From: Marius Bakke <marius@gnu.org>
To: guix-devel@gnu.org
Subject: Non-free data in Poppler test suite
Date: Tue, 28 Jun 2022 23:19:47 +0200 [thread overview]
Message-ID: <87k090qydo.fsf@gnu.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 1575 bytes --]
Hello Guix,
I discovered a potential freedom issue with the Poppler test suite.
Specifically it includes a file with the CC BY-NC-ND (non-commercial)
license:
https://gitlab.freedesktop.org/poppler/test/-/commit/920c89f8f43bdfe8966c8e397e7f67f5302e9435
It turns out the repository is filled with PDFs of unknown origins, that
are impossible to audit.
(this issue only exists on the "core-updates" branch)
Normally we'd remove such files with a 'snippet', but these files are
not actually shipped with Poppler itself: they are downloaded separately
and only used for running tests during the build process:
https://git.savannah.gnu.org/cgit/guix.git/tree/gnu/packages/pdf.scm?h=core-updates&id=8c3e9da13a3c92a7db308db8c0d81cb474ad7799#n226
As such, these files are not accessible to end users of Guix short of
disabling substitutes and grepping the store.
So the million dollar question ... are these files okay to use for Guix?
In my (non-lawyer) opinion, I have faith that Poppler developers would
not distribute files that are not freely redistributable, and that this
counts as "non-functional data" per FSDG guidelines:
https://www.gnu.org/distros/free-system-distribution-guidelines.html
However, we failed to reach a consensus on #guix[0]. What do others
around here think? Should we play it safe and disable Poppler tests?
Raise the issue with FSF? Something else?
[0]: https://logs.guix.gnu.org/guix/2022-06-28.log#195123
--
Thanks,
Marius
(And sorry for being gone for so long! I'm back now, promise.)
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 247 bytes --]
next reply other threads:[~2022-06-28 21:20 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-28 21:19 Marius Bakke [this message]
2022-06-28 21:29 ` Non-free data in Poppler test suite Maxime Devos
2022-07-01 12:57 ` Ludovic Courtès
2022-07-19 12:43 ` Maxime Devos
2022-06-29 8:04 ` zimoun
2022-07-01 13:12 ` Ludovic Courtès
2022-07-01 19:22 ` Mark H Weaver
2022-07-06 0:39 ` Marius Bakke
2022-07-02 14:12 ` Tobias Geerinckx-Rice
2022-07-02 9:04 ` Liliana Marie Prikler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87k090qydo.fsf@gnu.org \
--to=marius@gnu.org \
--cc=guix-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).