TPPM Liberation Project
From ParabolaWiki
A lot of programming languages have their own packages managers: npm (CSS/JavaScript), Bower (CSS/JavaScript), pip (Python), RubyGems (Ruby), CPAN (Perl), Cargo (Rust), many more. These things would qualify as "third-party repositories" under the Free System Distribution Guidelines; and most do not limit themselves to only including free software.
These tables exists to evaluate the many third-party package managers and their repositories, to itemize the proposed solutions, and to track the current state of progress for each.
1 Proposals:
Proposal | Workload[1] | Intrusiveness[2] | Disruption[3] | Effectiveness[4] | FSDG-fitness |
---|---|---|---|---|---|
keep each in its current form[5] | none | none | none | none | none |
convince TPPM repos to specify licenses[8] | negligible | none | none | dubious | dubious |
convince TPPM repos to require libre licenses[6] | negligible | none | none | total | total |
remove TPPM - do nothing else | negligible | none | total | total | total |
add a pacman hook to warn during install | negligible | none | none | none | dubious |
move TPPM to a new 'dubious/dangerous' repo | medium | none | low | partial | dubious |
disable default URL, make user-configurable[9] | medium | minimal | low | total | total |
disable the search feature | medium | minimal | medium | total | total |
filter the search feature[7] (and[8]) | medium | minimal | low | dubious | dubious |
remove TPPM, accept packaging requests[10] | maximal | none | high | total | total |
maintain libre repos as a GNU project[6] | maximal | minimal | low | total | total |
NOTES:
- [1a]: "workload: medium" proposals entail maintaining blacklist replacements for each TPPM, even if unmodified
- [1b]: "workload: maximal" proposals entail the perpetual burden of package curation
- [2]: "intrusiveness: minimal" proposals entail patching the clients
- [3]: "disruption" - may this proposal have cascading effects on the system, or impede the user's work-flow
- [4a]: "effectiveness: total" (even if non-free packages are still installable) because those proposals resolve the conflict with the FSDG - namely: they would no longer recommend/suggest/steer-toward non-free
- [4b]: "effectiveness: partial" because TPPMs would be inaccessible by default - the user would need to re-configure pacman, in order to access them
- [4c]: "effectiveness: dubious" because the mechanism would rely entirely on the honor and licensing knowledge of the third-party packager
- [4d]: "effectiveness: total" presumes that the third-party repo admins are willing and able to enforce their own policy
- [5]: "proposal: do nothing" is the current state of things in the liberally-curated FSDG distros, which this ticket aims to address
- [6]: "convince TPPM repos to require libre licenses" and "maintain libre repos as a GNU project" are obviously the ideal options; but neither is very likely to happen
- [7]: "filter the search feature" may not be possible for some of these - it is not yet know which, if any, expose licensing information via API/metadata
- [8]: "convince the TPPM repos to specify licenses" and "filter the search feature" are mutually-dependent
- [9]: IMHO, "disable default URL, make user-configurable" has the best chance of being generally acceptable to all (it is our current plan for 'octopi' and 'docker')
- [10]: ... although bill-auger would prefer "remove TPPM, accept packaging requests" for the language-specific TPPMs
2 TPPMs:
TPPM | Solution | Status | Policy[1] | Metadata[2] | Converter | Description |
---|---|---|---|---|---|---|
apm | exclude | ? | ? | ? | Atom (text editor) add-ons package manager | |
asp | exclude | done | non-free | yes | Downloader of ArchLinux build recipes (obsolete) | |
apper | exclude | ? | ? | ? | Package manager using PackageKit | |
bower | exclude | ? | ? | ? | javascript package manager | |
cabal | keep | done | libre | ? | cblrepo, arch-hs | haskell package manager |
cargo | patch | in-progress (GNU) | non-free | ? | cargo-pkgbuild | rust package manager |
cpan | exclude | ? | non-free | ? | fpm | PERL package manager |
debootstrap | disable default URL | partial | ? | ? | Downloader of OS images | |
discover | remove | done | ? | ? | Package manager for arbitrary software | |
docker | disable default URL | partial | ? | ? | Downloader of OS images | |
dub | exclude | ? | ? | ? | D package manager | |
flatpak | patch | ? | maybe, if patched | maybe | Package manager for arbitrary software | |
fusesoc | exclude | ? | ? | ? | Package manager for FPGA/ASIC development | |
gnome-software | remove | done | ? | ? | Package manager for arbitrary software | |
guix | patch | ? | libre | ? | Package manager for arbitrary software | |
helm | exclude | ? | ? | ? | The Kubernetes Package Manager | |
lxc/lxd | exclude | ? | non-free | ? | Downloader of OS images | |
nimble | exclude | ? | ? | ? | nim package manager | |
npm | exclude | ? | ? | ? | nodejs-npm2arch | javascript package manager |
nuget | exclude | ? | ? | ? | dotnet package manager | |
ocaml-findlib | exclude | ? | ? | ? | OCaml package manager | |
opam | exclude | ? | ? | ? | OCaml package manager | |
pecl | exclude | ? | non-free | ? | PHP package manager | |
pkgctl | remove | TODO: pacman | non-free | yes | PHP package manager | |
pip | remove | done | ? | ? | pipman-git, pip2arch-git, python-pypi2pkgbuild | python package manager |
rpm-tools | remove | ? | ? | ? | RPM Package Manager | |
rubygems | disable default URL | done | ? | ? | gem2arch, pacgem | ruby package manager |
shards | remove | ? | ? | ? | Crystal package manager | |
sn0int | remove | ? | ? | ? | Semi-automatic OSINT framework and package manager | |
yarn | remove | ? | ? | ? | javascript package manager |
NOTES:
- [1a]: "policy: libre" indicates that the repo has a libre-only licensing policy
- [1b]: "policy: non-free" indicates that the repo has non-free or no licensing policy
- [2]: "metadata" is whether or not the repo exposes licensing metadata to the clients - that is most pertinent to the "#7: filter the search feature" option in the proposed options table above
- 'remove' is the default solution (100% simple, 100% effective) - o/c any of these could be reconsidered at any time
- this list does not include updaters such as fwupd, "in-app" downloaders such as kodi, emacs, and many games, though these are all relevant to this general concern
- this list also does not include TPPMs which parabola never distributed (eg: appimage, snap) - we may want to add some of those, if other distros take interest in the effort
This article is published under the CC0 1.0 Universal license.
Everyone is free to modify it, share it, and/or publish it elsewhere, with or without attribution.