From mboxrd@z Thu Jan 1 00:00:00 1970 From: Giovanni Biscuolo Subject: Re: Guix and FSDG Date: Sat, 23 Nov 2019 11:04:24 +0100 Message-ID: <87a78mkixj.fsf@roquette.mug.biscuolo.net> References: <91c877cfe5d19d192b53da2c7cd2a741c30a37f7.camel@disroot.org> Mime-Version: 1.0 Content-Type: text/plain Return-path: Received: from eggs.gnu.org ([2001:470:142:3::10]:51502) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iYSHa-00079l-Pu for guix-devel@gnu.org; Sat, 23 Nov 2019 05:04:51 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1iYSHY-0001TE-5z for guix-devel@gnu.org; Sat, 23 Nov 2019 05:04:50 -0500 Received: from ns13.heimat.it ([46.4.214.66]:36460) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1iYSHW-0001SY-V5 for guix-devel@gnu.org; Sat, 23 Nov 2019 05:04:48 -0500 In-Reply-To: List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: "Thompson, David" , Raghav Gururajan Cc: guix-devel Hello, "Thompson, David" writes: [...] > This exact > circumstance was brought up in the early days of the Guix project when > FSDG compliance was a big topic of discussion because Ludovic and RMS > were making sure that Guix conformed to it. It is true that Guix will > download source archives for packages that *may* contain files with a > nonfree license. However, Guix has a special mechanism developed > specifically to deal with this issue. In Guix, the data type > is used to store information about a package's source code. In this > data structure there is a field called "snippet" which may contain a > custom procedure written by the person that wrote the package. The > role of the snippet procedure is to *remove* any files in the source > archive that are not freely licensed. The result is a new source > archive that contains only freely licensed files. The most important > part of this process is that the original source archive is *never* > accessible to the Guix user via any Guix tools. The original archive > is discarded and does not end up in the canonical location for Guix > data: /gnu/store. Thus, running `guix build --source > problematic-package` will only ever return the cleaned archive, never > the original with nonfree files. Therefore, Guix has taken sufficient > technical measures to avoid steering its user towards nonfree software > and thus Guix is compliant with the FSDG. [...] can we please consider to add a specific section to the manual including a properly redacted copy of this exact text? I think that specifically stating that no non-free code will be saved in store due to ``guix build`` is specifically addressed by the snippet field in (other procedures?) *and* assessed [1] by guix maintainers will be of great help in all future discussions on this topic (and there will be other discussions :-) ) WDYT? David whould you like to propose a patch if anouth consensus on this topic is reached? If you cannot, I can help on this. Thanks! Gio' [1] it means that missing to remove non-free code is considered a bug and treated accordingly to the FSGD -- Giovanni Biscuolo Xelera IT Infrastructures