From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0.migadu.com ([2001:41d0:303:e16b::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms8.migadu.com with LMTPS id MMfZH7jf9WWQ9gAAqHPOHw:P1 (envelope-from ) for ; Sat, 16 Mar 2024 19:06:48 +0100 Received: from aspmx1.migadu.com ([2001:41d0:303:e16b::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0.migadu.com with LMTPS id MMfZH7jf9WWQ9gAAqHPOHw (envelope-from ) for ; Sat, 16 Mar 2024 19:06:48 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=none; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1710612408; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post; bh=bOYSqmp2XV4v7wvktBDWTOIYDhHM0ggqTIAKV3/8twY=; b=QcHiX7ULvUvFHJtxanTXavGHsxmDj/fvnVuLLFPR3jhFiO3sbAKk7VhPVPBJCXqOTqf9gT mfX+GbxUf6AynLPTEv5CDs4AOdV41RglgTlntAtdmcB1IOVhsLYyJAeu7Q/Ld/GCy8i/LU CSqUKGWlNWonT5oTsAco5NFzx7N+/yzvhEgUz829S154727eghuepCqszp5b6VSg1vkEGR bCEahmFgZkuM3hnHCpzQEH4CvJRq/dyQyv17YmCPRn5UOr6bxb69F+2zVY7ByVDr+vVQVL GfCfajMWv/rk1i7tMro3rVYeK99eD9m9E0cmdQ9KDIvzUwxUz1DFIKCBtwaYsw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"; dmarc=none ARC-Seal: i=1; s=key1; d=yhetil.org; t=1710612408; a=rsa-sha256; cv=none; b=bjm0d7uWzIdjl6++NkUNewN8Jg4SDhQCPHYIS2UGsgUheGqDA8PqHaFWZTHOpINLDOv6FQ iP+aeuqfBnKWP3aZqA9vhSKkoItUwvQmZCHF0VG0UVrBnnd1Gi2q5/Zu7x6e4bO39DlQvA g/lfEIn4OmOFX/YV7ghVuxp8Xtnpohz/PLxPIJth2z8gZsrRZwOdvbJbAyqw5bvcX6cgTN +spz8BKDUIfmWSPApUJNaFb32EPn8ycLc4+xZf3GCi8tK9VB88fqMw52g7qOz9s4u3Okyy Vcn9ckh+KJr3rIoAjb8XQ7LZ58kPhr6/BG8kFiEkeb7k3sar+qro0Fk8ScOIng== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 6D5426773E for ; Sat, 16 Mar 2024 19:06:48 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rlYQQ-0007Ns-K5; Sat, 16 Mar 2024 14:06:31 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rlYQG-0007NR-5g for guix-devel@gnu.org; Sat, 16 Mar 2024 14:06:20 -0400 Received: from mira.cbaines.net ([2a01:7e00:e000:2f8:fd4d:b5c7:13fb:3d27]) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rlYQD-00049X-RV for guix-devel@gnu.org; Sat, 16 Mar 2024 14:06:19 -0400 Received: from localhost (unknown [212.132.255.10]) by mira.cbaines.net (Postfix) with ESMTPSA id 3130427BBEA; Sat, 16 Mar 2024 18:06:16 +0000 (GMT) Received: from felis (localhost.lan [127.0.0.1]) by localhost (OpenSMTPD) with ESMTP id d3471e19; Sat, 16 Mar 2024 18:06:15 +0000 (UTC) References: <87il1mupco.fsf@meson> User-agent: mu4e 1.10.8; emacs 29.1 From: Christopher Baines To: Ian Eure Cc: guix-devel@gnu.org Subject: Re: Concerns/questions around Software Heritage Archive Date: Sat, 16 Mar 2024 17:50:10 +0000 In-reply-to: <87il1mupco.fsf@meson> Message-ID: <87cyruqcfe.fsf@cbaines.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Received-SPF: pass client-ip=2a01:7e00:e000:2f8:fd4d:b5c7:13fb:3d27; envelope-from=mail@cbaines.net; helo=mira.cbaines.net X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: guix-devel-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: -6.90 X-Spam-Score: -6.90 X-Migadu-Queue-Id: 6D5426773E X-Migadu-Scanner: mx13.migadu.com X-TUID: Kx99cEIHY+Xr --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Ian Eure writes: > Hi Guixy people, > > I=E2=80=99d never heard of SWH before I started hacking on Guix last fall= , and > it struck me as rather a good idea. However, I=E2=80=99ve seen some thin= gs > lately which have soured me on them. > > They appear to be using the archive to build LLMs: > https://www.softwareheritage.org/2024/02/28/responsible-ai-with-starcoder= 2/ > > I was also distressed to see how poorly they treated a developer who > wished to update their name: > https://cohost.org/arborelia/post/4968198-the-software-heritag > https://cohost.org/arborelia/post/5052044-the-software-heritag > > GPL=E2=80=99d software I=E2=80=99ve created has been packaged for Guix, w= hich I assume > means it=E2=80=99s been included in SWH. While I=E2=80=99m dealing with = their (IMO: > unethical) opt-out process, I likely also need to stop new copies from > being uploaded again in the future. > > Is there a way to indicate, in a Guix package, that it should *never* > be included in SWH? Not currently, and I don't really see the point in such a mechanism. If you really never want them to store your code, then you need to license it accordingly (and not make it free software). > Is there a way to tell Guix to never download source from SWH? Also no, and it's probably best to do this at the network level on your systems/network if you want this to be the case. Skipping back to this though: > I was also distressed to see how poorly they treated a developer who > wished to update their name: > https://cohost.org/arborelia/post/4968198-the-software-heritag > https://cohost.org/arborelia/post/5052044-the-software-heritag This is probably worth thinking about as Guix is in a similar situation regarding publishing source code, and people potentially wanting to change historical source code both in things Guix packages and Guix itself. Like Software Heritage, there's cryptographical implications for rewriting the Git history and modifying source tarballs or nars that contain source code. We have 17TiB of compressed source code and built software stored for bordeaux.guix.gnu.org now and we should probably work out how to handle people asking for things to be removed or changed (for any and all reasons). It's probably worth working out our position on this in advance of someone asking. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQKlBAEBCgCPFiEEPonu50WOcg2XVOCyXiijOwuE9XcFAmX135VfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcRHG1haWxAY2Jh aW5lcy5uZXQACgkQXiijOwuE9XfvwQ/+IsTP9nQBYkkg/sAUU9IsCGgQ8qaNP8EA wvfmRF19WiHOtOH9p7G8Y5+VdXLpb7VV+b1i+GLvNBljpZrWjLEfO01Huam8Acxg pCM89UzO3ur3XBX94WQB+XcSeU3amFDUg++Z7kc2H/7dyuk6wdCCY43USq3Vhj0c 6+zExjcSrDoQXYd8dmmga9KpBs57V6K2VRPJ1ZiXc+E/IYyROhn60Z4t+k0d0Oyu 9+LhLb1gAcQrsf/13otftBqXL93tuCojdCGqGu2CS3r86wXBxYGbPBkey9216hEk D0v2yaXHoyj7J3pp+EicNS0gRHMUxdCNosE5547S4OvfuxD0WVsjYVYykrxz+T2A vtRrATDbsyvIborhJcgMD18KEnWWlHbV3B6Kcb+oRZQHvGiusC4fKkRNsg+jZJH3 H/LvkRXv2YZ3u8FlYxG2N64dbJURMb0NGIDt/MArzfbp6kcIUowZ7INcnZhbqESp ZkhRxDMfFfy974iEowMNMAkajAwULrvSgAmd+DoLsJjEKwUgmBAD7gETxC5Xlz4X 3ZvikrDK1E9Oe6BVpQGAVNb5Ts62m8tzEao3y2t1ybIkWnNt5VLPwdf33qba07fB Zm7CQty93heEYSzSsDh0cXNwxBizW7L/CbUHF0qgzT5IXQLnUIHeXlvg80zZckLq zP7m49Xrglc= =f7Lu -----END PGP SIGNATURE----- --=-=-=--