Free Software Directory:Free software evaluation

From Free Software Directory
 
Jump to: navigation, search

Evaluates if suspected software is nonfree so we can remove them from the Directory or avoid to add them.

Team Captain: David Hedlund

Participants:

Unapproved software

Entries here should be Protected with the following settings: [Edit=Allow only administrators] (indefinite) [Move=Allow only administrators] (indefinite)

Nonfree

Non-Free Network Services

Promotes or depends entirely on a non-libre network service.

1 listed:

 Name
LanguageToolLanguageTool

Trademark

"Trademarks and FOSS are not incompatible" - https://static.fsf.org/nosvn/licensing/2020/FOSSmarksv2.pdf

6 listed:

 Name
Bugzilla
IceCat/Lightbeam
Iceape
Pale Moon
Scratch
SeaMonkey

Free variants that tries to keep synchronization with upstream development:

Anti-features that are incompatible with the GNU FSDG

NonFreeDep

Definition: the application depends on a non-free application (e.g. Google Maps) - i.e. it requires it to be installed on the device, but does not include it.

Some free programs sometimes (willingly or accidentally) end up having nonfree dependencies, which makes them not usable for people wanting to only run free software.

For instance, when forking a GNU/Linux distribution to make one that follows the Free System Distribution Guidelines (FSDG) you have to patch many of the packages. And there are even lists of software that need patching to help people doing that. Having something that scales more in term of number of software and that can re-generate a similar list would be a good idea.

If the developers of the free program ended up depending on nonfree dependencies accidentally, FSDG compliant distributions probably need to patch or remove that program. If that program is not packaged (yet) people might also want to do that patching themselves.

So in that case, it might be a good idea anyway to store that information in the free software directory to help people and distributions, and when applicable provide information on how to deal with the problem (replace with a fork, don't ship/use that program, build without foo nonfree depdency, etc).

If the project ended up depending on nonfree software accidentally, it might be very interesting to list that too, along with some text that explain what needs to be done to help that project fix it, so that after some time the distributions and users would end up not needing that nonfree depdenciy anymore with the new versions of that software.

NonFreeAdd

Definition: the application promotes non-free add-ons, such that the app is effectively an advert for other non-free software.

NonFreeAssets

Definition: the application contains and makes use of non-free assets. The most common case is apps using artwork - images, sounds, music, etc - under a non-commercial license.

Tracking

Definition: the application tracks and reports your activity to somewhere without your consent. It’s commonly used for when developers obtain crash logs without the user’s consent, or when an app is useless without some kind of authentication

Software evaluation

See also: Project Team Free software evaluation

4 listed:

 License
Brave Browser
Chromium
Iridium Browser
Signal

Discussed

Chromium-based browsers and software

See also [1].

Electron[2]

Qt WebEngine[1][2]

  1. https://lists.gnu.org/archive/html/directory-discuss/2017-12/msg00008.html
  2. https://lists.gnu.org/archive/html/libreplanet-discuss/2017-01/msg00001.html
Telegram (desktop client)
  • NonFreeNet, UpstreamNonFree - https://f-droid.org/en/packages/org.telegram.messenger/
  • Has delayed availability of source files compared to the binary release. See the numbered items below for more information.
    • Investigate if, after a binary release, the software has a license notice available somewhere and a place telling how to contact the copyright holders for the complete corresponding source.
  • Free/libre software philosophy related issue: lacks federation with XMPP. See the whole parent thread of the references from the enumerated list below, and also the page on XMPP in LibrePlanet wiki.
  1. https://lists.fsfe.org/mailman/private/android/2017-December/001049.html (requires subscription)
  2. https://lists.fsfe.org/mailman/private/android/2017-December/001075.html (requires subscription)
Investigate if these can be built and run entirely in free/libre system distributions
  • Rufus: claims to build and run only on Windows.
EME

Tor Browser - https://trac.torproject.org/projects/tor/ticket/16285

Nonfree JS

Every JavaScript file in every software for each new version release should be evaluated with command line tool that has the same capabilities as LibreJS. Unfortunate there's no such tool yet.

Proprietary tethers

"Tethering a product or program means designing it to work only by communicating with a specific server." - https://www.gnu.org/proprietary/proprietary-tethers.en.html

Currently the integration server is not configurable in this client.

  • Riot.im
IRC clients
Software Evaluation link Issue
Native browser IRC client irc://web.libera.chat/#fsf IceCat: Free web-based IRC client replacement for Mibbit needed
Gamja https://web.libera.chat/gamja/ ?
Kiwi IRC https://web.libera.chat/#fsf, https://kiwiirc.com/nextclient/#irc://web.libera.chat/#fsf LibreJS feature request
The Lounge https://demo.thelounge.chat/ LibreJS feature request
qwebirc http://webchat.quakenet.org/?channels=fsf LibreJS feature request

We're using irc:// in Template:Print_entry (used on the entry pages like IceCat) and Template:IRC_text (used on the Main Page).

Parabola blacklisted software

Parabola reuses many Arch Linux packages as-is. The ones that are not FSDG compliant are documented in a blacklist that is then used to automatically block their installation and to not redistribute them.

The file syntax is documented in the SYNTAX file.

This is very interesting because with that we have an easy way to understand why a package is problematic (or blacklisted for other reasons).

As explained in this SYNTAX file, not all the software listed in this blacklist is problematic. For instance in the list of reasons to blacklist a package we have:

[branding]······This package has branding needs adjusted; it refers to
                "Arch" instead of "Parabola", or "Linux" instead of
                "GNU/Linux", etc.

For instance, GRUB is a GNU project, and the GRUB package was probably blacklisted because it was branded for the Arch Linux GNU/Linux distribution, and since Parabola isn't Arch Linux, it needs to fix that:

grub:grub:::[branding][FIXME:description]

Other packages is nonfree because of the way it is shipped:

sof-firmware::::[technical] Arch version was not built from source. Some (probably not all) firmwares are signed by the hardware manufacturers.

Here the sof-firmware source code is free software, but the packages uses signed firmware binaries instead of building the source code, so it is considered nonfree because in practice the software can't be modified by end users and/or the distribution. Once built from source, it probably works fine on sound cards of older Intel computers, but not on more recent ones, and non-intel firmwares probably works fine too. Though somebody needs to to the work to provide a package replacement for the blacklisted nonfree package.

Other software is fine but Parabola requires building from source code:

java-commons-io:java-commons-io:::[technical] Arch version was not built from source

so Parabola builds it from source instead.

Other packages depends on known nonfree software, so they are clearly not OK:

python-pycuda::::[uses-nonfree] depends on nonfree cuda

And some is also clearly nonfree:

cuda::parabola:1375:[nonfree] proprietary EULA places limits on all four freedoms

So while that list is extremely useful, we should not use it without looking at the short-description field because otherwise we would deduce that GRUB is not fit for the Free Software Directory which is not true, instead it's the grub package that comes from Arch Linux that is not fit for Parabola (because of branding issues).

And there are also corner cases (like sof firmwares) that probably need some discussion if someone wants them in the directory.

TODO: Somebody should ask the developers to remove proprietary code/fonts, etc, from the software listed below.

Blacklisted Parabola software that is approved in the Directory

Note: This list is meant to list programs that are considered to be non-free as published by their respective upstreams; but many of them have known liberation procedures and are available in Parabola and other FSDG distros in modified form.

It was generated (probably automatically) from the Parabola blacklist and each entry needs manual review.

If it was blacklisted only for packaging reasons and/or reasons specific to Parabola, then we can remove the package from the list. If not we need to keep it in this list.

Review DONE (problematic upstream):

  • Abiword : "Hard-codes nonfree fonts, and has non-privacy search engines e.g. Google" according to the blacklist.

Collections

Replicant

"Note that we have currently two FSDG compliant Mobile operating systems: Replicant and PureOS. Though I'm unsure how if PureOS has ways for users to contribute code there as I didn't try to do it, so that could be a reason why it's not listed. For PureOS it also might make way more sense to contribute patches in upstream projects directly if the goal is to make applications mobile phone friendly. Though adding support for phones like the Pinephone in PureOS might also be a good idea.

We can also probably install Parabola and GuixSD on some smartphones, but it probably requires in both cases to package some bootloaders or kernels and write installation instructions somewhere, and I guess that we'd also need to try to see how usable they are once this is done." - GNUtoo

About

This project page is for heightened scrutiny, packages that need a second pass essentially.

Software should be considered non-free until proven otherwise - the burdon of proof should be on the developers to prove their code is 100% freely distributable.

Script

[See https://git.parabola.nu/blacklist.git/tree/?h=development for more scripts]

#!/bin/bash

readonly WIKI_BASE_URL=https://directory.fsf.org/wiki
readonly BLACKLIST_URL=https://git.parabola.nu/blacklist.git/plain
readonly BLACKLIST_FILE=blacklist.txt


wget $BLACKLIST_URL/$BLACKLIST_FILE
[ ! -f ./$BLACKLIST_FILE ] && echo "download failed" && exit 1


readonly PACKAGES=$(grep '^\s*[^:#]*:.*' ./$BLACKLIST_FILE                           | \
                    sed 's/^\s*\([^:#]*\):.*/\1/ ; s/^./\U&/g ; s/-./\U&/g ; s/-/_/g')

for package in $PACKAGES
do status=$(curl -s -o /dev/null -w "%{http_code}" $WIKI_BASE_URL/$package)
   if   [ "$status" == '200' ]
   then echo "$package entry exists"
   elif [ "$status" == '404' -o "$status" == '301' ]
   then echo "$package entry not found"
   else echo "$package unknown response"
   fi
done

License verification

All pages in license pages should have the correct version of the GPL. "The ones I looked at were pretty old, so I'm guessing they're mostly gplv2, but we should get it fixed." (Donald) "It's either the project which inserted the name without version, or the person who added the entry which did it that way." (Adfeno)

See also



Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the page “GNU Free Documentation License”.

The copyright and license notices on this page only apply to the text on this page. Any software or copyright-licenses or other similar notices described in this text has its own copyright notice and license, which can usually be found in the distribution or license text itself.