From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: Re: Package inclusion criteria Date: Thu, 01 Feb 2018 00:48:14 +0100 Message-ID: <87a7wtpp35.fsf@gnu.org> References: <20180129215805.7086.26926@vcs0.savannah.gnu.org> <20180129215806.5F45C20512@vcs0.savannah.gnu.org> <87372ob6ub.fsf@netris.org> <20180130041713.GB7677@jasmine.lan> <87607it9r5.fsf_-_@gnu.org> <87efm6xgos.fsf@abyayala.i-did-not-set--mail-host-address--so-tickle-me> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:55314) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eh273-0000Lf-5R for guix-devel@gnu.org; Wed, 31 Jan 2018 18:48:22 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eh26z-0006kh-5X for guix-devel@gnu.org; Wed, 31 Jan 2018 18:48:21 -0500 Received: from hera.aquilenet.fr ([2a0c:e300::1]:52262) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1eh26y-0006kA-U7 for guix-devel@gnu.org; Wed, 31 Jan 2018 18:48:17 -0500 In-Reply-To: <87efm6xgos.fsf@abyayala.i-did-not-set--mail-host-address--so-tickle-me> (ng0@n0.is's message of "Wed, 31 Jan 2018 14:10:11 +0000") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: ng0@n0.is Cc: guix-devel@gnu.org ng0@n0.is skribis: > On Wed, 31 Jan 2018, ludo@gnu.org (Ludovic Court=C3=A8s) wrote: >> Hello, [...] >> I can understand Mark=E2=80=99s concerns, though I don=E2=80=99t have a = strong opinion >> on this particular package (I find it both =E2=80=9Cweird=E2=80=9D and = =E2=80=9Camusing=E2=80=9D; it >> reflects on how people use those Git services.) >> >> The only formal acceptance criterion for packages in Guix is that it >> must be free software and FSDG-compatible. However, there might be >> software we=E2=80=99d rather not include in Guix proper for various reas= ons. >> >> One example we discussed recently is a package that allowed users to >> exploit specific security vulnerabilities, IIRC, and at the time we >> chose not to include it. I suspect there are other situations where we >> might be inclined to reject the package, but it=E2=80=99s hard to antici= pate >> them; I suspect it=E2=80=99s going to be rare, though. >> >> Thoughts? > > I think we should do the following: > > * list examples of what has been previously rejected or dropped, > there we can list LISPF4 (accepted, never worked, code to be > considered not really copyright worthy, dropped), the recent > black/greyhat / PoC package I've sent, software not aligned > with the guidelines of Guix (for example linux),... > Probably best in full sentences "Software packages which are > intend to be used by professionals bla bla bla ..." Like I wrote, these are quite unusual situations and special cases. I don=E2=80=99t expect to be able to have a policy document covering possible cases. (Linux is not included because it contains non-free software; that=E2=80=99= s the one inclusion criterion that=E2=80=99s very clear and unambiguous.) Ludo=E2=80=99.