From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ricardo Wurmus <rekado@elephly.net>
Subject: Re: persistent reproducibility ?
Date: Thu, 23 Mar 2017 13:32:11 +0100
Message-ID: <87k27grx6c.fsf@elephly.net>
References: <CAJ3okZ1H508UC5gZYSeoZAxzsnCoNac3CTm6eCAC5FSsx-BxQA@mail.gmail.com>
	<87shm6wqju.fsf@gnu.org>
	<CAJ3okZ2erRX_oPveaFR7RDNGCrm10BPSDQjB-iKSSPCDd2esbA@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Return-path: <help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:48162)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <rekado@elephly.net>) id 1cr1ug-0002tA-Hs
	for help-guix@gnu.org; Thu, 23 Mar 2017 08:32:23 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <rekado@elephly.net>) id 1cr1uf-0001nR-Cu
	for help-guix@gnu.org; Thu, 23 Mar 2017 08:32:22 -0400
In-reply-to: <CAJ3okZ2erRX_oPveaFR7RDNGCrm10BPSDQjB-iKSSPCDd2esbA@mail.gmail.com>
List-Id: <help-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/help-guix>,
	<mailto:help-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/help-guix/>
List-Post: <mailto:help-guix@gnu.org>
List-Help: <mailto:help-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/help-guix>,
	<mailto:help-guix-request@gnu.org?subject=subscribe>
Errors-To: help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org
Sender: "Help-Guix" <help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org>
To: zimoun <zimon.toutoune@gmail.com>
Cc: help-guix@gnu.org


zimoun <zimon.toutoune@gmail.com> writes:

> One of the issues is that the Guix packages tree will never include
> some softwares, even if they are open source. Because the authors
> apply weird licences or non-GNU compliant licences, or simply because
> authors are not so motivated to push. Even if I totally agree with the
> paragraph about Proprietary Softwares in your cited paper, it is just
> a fact from my humble opinion.

If you mean “open source” in the sense of “using a license that is
certified by the Open Source Initiative” then that software is probably
Free Software.  There is no such thing as GNU compliance in licenses.

We do however follow the GNU FDSG (Free System Distribution Guidelines),
which may result in some software to be excluded or modified in rare
cases.  (One example is “Shogun”, which we modify to remove included
non-free software.)

> Therefore, what should be the "standard" way to manipulate against
> history version external and decentralised packages ? and guix repo
> packages too ?
>
>
> Well, if I understand your both answers, the correct process should
> be: Alice publishes a paper containing the exact version (commit hash
> or revision number or origin hash) of both the source tree and the
> recipe tree, and their both uri location, and then, Joe "just" needs
> to check out each (manually for now or possibly by nice UI glue).

It would be sufficient to provide two things: a manifest and the Guix
version (“git -C /path/to/guix.git describe”).  If additional package
repositories are used (such as guix-bimsb for my institute), their
versions have to be recorded as well.

Joe would then check out Guix and any additional package repositories at
the specified versions and then instantiate the manifest.  Provided that
all source tarballs are still obtainable (either directly or through a
mirror) and the builds are in fact bit-reproducible Joe would end up
with the same software environment that Alice fully specified in the
paper.

--
Ricardo

GPG: BCA6 89B6 3655 3801 C3C6  2150 197A 5888 235F ACAC
https://elephly.net