From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id 0GEZI8mgwWN0vQAAbAwnHQ (envelope-from ) for ; Fri, 13 Jan 2023 19:19:53 +0100 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id 8EkqI8mgwWMLZwEA9RJhRA (envelope-from ) for ; Fri, 13 Jan 2023 19:19:53 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 58E38295B9 for ; Fri, 13 Jan 2023 19:19:53 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pGOeJ-0003DQ-Ph; Fri, 13 Jan 2023 13:19:31 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pGOdr-0003BQ-7J for guix-patches@gnu.org; Fri, 13 Jan 2023 13:19:06 -0500 Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1pGOdq-0007oS-Va for guix-patches@gnu.org; Fri, 13 Jan 2023 13:19:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1pGOdq-0003sX-Eu for guix-patches@gnu.org; Fri, 13 Jan 2023 13:19:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#52109] How to resolve? (Re: [bug#52109] [PATCH] gnu: Add unrar-free.) Resent-From: Liliana Marie Prikler Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 13 Jan 2023 18:19:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 52109 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Simon Tournier , Giovanni Biscuolo , Maxim Cournoyer Cc: kiasoc5 , 52109@debbugs.gnu.org, Foo Chuan Wei Received: via spool by 52109-submit@debbugs.gnu.org id=B52109.167363389314833 (code B ref 52109); Fri, 13 Jan 2023 18:19:02 +0000 Received: (at 52109) by debbugs.gnu.org; 13 Jan 2023 18:18:13 +0000 Received: from localhost ([127.0.0.1]:52348 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pGOd2-0003r9-LX for submit@debbugs.gnu.org; Fri, 13 Jan 2023 13:18:13 -0500 Received: from mail-ej1-f67.google.com ([209.85.218.67]:46755) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pGOd0-0003qs-UH for 52109@debbugs.gnu.org; Fri, 13 Jan 2023 13:18:11 -0500 Received: by mail-ej1-f67.google.com with SMTP id fy8so54040909ejc.13 for <52109@debbugs.gnu.org>; Fri, 13 Jan 2023 10:18:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:user-agent:content-transfer-encoding:references :in-reply-to:date:cc:to:from:subject:message-id:from:to:cc:subject :date:message-id:reply-to; bh=wtVXuYEwzmJyNd3/lfuKjYIdt2+2Wb8+bYndY8vVAPQ=; b=mC79cjYgUioJVipswYWWatzYwx69iElhBXSPGTqPDUGhZnSE9g7hy+StEiDOH4ISG5 qBZK1SC7dLIRVu5mqRaAnA+zQ2sS4uTnSMY1Ae5A0Ly48jFLZehIc9lGqfK9pvrUpHkb km3QP1QKFRb6iNwYEq+aSbOxRss5dI9AcVZ5WD8Ppx1sVDH5ns0Zwk95UTMYNDWnBeec rERwKjJuEQl021bep9uFsjEei1OiLHm4h4k78RDuH9iLuBUJHMo8thY5tP0dmyR0oyfU Mz1SWimEMO/LpPhxYHn78C88kQ8Dp2usxDJW/iJFvtYSFZd/cWaxxX0Js8d1iSaSaxSx t82w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=mime-version:user-agent:content-transfer-encoding:references :in-reply-to:date:cc:to:from:subject:message-id:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=wtVXuYEwzmJyNd3/lfuKjYIdt2+2Wb8+bYndY8vVAPQ=; b=EWQXaxk87nytCENLNAemUZNn/9RuAQ9ld3aqTvbSBKJZWT4RGaqfvTaKYLZKmHOkJ3 576STzhQHEzS0WS2SnA9lOiUtJhk0JClHDC0KnwRKtWzX73khJHGCOCOQx9gFwuUWPfZ 2+faV8GVbzK4ZuCRp0/sbZQOEIcWO+dJen5rdNv97G/UHGzLTtqz7SLVmVzDqidofCL+ RjkVgq/53uw9W1q3SJ78DuirF4F/LY3F9WzZaNEAotN6gDteeO6RDsg3UkBceN7+W9za VsyjMUlD8IpZgYYA1ZlrJ/gqmXyB4sdR4Pyr1VWQNtLo7r65HcUM+biWt0SCXPY3Tqiv d2vA== X-Gm-Message-State: AFqh2kr1iQcQAH03wcroxMW7ZPlVg9HYg2j4l7UwpnFkLX6OSs1WHWES uILxZCo8YFBNs2xbpSfE07U= X-Google-Smtp-Source: AMrXdXtCwGe4TxeCM460lMFu6grpeOVYHNF2aY4tJbDd89KHkBwJY/GseEywI8oHdkmntUkvcUC7Nw== X-Received: by 2002:a17:907:4d6:b0:84d:3a95:cdf5 with SMTP id vz22-20020a17090704d600b0084d3a95cdf5mr16592878ejb.10.1673633884946; Fri, 13 Jan 2023 10:18:04 -0800 (PST) Received: from lumine.fritz.box (85-127-52-93.dsl.dynamic.surfer.at. [85.127.52.93]) by smtp.gmail.com with ESMTPSA id ku12-20020a170907788c00b0084d4564c65fsm6596866ejc.42.2023.01.13.10.18.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 13 Jan 2023 10:18:04 -0800 (PST) Message-ID: From: Liliana Marie Prikler Date: Fri, 13 Jan 2023 19:18:02 +0100 In-Reply-To: <877cxqwjen.fsf@gmail.com> References: <877cxqwjen.fsf@gmail.com> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.46.0 MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20210112 header.b=mC79cjYg; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none) ARC-Seal: i=1; s=key1; d=yhetil.org; t=1673633993; a=rsa-sha256; cv=none; b=IFxQdT/fPASQ9eTAOeQRfh/1OvXQILJT3M3vm2cNevTlDjJoE05b8t+8X4r2OHABfgM7WD QlomcqABjhBEc8DxAevKx9Zc/gdkAUO+imqT/X9bNmC7aIshO4yNmLqpPo7EbrGhOL8ari OTUl2OSb+Ume6UoWINGdXPc4x8EKi3mGv0N9mZvhBm3V6CPd7dfSqFS6+N7AmOTjr0OIuU HPS/jUUTzFv0zk4svKP05eLEWfajVjgY63cWj3f35yvBoURWxEF3qXalBOonSH9qzP2Woh 8KxvTHCzGhYhE01AUz6hefz+GnX57nkDT0bmILOWYIe8NDyjTiLQpiDDvG11HA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1673633993; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=wtVXuYEwzmJyNd3/lfuKjYIdt2+2Wb8+bYndY8vVAPQ=; b=BjqE9SJ1U3KjFSulQOoJ/N7/o/rPAZM5Eh1VNSQJ1kcQLACNcIjNvDOT72WMwBHEusBHuB Wtev88Q5dVnmNnqDUYvTsoYNWKWWj6h1wrAgPm4Ag6oUPP+PtRyW+6FOAuIo3vmD2rbnob DSjbODegV3o5Zy5eEVnMZb5wS2zM0UErRNS2Ylh55X+mnQ62D75yslPNm8iVliyeuEKn6v qli6IeAP/zPoCyLCXmHR5Iu34ok587u9yETodgvuMc2PlAQzHXpjS9HHhQw8eUc3mqCudm j1WqXDx0743w3OWvRIAU6zM4pUTLLcMZPd723GuyTv7W8augm0JIZ5BpLPQAJw== X-Migadu-Queue-Id: 58E38295B9 X-Migadu-Scanner: scn0.migadu.com Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20210112 header.b=mC79cjYg; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none) X-Migadu-Spam-Score: 0.20 X-Spam-Score: 0.20 X-TUID: uJ81F0bOI+sB Am Freitag, dem 13.01.2023 um 16:20 +0100 schrieb Simon Tournier: > Hi Liliana, >=20 > On jeu., 12 janv. 2023 at 21:29, Liliana Marie Prikler > wrote: >=20 > > > could this be a reason not to include a FSDG compliant software > > > in Guix? > >=20 > > A free system distribution must not steer users towards obtaining > > any nonfree information for practical use, or encourage them to do > > so. [4] >=20 > Liliana, it is *your* interpretation that unrar-free is=E2=80=93quoting > FSDG=E2=80=93=E2=80=9Csteering users toward obtaining any non-free inform= ation for > practical use, or encourage them to do so=E2=80=9D.=C2=A0 It is not the > interpretation of Trisquel folks.=C2=A0 It is not my interpretation and > probably also not the interpretation of many other peers here. I am aware of that and I pointed that out myself several times already. > For instance, a previous version of unrar had been added by commit, >=20 > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 0da8313c679f101c3f99970c50d6f0= fef995f633 > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 Author:=C2=A0=C2=A0=C2=A0=C2= =A0 John Darrington > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 AuthorDate: Wed Mar 1 07:00:05= 2017 +0100 > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 Commit:=C2=A0=C2=A0=C2=A0=C2= =A0 John Darrington > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 CommitDate: Wed Mar 1 18:57:00= 2017 +0100 >=20 > and then removed by 2560aa7adbfcb46306e8b19180bd48d39c2da6dc: >=20 > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 gnu: Remove unrar. >=20 > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 This package is abandoned upst= ream and contains serious bugs: >=20 > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 http://seclists.org/oss-sec/20= 17/q3/329 > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 https://cve.mitre.org/cgi-bin/= cvename.cgi?name=3DCVE-2017-14120 > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 https://cve.mitre.org/cgi-bin/= cvename.cgi?name=3DCVE-2017-14121 > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 https://cve.mitre.org/cgi-bin/= cvename.cgi?name=3DCVE-2017-14122 >=20 > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 * gnu/packages/compression.scm= (unrar): Remove variable. >=20 > Therefore, I am still missing what is blocking. ;-) I mean, I am not the only person, who can sign off commits here. I am merely raising my own concerns w.r.t. this package and refusing to sign off the commit myself =E2=80=93 I am not hindering anyone else from picking= it up. Now, I can't exactly give you my written permission to do so, but I will at least promise not to exercise my commit rights to revert it without some more pressing issue (like the CVEs noted above). > The fact that FSDG is poorly worded is one thing, indeed.=C2=A0 This > sentence =E2=80=9Csteering users toward obtaining any non-free informatio= n > for practical use, or encourage them to do so=E2=80=9D from these FSDG co= uld > also be interpreted to many other features =E2=80=93 another story. :-) Sure. > From my point of view, all the packages allowing interoperability > across various operating system (including non-free ones) fits my > understanding of the Liliana=E2=80=99s interpretation of =E2=80=9Csteer u= sers toward > obtaining any non-free information for practical use, or encourage > them to do so=E2=80=9D; interpretation mainly based =E2=80=93 again, if I= understand > correctly =E2=80=93 on speculations about the user=E2=80=99s intention.= =C2=A0 Therefore, > we should also remove the packages: mednafen, docx2txt, antiword, > bochs, cabextract, cl-mssql, emacs-powershell, etc. I fear your interpretation is made up of speculations of my intentions, or in other words straw. I do argue however, that for most people when they go seek out unrar-free, then it'd be because the archiver of their choice failed them, in which case unrar-free won't be able to do anything. Of the examples you list here, only cabextract is close in spirit to unrar-free, with the difference that cabextract relies on the CLI-less libmspack. If libmspack shipped with a CLI of its own that handles cabs, I would argue that cabextract is pretty pointless, but nonetheless it ironically doesn't even feature name confusion. > Any free reimplementation potentially offers a degraded experience > compared to the proprietary product.=C2=A0 It does not appear to me an > argument to raise that this potentially degraded experience leads to > =E2=80=9Csteering users toward obtaining any non-free information for > practical use, or encourage them to do so=E2=80=9D.=C2=A0 Even, from my p= oint of > view, it is the contrary: a free reimplementation even with weakness > is liberating. The thing is, you don't need unrar-free to get a degraded experience of unpacking rar archives. Any libarchive-based archive manager will do, most of which offer a more complete package. > Last, I do not understand your Liliana argument about =C2=ABObviously, > unrar-free has a different CLI =E2=80=93 that's is whole shtick, after al= l =E2=80=93 > but I'd argue that this doesn't matter, because the people who prefer > CLI over GUI know how to read manpages.=C2=BB.=C2=A0 Well, we could apply= it > many flavor of similar tools.=C2=A0 For instance, you would be in favor t= o > remove/drop the CLI dulwich provided by the package python-dulwich > since CLI Dulwich user could just read the Git man pages.=C2=A0 Or > similarly bmake vs make, coreutils vs busybox vs toybox, etc. If any of these packages were only offering alternative CLIs for another tool while also inviting name confusion, yes, I would be in favour of removing them. But that is not the case in any of the examples you list here. For the dulwich example, yes, it provides an alternative frontend to git, but the value of that package is that it's a pure python implementation of the git protocol, i.e. it doesn't use libgit.=20 (Interestingly, git is used as native input, presumably for testing purposes.) For bmake vs. GNU Make, I think that those are two different tools that do the same job similar to clang and gcc both being C compilers. Now removing clang because we have gcc would admittedly be pretty based, but sadly not an option, because some programs depend on certain implementation-defined behaviour of clang (and other parts of its infrastructure). For coreutils, busybox and toybox, these are again different implementations of the same thing with slight variations. Now, based on the controversial move of being GPL2 only, one could decide to remove busybox in favour of the rollover-licensed toybox, but as it stands I believe neither project steers users towards nonfree software either by name or otherwise. For contrast, the case we have with unrar-free is that we have a CLI in libarchive (bsdtar) and a different CLI in unrar-free, both of which use libarchive. This would be roughly equivalent to me making a new=C2=A0 CLI frontend for wine and calling it pro^H^H^Hwin10. > Without saying that I do not even know which Guix package provides > this bsdtar tool, from this FreeBSD tar manpage [1], it is not clear > if RAR is supported or not.=C2=A0 To know it, one needs to open this othe= r > man page [2].=C2=A0 Bah, yes an easy CLI matters! I hazard a guess that you didn't have to unpack many RAR archives via CLI then. Which fair enough, because there are other libarchive frontends to further prove my point that unrar-free is not needed. > All in all, it appears that we disagree. :-) That it does :) Cheers