From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms13.migadu.com with LMTPS id QGesC2dHcWZpcwAA62LTzQ:P1 (envelope-from ) for ; Tue, 18 Jun 2024 08:37:59 +0000 Received: from aspmx1.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1.migadu.com with LMTPS id QGesC2dHcWZpcwAA62LTzQ (envelope-from ) for ; Tue, 18 Jun 2024 10:37:59 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=none ("invalid DKIM record") header.d=msavoritias.me header.s=20210930 header.b=vSkodH2X; dmarc=fail reason="SPF not aligned (relaxed)" header.from=msavoritias.me (policy=none); spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" ARC-Seal: i=1; s=key1; d=yhetil.org; t=1718699879; a=rsa-sha256; cv=none; b=pIxKN8f/ua+cYRXKKdEVEmehD0viGu/98GiudIZQdGyZH29elXJvjo9OrPXcblLiQhwX27 J6oQX3yYmjBxAwWIKgOr8R1YRVOYeKjoEgweyATq0IHDvR9QFgwLuaBJ14zdMfCd+H/d2z bqWfdYl2DcWXpFoFzG4MnxtItLQ0b6NTyxv8Q72xPIQ0CREz8hH+vtMpO9iWoyCyK3e9Zq uJvmTUAGz8ZuxkHMfSbiQDdx9HmrUFna+lsWbDLfsageMX61ul4H2h6sYcQyrzNVy9Z0MX kMQ3lGWwQTci3O1cs6MGXmVj6w0QzBjWzC0ublZ4ryDpyMqF22p8gRALJdzy3g== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none ("invalid DKIM record") header.d=msavoritias.me header.s=20210930 header.b=vSkodH2X; dmarc=fail reason="SPF not aligned (relaxed)" header.from=msavoritias.me (policy=none); spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1718699879; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=so0Y5IcW/sMM7J66TDcOndHcgUPqolsvq6Zl0zkcRdU=; b=gxbiZVVU0qlffI+x1Y1LZpQV2wRvN8SzeMzA7dmiKctzPDpMb1Ly1JxDGeVzvJiF0oeeft tuf98NuLcd9dE+8sf/IDDGlmd6vTsZz6YOKMT0salHgAcA8TG8mYoho4JgZaBQWh4MV4M7 GDOXw1XuSTmqmOkU2HiGHrPMuRH78xwpW3AQFvGhEtY115B/C70DjvcEXgHi2a4Kyx2lu8 ZHh+Rvz1J88XgNOu4RRqowe8aXMs7F3i6ixMHkPZCF9vRCOQt9NwJSsGpxnpntyhX/grdi WgaKsHEZMY2z4JpuGhSSFd29VlMwj7YmgNJ0q9y4ivWLh9oenYK4lcJCb4JKoA== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id DD4DC6F52B for ; Tue, 18 Jun 2024 10:37:58 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sJULQ-0003dP-AR; Tue, 18 Jun 2024 04:37:36 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sJULO-0003d6-TX for guix-devel@gnu.org; Tue, 18 Jun 2024 04:37:34 -0400 Received: from mail.webarch.email ([81.95.52.48]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sJULM-0002gS-Qh for guix-devel@gnu.org; Tue, 18 Jun 2024 04:37:34 -0400 Received: from [127.0.0.1] (localhost [127.0.0.1]) by localhost (Mailerdaemon) with ESMTPSA id A91791A887C5 for ; Tue, 18 Jun 2024 09:37:23 +0100 (BST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=msavoritias.me; s=20210930; t=1718699845; h=from:subject:date:message-id:to:mime-version:content-type: content-transfer-encoding; bh=so0Y5IcW/sMM7J66TDcOndHcgUPqolsvq6Zl0zkcRdU=; b=vSkodH2XSzvmA3hd50ZVBrgDsYLAemE6kJX6A7agn0m4h+JvJVwUpsK2pi7zA8noGgDZX/ HbwQa2AFJUL0fyqR4qCsnC00UeW7TJq1VASE/mxkvTKSfzrm8O2vYoxHDfHCyA4wb8TZiw d9rI2LAa9b8B2PdovLUqgMcLTV5nwxHrDwExyLDwZlP2Jl4ZLV5X6FaoRgYMMm12nVrmdS A7COAg8kWSZxfScB+XccYdGH7+mh0CHECO1Hy/vRRT0A3Xzk5WW99kZRSy+AF7k7BiTbPv fxm+koSOGQleQdFCdNxDaqTWugYD7osC0JhdoOLONe+QmnBoydGoSvu2/CgRZA== Date: Tue, 18 Jun 2024 11:37:17 +0300 From: MSavoritias To: guix-devel@gnu.org Subject: Next Steps For the Software Heritage Problem Message-ID: <20240618113717.4a6bad2b@fannys.me> X-Mailer: Claws Mail 4.1.1 (GTK 3.24.41; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Last-TLS-Session-Version: TLSv1.3 Received-SPF: pass client-ip=81.95.52.48; envelope-from=email@msavoritias.me; helo=mail.webarch.email X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: guix-devel-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: -6.26 X-Migadu-Scanner: mx12.migadu.com X-Spam-Score: -6.26 X-Migadu-Queue-Id: DD4DC6F52B X-TUID: 1qGTavAH8uEU Hello, Context: As you may already know there have discussions around Software Heritage and the LLM model they are collaborating with for a bit now. The model itself was announced at https://www.softwareheritage.org/2023/10/19/swh-statement-on-llm-for-code/ As I have started writing some packages I became interested in how I might actually stop my code from ever reaching Software Heritage or at the very least said LLM model. Every single package in guix is added there automatically. I sent an email on Friday and I got an answer back that such consent mechanism hasn't been implemented and I was shown the legal terms. instead what I am supposed to do is: After guix has my code, my code will be automatically in Software Heritage and the LLM model. So I am supposed to opt out seperately with both of them to ensure that my code wont be used for future versions. This of course means that my code will stay forever in Software Heritage and the LLM model (or some version of it at least). The reasoning that was given was that code harvesting happens anyway and we give an opt-out. I am guessing its opt-out and not opt-in because they would have less code but this is speculation of course :) This is against our desire to make it a welcoming space and also against the spirit of our CoC. Specifically because authors do not know this happens when they submit packages to Guix. So it is all done without consent. Next Steps: So what can we do as a Guix community from here? Communication/Writing wise: 1. Add a clear disclaimer/requirment that any new package that is added in Guix, the person has to give consent or get consent from the person that the package is written in. This needs to be added in the docs and in the email procedures. 2. Make a blog post of our stance towards Software Heritage and the code harvesting they are doing. This post will write in environmental and ethical grounds why Guix is against this and mention specifically Software Heritage. This is done to separate and mention that we do not like what is happening in case anyone comes asking, and hopefully give public pressure to Software Heritage. 3. Exclude all Software Heritage merch, stands, talks, people in official capacity, logos, or anything else that participates in social events of guix and write it in some rules we have. also write in channel rules that Software Heritage is offtopic same way Non-Free Software is offtopic. 4. There doesn't seem to be any movement on the side of Guix towards: - Accountability in an official capacity of SH for the terrible handling of the trans name incident and a plan to make it easier in the future. - The LLM problem that was mentioned in this email. So with that said I urge anybody who has been in contact with them in an official Guix capacity to come forward, otherwise I can volunteer to be that. Idk if we have a community outreach thing I need to be in also for that. (we should if not) The above make two assumptions: 1. That the Guix community is against LLM/"AI". Which for environmental and ethical grounds we should be. 2. That we are a consent culture. Coding Wise this has been talked about before some potential options are: - Communicate with Software Heritage to be able to give a "sign" that the code that is sent should go or not in the code harvesting project. - Remove all Software Heritage integration since its too hard to be ethical about it and built a better solution. Conclusion: To summarize from the steps I wrote above, it seems Software Heritage makes it harder and harder for us to actually be an inclusive, welcoming space we want to be. Idk what that leaves us, as I said I am not part of any "insider" discussions. But it seems to not move that much and its time to start doing actionable things in another direction. MSavoritias