| 1 |
On Tue, May 5, 2020 at 1:46 AM Michał Górny <mgorny@g.o> wrote: |
| 2 |
|
| 3 |
> On Thu, 2020-04-30 at 23:11 -0700, Alec Warner wrote: |
| 4 |
> > Consider a case where we have a piece of software and its open source. |
| 5 |
> The |
| 6 |
> > open source software has various plugins, some of which look useful and |
| 7 |
> we |
| 8 |
> > may wish to deploy them for Gentoo. However, we must consider the social |
| 9 |
> > contract, hence this discussion. |
| 10 |
> |
| 11 |
> First of all, I don't think this should be really about whether we can |
| 12 |
> bend the social contract to find X acceptable but whether the particular |
| 13 |
> case meets the rationale behind using FLOSS. |
| 14 |
> |
| 15 |
> > Can we use the plugins if: |
| 16 |
> > (1) They are closed source (e.g. upstream provides binaries only with a |
| 17 |
> > restricted non-free license.) |
| 18 |
> |
| 19 |
> No. That would mean we're fully dependent on upstream providing up-to- |
| 20 |
> date and working binaries. If upstream decides to cease providing them |
| 21 |
> or simply disappears, we're stuck with software that can become broken |
| 22 |
> at any point and we couldn't fix it. |
| 23 |
> |
| 24 |
> > (2) They are free software (e.g. FSF / OSI approved license) but they |
| 25 |
> cost |
| 26 |
> > money. |
| 27 |
> |
| 28 |
> Presuming they're really free software, i.e. unlike grsecurity upstream |
| 29 |
> does actually permit redistributing it, I suppose that's acceptable. |
| 30 |
> However, I'd find it a bit weird to pay for something if it can be |
| 31 |
> redistributed for free. |
| 32 |
> |
| 33 |
> Of course, if we're talking about making donation to upstream or funding |
| 34 |
> a bounty for software we need, that's another thing. |
| 35 |
> |
| 36 |
> > (b) A subset, its free software and it costs money but it is free for |
| 37 |
> > open source communities to use. |
| 38 |
> |
| 39 |
> Same as above. Though I can't imagine why anyone would create such |
| 40 |
> a thing as it basically means the first 'open source community' to get |
| 41 |
> it would be able to redistribute it without limitations. |
| 42 |
> |
| 43 |
> > (3) They are open source, but not free (e.g. they have some kind of open |
| 44 |
> > license but are not FSF / OSI approved.) |
| 45 |
> |
| 46 |
> If the license permits us to use, modify and redistribute it without |
| 47 |
> limitations, I don't see a problem with it. |
| 48 |
> |
| 49 |
> > (4) They are open source (and free), but we have chosen to use the built |
| 50 |
> > plugins (rather than building from source) for the sake of time and |
| 51 |
> > convenience. |
| 52 |
> > |
| 53 |
> |
| 54 |
> I think it's acceptable but not preferable. The key point here would be |
| 55 |
> that if we ever had to patch it, we'd suddenly have to jump through |
| 56 |
> a bunch of hoops. |
| 57 |
> |
| 58 |
> |
| 59 |
> Overall, I think the key point is maintainability here. Whenever we use |
| 60 |
> proprietary software, we're on upstream's mercy. On the other hand, |
| 61 |
> if we use free software, we can tailor it to our needs and maintain it |
| 62 |
> with help of our community if upstream ceases to do so. |
| 63 |
> |
| 64 |
> However, I suppose this discussion could bring better answers if you |
| 65 |
> were more specific. Otherwise, one wonders whether you have some |
| 66 |
> disagreeable idea in mind and are asking generic questions to justify it |
| 67 |
> without having people get emotional about specifics. |
| 68 |
> |
| 69 |
|
| 70 |
The point of this thread for me was to enumerate some areas of concern for |
| 71 |
me and get feedback on them. |
| 72 |
My interpretation of the social contract has always been more...let's use |
| 73 |
the term, flexible. So I appreciate this thread a lot for bringing in other |
| 74 |
views. |
| 75 |
|
| 76 |
The concrete example you are inferring is Gitlab[1][2], where the Community |
| 77 |
edition (CE) is licensed under MIT and the Enterprise Edition (EE) is |
| 78 |
licensed under the Gitlab Enterprise Edition license. Based on this thread, |
| 79 |
the EE license is clearly not OK to use, so we won't be adopting any EE |
| 80 |
features[0]. |
| 81 |
|
| 82 |
|
| 83 |
> |
| 84 |
> There's of course the part about 'needed' vs 'used without needing' |
| 85 |
> but I don't think we ought to use it without good justification |
| 86 |
> and some reasonable FLOSS alternative. |
| 87 |
> |
| 88 |
> Finally, there are edge cases like WordPress. It's apparently open |
| 89 |
> source but it's completely unusable without a proprietary anti-spam |
| 90 |
> plugin that sends your data to a third party. |
| 91 |
> |
| 92 |
|
| 93 |
It's my personal opinion (others can disagree) that wordpress is not |
| 94 |
critical to the operation of Gentoo. |
| 95 |
|
| 96 |
-A |
| 97 |
|
| 98 |
[0] Some of the EE features are 'source available' but the license is such |
| 99 |
that we cannot use those either, the EE license is pretty restrictive. |
| 100 |
[1] We currently have gitlab CE deployed in an alpha state; so we are |
| 101 |
currently evaluating which features we can enable. |
| 102 |
[2] We also have a Gentoo org on gitlab.com, but it's ~unused but has |
| 103 |
access to hosted EE features. I believe we plan on sunsetting this and |
| 104 |
replacing it with the self-hosted CE version. |
| 105 |
|
| 106 |
|
| 107 |
> -- |
| 108 |
> Best regards, |
| 109 |
> Michał Górny |
| 110 |
> |
| 111 |
> |
Archives