Free Software Directory:Free software evaluation
Evaluates if suspected software is nonfree so we can remove them from the Directory or avoid to add them.
Team Captain: David Hedlund
Participants:
Contents
- 1 Unapproved software
- 2 Software evaluation
- 2.1 Discussed
- 2.1.1 Mozilla-based browsers and software
- 2.1.2 Chromium-based browsers and software
- 2.1.3 Telegram (desktop client)
- 2.1.4 Investigate if these can be built and run entirely in free/libre system distributions
- 2.1.5 EME
- 2.1.6 Nonfree JS
- 2.1.7 Proprietary tethers
- 2.1.8 IRC clients
- 2.1.9 Parabola blacklisted software
- 2.2 Collections
- 2.1 Discussed
- 3 About
- 4 Script
- 5 License verification
- 6 See also
Unapproved software
Entries here should be Protected with the following settings: [Edit=Allow only administrators] (indefinite) [Move=Allow only administrators] (indefinite)
Nonfree
Non-Free Network Services
Promotes or depends entirely on a non-libre network service.
1 listed:
Name | |
---|---|
LanguageTool | LanguageTool |
Trademark
- https://www.mozilla.org/en-US/foundation/trademarks/list/
- Scratch: http://download.scratch.mit.edu/scratch-1.4.0.6.src.tar.gz: /TRADEMARK_POLICY
"Trademarks and FOSS are not incompatible" - https://static.fsf.org/nosvn/licensing/2020/FOSSmarksv2.pdf
6 listed:
Name | |
---|---|
Bugzilla | |
IceCat/Lightbeam | |
Iceape | |
Pale Moon | |
Scratch | |
SeaMonkey |
Free variants that tries to keep synchronization with upstream development:
- Free forks: Talk:Rust
Anti-features that are incompatible with the GNU FSDG
NonFreeDep
Definition: the application depends on a non-free application (e.g. Google Maps) - i.e. it requires it to be installed on the device, but does not include it.
Some free programs sometimes (willingly or accidentally) end up having nonfree dependencies, which makes them not usable for people wanting to only run free software.
For instance, when forking a GNU/Linux distribution to make one that follows the Free System Distribution Guidelines (FSDG) you have to patch many of the packages. And there are even lists of software that need patching to help people doing that. Having something that scales more in term of number of software and that can re-generate a similar list would be a good idea.
If the developers of the free program ended up depending on nonfree dependencies accidentally, FSDG compliant distributions probably need to patch or remove that program. If that program is not packaged (yet) people might also want to do that patching themselves.
So in that case, it might be a good idea anyway to store that information in the free software directory to help people and distributions, and when applicable provide information on how to deal with the problem (replace with a fork, don't ship/use that program, build without foo nonfree depdency, etc).
If the project ended up depending on nonfree software accidentally, it might be very interesting to list that too, along with some text that explain what needs to be done to help that project fix it, so that after some time the distributions and users would end up not needing that nonfree depdenciy anymore with the new versions of that software.
NonFreeAdd
Definition: the application promotes non-free add-ons, such that the app is effectively an advert for other non-free software.
NonFreeAssets
Definition: the application contains and makes use of non-free assets. The most common case is apps using artwork - images, sounds, music, etc - under a non-commercial license.
Tracking
Definition: the application tracks and reports your activity to somewhere without your consent. It’s commonly used for when developers obtain crash logs without the user’s consent, or when an app is useless without some kind of authentication
Software evaluation
See also: Project Team Free software evaluation
4 listed:
License | |
---|---|
Brave Browser | |
Chromium | |
Iridium Browser | |
Signal |
Discussed
Mozilla-based browsers and software
Chromium-based browsers and software
See also [1].
- Brave Browser
- Chromium itself. See Talk:Chromium page for instructions on how to contribute to ongoing evaluation.
- Iridium Browser (based on the Chromium code base)
- Ungoogled-Chromium
Electron[2]
- The Electron web framework itself
- Atom
- balenaEtcher
- Element (review: Review:Element-REV-ID-1)
- Jami
- Visual Studio Code - Note: Visual Studio Code binaries are not free software, but the source is licensed under the Expat license.
- VSCodium - Note: Visual Studio Code without tracking and proprietary builds.
- Wire
- FreeTube
- Rocket.Chat
Qt WebEngine[1][2]
- The Qt WebEngine library itself
- Falkon
- KDevelop
- Konqueror
- Nextcloud (specifically nextcloud-client)
- Qtcreator
- Quassel
- QupZilla
- QuteBrowser
- SuperCollider
- Many others ....
- https://lists.gnu.org/archive/html/directory-discuss/2017-12/msg00008.html
- https://lists.gnu.org/archive/html/libreplanet-discuss/2017-01/msg00001.html
Telegram (desktop client)
- NonFreeNet, UpstreamNonFree - https://f-droid.org/en/packages/org.telegram.messenger/
- Has delayed availability of source files compared to the binary release. See the numbered items below for more information.
- Investigate if, after a binary release, the software has a license notice available somewhere and a place telling how to contact the copyright holders for the complete corresponding source.
- Free/libre software philosophy related issue: lacks federation with XMPP. See the whole parent thread of the references from the enumerated list below, and also the page on XMPP in LibrePlanet wiki.
- https://lists.fsfe.org/mailman/private/android/2017-December/001049.html (requires subscription)
- https://lists.fsfe.org/mailman/private/android/2017-December/001075.html (requires subscription)
Investigate if these can be built and run entirely in free/libre system distributions
- Rufus: claims to build and run only on Windows.
EME
Tor Browser - https://trac.torproject.org/projects/tor/ticket/16285
Nonfree JS
Every JavaScript file in every software for each new version release should be evaluated with command line tool that has the same capabilities as LibreJS. Unfortunate there's no such tool yet.
Proprietary tethers
"Tethering a product or program means designing it to work only by communicating with a specific server." - https://www.gnu.org/proprietary/proprietary-tethers.en.html
Currently the integration server is not configurable in this client.
- Riot.im
IRC clients
We're using irc:// in Template:Print_entry (used on the entry pages like IceCat) and Template:IRC_text (used on the Main Page).
Parabola blacklisted software
Parabola reuses many Arch Linux packages as-is. The ones that are not FSDG compliant are documented in a blacklist that is then used to automatically block their installation and to not redistribute them.
The file syntax is documented in the SYNTAX file.
This is very interesting because with that we have an easy way to understand why a package is problematic (or blacklisted for other reasons).
As explained in this SYNTAX file, not all the software listed in this blacklist is problematic. For instance in the list of reasons to blacklist a package we have:
[branding]······This package has branding needs adjusted; it refers to "Arch" instead of "Parabola", or "Linux" instead of "GNU/Linux", etc.
For instance, GRUB is a GNU project, and the GRUB package was probably blacklisted because it was branded for the Arch Linux GNU/Linux distribution, and since Parabola isn't Arch Linux, it needs to fix that:
grub:grub:::[branding][FIXME:description]
Other packages is nonfree because of the way it is shipped:
sof-firmware::::[technical] Arch version was not built from source. Some (probably not all) firmwares are signed by the hardware manufacturers.
Here the sof-firmware source code is free software, but the packages uses signed firmware binaries instead of building the source code, so it is considered nonfree because in practice the software can't be modified by end users and/or the distribution. Once built from source, it probably works fine on sound cards of older Intel computers, but not on more recent ones, and non-intel firmwares probably works fine too. Though somebody needs to to the work to provide a package replacement for the blacklisted nonfree package.
Other software is fine but Parabola requires building from source code:
java-commons-io:java-commons-io:::[technical] Arch version was not built from source
so Parabola builds it from source instead.
Other packages depends on known nonfree software, so they are clearly not OK:
python-pycuda::::[uses-nonfree] depends on nonfree cuda
And some is also clearly nonfree:
cuda::parabola:1375:[nonfree] proprietary EULA places limits on all four freedoms
So while that list is extremely useful, we should not use it without looking at the short-description field because otherwise we would deduce that GRUB is not fit for the Free Software Directory which is not true, instead it's the grub package that comes from Arch Linux that is not fit for Parabola (because of branding issues).
And there are also corner cases (like sof firmwares) that probably need some discussion if someone wants them in the directory.
TODO: Somebody should ask the developers to remove proprietary code/fonts, etc, from the software listed below.
Blacklisted Parabola software that is approved in the Directory
Note: This list is meant to list programs that are considered to be non-free as published by their respective upstreams; but many of them have known liberation procedures and are available in Parabola and other FSDG distros in modified form.
It was generated (probably automatically) from the Parabola blacklist and each entry needs manual review.
If it was blacklisted only for packaging reasons and/or reasons specific to Parabola, then we can remove the package from the list. If not we need to keep it in this list.
- Abs
- Abuse
- Ark
- Atom
- Atool
- Bbswitch
- Bfgminer
- Blackbox
- Blender
- Bogofilter
- Boinc
- Bugzilla
- Bumblebee
- Calibre
- Capi4hylafax
- Cdrtools
- Cgminer
- Clementine
- Clojure
- Clonezilla
- Closure_Compiler
- Cowsay
- Drbl
- Ecasound
- Engrampa
- Epiphany
- Gfxboot
- Gnormalize
- Hydrogen
- Jmol
- Kopete
- Kile
- Kodi
- Konqueror
- Krusader
- Libxfce4ui
- Mapnik
- Maven
- Mc
- Mesa
- Midori
- Minitube
- Mp32ogg
- Netpbm
- Povray
- Psutils
- Pyrit
- Qtcreator
- Qupzilla
- Ruby
- Shntool
- Shutter
- Systemd
- Vim
- Wings3d
- Xarchiver
- Xscreensaver
- Parley
- Bladerf
Review DONE (problematic upstream):
- Abiword : "Hard-codes nonfree fonts, and has non-privacy search engines e.g. Google" according to the blacklist.
Collections
Replicant
"Note that we have currently two FSDG compliant Mobile operating systems: Replicant and PureOS. Though I'm unsure how if PureOS has ways for users to contribute code there as I didn't try to do it, so that could be a reason why it's not listed. For PureOS it also might make way more sense to contribute patches in upstream projects directly if the goal is to make applications mobile phone friendly. Though adding support for phones like the Pinephone in PureOS might also be a good idea.
We can also probably install Parabola and GuixSD on some smartphones, but it probably requires in both cases to package some bootloaders or kernels and write installation instructions somewhere, and I guess that we'd also need to try to see how usable they are once this is done." - GNUtoo
About
This project page is for heightened scrutiny, packages that need a second pass essentially.
Software should be considered non-free until proven otherwise - the burdon of proof should be on the developers to prove their code is 100% freely distributable.
Script
[See https://git.parabola.nu/blacklist.git/tree/?h=development for more scripts]
#!/bin/bash readonly WIKI_BASE_URL=https://directory.fsf.org/wiki readonly BLACKLIST_URL=https://git.parabola.nu/blacklist.git/plain readonly BLACKLIST_FILE=blacklist.txt wget $BLACKLIST_URL/$BLACKLIST_FILE [ ! -f ./$BLACKLIST_FILE ] && echo "download failed" && exit 1 readonly PACKAGES=$(grep '^\s*[^:#]*:.*' ./$BLACKLIST_FILE | \ sed 's/^\s*\([^:#]*\):.*/\1/ ; s/^./\U&/g ; s/-./\U&/g ; s/-/_/g') for package in $PACKAGES do status=$(curl -s -o /dev/null -w "%{http_code}" $WIKI_BASE_URL/$package) if [ "$status" == '200' ] then echo "$package entry exists" elif [ "$status" == '404' -o "$status" == '301' ] then echo "$package entry not found" else echo "$package unknown response" fi done
License verification
All pages in license pages should have the correct version of the GPL. "The ones I looked at were pretty old, so I'm guessing they're mostly gplv2, but we should get it fixed." (Donald) "It's either the project which inserted the name without version, or the person who added the entry which did it that way." (Adfeno)
See also
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the page “GNU Free Documentation License”.
The copyright and license notices on this page only apply to the text on this page. Any software or copyright-licenses or other similar notices described in this text has its own copyright notice and license, which can usually be found in the distribution or license text itself.