FSDG processes

FSDG processes

[Gábor Boskovits]

Hello,

Following a recent discussion regarding chromium on guix-devel, I got
interested in a few aspects of free software.

I have a number of question, and if you could refer me to
documentation regarding that, or just answer me in mail, I would
greatly appreciate that.

1. If there is a free software, how do we ensure that it remains free,
or that it gets into the list of software with freedom issues? Do we
supervise each commit? Do we check the upstream bug tracker for
freedom related bugs? Do we have a central place, where freedom
related bugs can be reported?

2. If there is a claim, that a given software has freedom issues, do
we accept that without any investigation? How do we protect ourselves
from a malicious actor faking these reports to hurt the reputation or
market share of a software? On the contrary, if we get a report that
the freedom issues don't exist any more, then we have to investigate
that?

3. If we have to investigate that a freedom issue does not exist any
more, how is that done?
Where can we track the progress of such an investigation? What is
needed to take part in that?

4. What does 'files with unclear licenses' mean?

5. There is a whole bunch of licenses listed as acceptable by FSDG,
including for example the 'modified BSD license', that do not mandate
to put anything your source file, just drop the LICENSE file in the
root folder of the project. The only thing I have seen why you would
include anything license related in your files, is that the licensing
remains clear in the case the file is copied out of the source tree.
It seems to me there is a contradiction here: there is a license
approved by the FSDG, but it is not approved at the same time, as
software gets rejected, stating that the license is unclear, however
the author did everything the license required. To me the only
resolution to this would be:
either to accept that files without the license notice, for licenses
that don't mandate their inclusion is really under the license;
or to declare all licenses not mandating the inclusion of a license
notice incompatible to the FSDG. What is your opinion on this?

Thank you very much for any insights.

Best regards,
g_bor

Re: FSDG processes

[Christopher Baines]

[-- Attachment #1: Type: text/plain, Size: 1918 bytes --]


Gábor Boskovits <boskovits@gmail.com> writes:

> Following a recent discussion regarding chromium on guix-devel, I got
> interested in a few aspects of free software.
>
> I have a number of question, and if you could refer me to
> documentation regarding that, or just answer me in mail, I would
> greatly appreciate that.

I haven't really been following the discussions around chromium, but I
have some opinions on the points below.

> 1. If there is a free software, how do we ensure that it remains free,
> or that it gets into the list of software with freedom issues? Do we
> supervise each commit? Do we check the upstream bug tracker for
> freedom related bugs? Do we have a central place, where freedom
> related bugs can be reported?

In the case of Guix, improving the review process for changes should
help avoid any non-free software slipping in. There are a number of
things that could be better automated, e.g. diffing sources and
comparing the output of licensecheck.

As for a central place to discuss freedom related issues in software,
maybe the Free Software Directory is somewhat central [1].

1: https://directory.fsf.org/wiki/Main_Page

> 2. If there is a claim, that a given software has freedom issues, do
> we accept that without any investigation? How do we protect ourselves
> from a malicious actor faking these reports to hurt the reputation or
> market share of a software? On the contrary, if we get a report that
> the freedom issues don't exist any more, then we have to investigate
> that?

In terms of Guix, issues with licensing and copyright in Guix can be
thought of as bugs. Bugs are tracked, investigated and hopefully
resolved.

In terms of freedom issues that have been resolved, if some software was
removed from Guix, then re-submitted, hopefully the review process upon
re-submission would clarify if it's now suitable or not.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 962 bytes --]