vAanLO7/OIHOcdS6DedvnkewVwYa69qi2a loxAwYFeBbIHm7QVArl/LDcwkQoMSl0dzSyognWRQfND8rFypgleA3/6c3W/tkzu2wBJQq x1BgSzlDUaqQQeZ/bW+b0+QhIaPDUw+tW5N4tOUH0rQA8MOzoNidvQ/N8HECYw== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 7952963DE2 for ; Sat, 16 Mar 2024 20:23:31 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rlZUv-0001Cw-Hj; Sat, 16 Mar 2024 15:15:13 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rlZUt-0001Ce-As for guix-devel@gnu.org; Sat, 16 Mar 2024 15:15:11 -0400 Received: from mira.cbaines.net ([212.71.252.8]) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rlZUr-0006Bc-6k for guix-devel@gnu.org; Sat, 16 Mar 2024 15:15:11 -0400 Received: from localhost (unknown [212.132.255.10]) by mira.cbaines.net (Postfix) with ESMTPSA id C7DA027BBEA; Sat, 16 Mar 2024 19:15:07 +0000 (GMT) Received: from felis (localhost.lan [127.0.0.1]) by localhost (OpenSMTPD) with ESMTP id e7347eac; Sat, 16 Mar 2024 19:15:06 +0000 (UTC) References: <87il1mupco.fsf@meson> <87cyruqcfe.fsf@cbaines.net> User-agent: mu4e 1.10.8; emacs 29.1 From: Christopher Baines To: MSavoritias Cc: Ian Eure , guix-devel@gnu.org Subject: Re: Concerns/questions around Software Heritage Archive Date: Sat, 16 Mar 2024 19:08:04 +0000 In-reply-to: Message-ID: <878r2iq98n.fsf@cbaines.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Received-SPF: pass client-ip=212.71.252.8; envelope-from=mail@cbaines.net; helo=mira.cbaines.net X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: guix-devel-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN X-Migadu-Scanner: mx12.migadu.com X-Migadu-Spam-Score: -8.40 X-Spam-Score: -8.40 X-Migadu-Queue-Id: 7952963DE2 X-TUID: eJythOiANrSI --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable MSavoritias writes: > On 3/16/24 19:50, Christopher Baines wrote: >> Ian Eure writes: >> >>> Hi Guixy people, >>> >>> I=E2=80=99d never heard of SWH before I started hacking on Guix last fa= ll, and >>> it struck me as rather a good idea. However, I=E2=80=99ve seen some th= ings >>> lately which have soured me on them. >>> >>> They appear to be using the archive to build LLMs: >>> https://www.softwareheritage.org/2024/02/28/responsible-ai-with-starcod= er2/ >>> >>> I was also distressed to see how poorly they treated a developer who >>> wished to update their name: >>> https://cohost.org/arborelia/post/4968198-the-software-heritag >>> https://cohost.org/arborelia/post/5052044-the-software-heritag >>> >>> GPL=E2=80=99d software I=E2=80=99ve created has been packaged for Guix,= which I assume >>> means it=E2=80=99s been included in SWH. While I=E2=80=99m dealing wit= h their (IMO: >>> unethical) opt-out process, I likely also need to stop new copies from >>> being uploaded again in the future. >>> >>> Is there a way to indicate, in a Guix package, that it should *never* >>> be included in SWH? >> Not currently, and I don't really see the point in such a mechanism. If >> you really never want them to store your code, then you need to license >> it accordingly (and not make it free software). > > You are talking about legal tho. Yes legally they can copy the code. > > But what can Guix do socially to give people the choice? For reasons > of consent that is. ... >>> I was also distressed to see how poorly they treated a developer who >>> wished to update their name: >>> https://cohost.org/arborelia/post/4968198-the-software-heritag >>> https://cohost.org/arborelia/post/5052044-the-software-heritag >> This is probably worth thinking about as Guix is in a similar situation >> regarding publishing source code, and people potentially wanting to >> change historical source code both in things Guix packages and Guix >> itself. >> >> Like Software Heritage, there's cryptographical implications for >> rewriting the Git history and modifying source tarballs or nars that >> contain source code. >> >> We have 17TiB of compressed source code and built software stored for >> bordeaux.guix.gnu.org now and we should probably work out how to handle >> people asking for things to be removed or changed (for any and all >> reasons). >> >> It's probably worth working out our position on this in advance of >> someone asking. > > I would go a step further actually. Software Heritage is effectively > breaking CoC of Guix now. > > Im not proposing removing all code or something obviously that > connects to Software Heritage, but there should be some social action > we can take. > > > For example until the matter is resolved and Software Heritage > implements a process that respects trans rights Software Heritage > should not be welcome in Guix Spaces. As I say, Guix is in a very similar situation as a project to Software Heritage, we publish artefacts containing peoples personal details and there are technical implications in changing the personal details in those artefacts. The only difference as far as I'm aware is that no one is currently asking Guix as a project to update their personal details in the artefacts we store and publish. As a project, we should sort out our stuff before jumping to judge others. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQKlBAEBCgCPFiEEPonu50WOcg2XVOCyXiijOwuE9XcFAmX177hfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcRHG1haWxAY2Jh aW5lcy5uZXQACgkQXiijOwuE9XdXiQ/+NhWrbhCuuONMP4Yjm+CXS8tIFg9AnDak eXfvl3sLKLpYdoXGRXC2rXP0a2Acdo7FkLT4bMblEZB9vXtqZe6UePLF2bj//NGg PU0EhgbPNB6LUaHEzkRWXp+Lu/P6OlhrNVfPoLgXLVWXFkHa697K1HJI7QlaQQHy fFNzyjzzyJFUOkUV2CqbJxGaWpg7t5eLaPldS1jtwwSpXXGcH0g828XDFM7w7zIx FflikcDVcFgLjQi4SRz+rw7IVQYFxQ+n1cuxliFB9E8VNOWQJ0Wj1g3r3762g4Ju HiSMiIDV0iLLkZgSoVmJzBrvfnNepDtT4I7At8bMbgxGScCNY+bteaB8tX1KL3Zw +nrbJdGn84wVwBdmNZf/KO7O3Iz7zC1rZuXOP0C67mWebVKOIraBAYGmLS0nE0n8 QBJ6ImOx+M3OR899I1JzfJqhHgByh7vYRg0TX9a6ZAnA9miG1nBPOdrw5CVWlJQB l1Q3Yy69/ZZ7IFwSKYsFJIvJMtrebEcaomOEXrqgOVz3hbO2A9TbT10/vj0Cjnly QqIGeP6SWwCZ8xVhNETcf0xEWNCrNvsssEf2Sbpu6zVwC80Fq1acTuOCdjd1QeMa 7KFvXczBgBEq2Tuhr6gNBU6gGjJSlgtBvZuNFXL2MNjhsPN+EJtiEtl0qFPtiQyS qZlufnj98fo= =WdWe -----END PGP SIGNATURE----- --=-=-=--