Difference between revisions of "Free Software Directory:Free software evaluation"

From Free Software Directory
Jump to: navigation, search
(Parabola blacklisted software)
(See also: * Notifications)
(93 intermediate revisions by 6 users not shown)
Line 1: Line 1:
This page is used to evaluate if suspected software is nonfree so we can remove them from the Directory or avoid to add them.
+
<onlyinclude>Evaluates if suspected software is nonfree so we can remove them from the Directory or avoid to add them.</onlyinclude>
  
Software should be considered non-free until proven otherwise - the burdon of proof should be on the developers to prove their code is 100% freely distributable.
+
'''Team Captain:''' [[User:David_Hedlund|David Hedlund]]
 +
 
 +
'''Participants:'''
 +
* [[User:Bill-auger|Bill-auger]]
 +
 
 +
==Unapproved software==
 +
Entries here should be Protected with the following settings: [Edit=Allow only administrators] (indefinite) [Move=Allow only administrators] (indefinite)
 +
 
 +
===Nonfree===
 +
* [[Komodo]]
 +
 
 +
===Non-Free Network Services===
 +
Promotes or depends entirely on a non-libre network service.
 +
 
 +
{{#ask:[[Antifeature::Non-Free Network Services]]| format=count}} listed:
 +
{{#ask:[[Antifeature::Non-Free Network Services]]| |?Name }}
 +
 
 +
===Trademark===
 +
* https://www.mozilla.org/en-US/foundation/trademarks/list/
 +
* [[Scratch]]: http://download.scratch.mit.edu/scratch-1.4.0.6.src.tar.gz: /TRADEMARK_POLICY
 +
 
 +
"Trademarks and FOSS are not incompatible" - https://static.fsf.org/nosvn/licensing/2020/FOSSmarksv2.pdf
 +
 
 +
{{#ask:[[Antifeature::Trademark]]| format=count}} listed:
 +
{{#ask:[[Antifeature::Trademark]]| |?Name}}
 +
 
 +
Free variants that tries to keep synchronization with upstream development:
 +
* Free forks: [[Talk:Rust]]
 +
 
 +
=== Anti-features that are incompatible with the GNU FSDG ===
 +
<!-- List taken from https://redmine.replicant.us/projects/replicant/wiki/FDroid -->
 +
 
 +
==== NonFreeDep ====
 +
Definition: the application depends on a non-free application (e.g. Google Maps) - i.e. it requires it to be installed on the device, but does not include it.
 +
 
 +
Some free programs sometimes (willingly or accidentally) end up having nonfree dependencies, which makes them not usable for people wanting to only run free software.
 +
 
 +
For instance, when forking a GNU/Linux distribution to make one that follows the [https://www.gnu.org/distros/free-system-distribution-guidelines.html Free System Distribution Guidelines (FSDG)] you have to patch many of the packages. And there are even [https://libreplanet.org/wiki/List_of_software_that_does_not_respect_the_Free_System_Distribution_Guidelines lists of software that need patching] to help people doing that. Having something that scales more in term of number of software and that can re-generate a similar list would be a good idea.
 +
 
 +
If the developers of the free program ended up depending on nonfree dependencies accidentally, FSDG compliant distributions probably need to patch or remove that program. If that program is not packaged (yet) people might also want to do that patching themselves.
 +
 
 +
So in that case, it might be a good idea anyway to store that information in the free software directory to help people and distributions, and when applicable provide information on how to deal with the problem (replace with a fork, don't ship/use that program, build without foo nonfree depdency, etc).
 +
 
 +
If the project ended up depending on nonfree software accidentally, it might be very interesting to list that too, along with some text that explain what needs to be done to help that project fix it, so that after some time the distributions and users would end up not needing that nonfree depdenciy anymore with the new versions of that software.
 +
 
 +
==== NonFreeAdd ====
 +
Definition: the application promotes non-free add-ons, such that the app is effectively an advert for other non-free software.
 +
 
 +
==== NonFreeAssets ====
 +
Definition: the application contains and makes use of non-free assets. The most common case is apps using artwork - images, sounds, music, etc - under a non-commercial license.
 +
 
 +
==== Tracking ====
 +
Definition: the application tracks and reports your activity to somewhere without your consent. It’s commonly used for when developers obtain crash logs without the user’s consent, or when an app is useless without some kind of authentication
 +
 
 +
==Software evaluation==
 +
See also: Project Team [[Free_Software_Directory:Free_software_evaluation|Free software evaluation]]
 +
 
 +
{{#ask:[[Antifeature::Evaluation]]| format=count}} listed:
 +
{{#ask:[[Antifeature::Evaluation]]| |?License}}
 +
 
 +
===Discussed===
 +
 
 +
=====Chromium-based browsers and software=====
 +
 
 +
See also [1].
  
Chromium-based browsers[1]
+
* [[Brave Browser]]
 
* [[Chromium]] itself. See [[Talk:Chromium]] page for instructions on how to contribute to ongoing evaluation.
 
* [[Chromium]] itself. See [[Talk:Chromium]] page for instructions on how to contribute to ongoing evaluation.
 
* [[Iridium Browser]] (based on the Chromium code base)
 
* [[Iridium Browser]] (based on the Chromium code base)
 
* [[Ungoogled-Chromium]]
 
* [[Ungoogled-Chromium]]
  
Discourse:
+
Electron[2]
* [[Discourse]] itself. The current page revision is old and the evaluation needs to take into account the JavaScript trap and LibreJS compatibility. Ssee [[Talk:Discourse]] page for instructions on how to contribute to ongoing evaluation.
 
 
 
Electron[1]
 
 
* The [[Electron]] web framework itself
 
* The [[Electron]] web framework itself
 
* [[Atom]]
 
* [[Atom]]
* [[Riot.im]]
+
* [[Element]] (review: [[Review:Element-REV-ID-1]])
* [[Visual Studio Code]]
+
* [[Etcher]]
 +
* [[Jami]]
 +
* [[Visual Studio Code]] - Note: Visual Studio Code binaries are [https://directory.fsf.org/wiki/Talk:Visual_Studio_Code not free software], but the source is licensed under the Expat license.
 +
** [[VSCodium]] - Note: Visual Studio Code without tracking and proprietary builds.
 +
* [[Wire]]
  
 
Qt WebEngine[1][2]
 
Qt WebEngine[1][2]
 
* The [[Qt WebEngine]] library itself
 
* The [[Qt WebEngine]] library itself
 +
* [[Falkon]]
 +
* [[KDevelop]]
 +
* [[Konqueror]]
 +
* [[Nextcloud]] (specifically nextcloud-client)
 +
* [[Qtcreator]]
 +
* [[Quassel]]
 
* [[QupZilla]]
 
* [[QupZilla]]
 +
* [[QuteBrowser]]
 +
* [[SuperCollider]]
 +
* Many others ....
  
 
# https://lists.gnu.org/archive/html/directory-discuss/2017-12/msg00008.html
 
# https://lists.gnu.org/archive/html/directory-discuss/2017-12/msg00008.html
 
# https://lists.gnu.org/archive/html/libreplanet-discuss/2017-01/msg00001.html
 
# https://lists.gnu.org/archive/html/libreplanet-discuss/2017-01/msg00001.html
  
[[Telegram]] (desktop client)
+
=====Telegram (desktop client)=====
 +
 
 +
* NonFreeNet, UpstreamNonFree - https://f-droid.org/en/packages/org.telegram.messenger/
 
* Has delayed availability of source files compared to the binary release. See the numbered items below for more information.
 
* Has delayed availability of source files compared to the binary release. See the numbered items below for more information.
 
** Investigate if, after a binary release, the software has a license notice available somewhere and a place telling how to contact the copyright holders for the complete corresponding source.
 
** Investigate if, after a binary release, the software has a license notice available somewhere and a place telling how to contact the copyright holders for the complete corresponding source.
 
* Free/''libre'' software '''philosophy''' related issue: lacks federation with XMPP. See the whole parent thread of the references from the enumerated list below, and also [https://libreplanet.org/wiki/XMPP the page on XMPP in LibrePlanet wiki].
 
* Free/''libre'' software '''philosophy''' related issue: lacks federation with XMPP. See the whole parent thread of the references from the enumerated list below, and also [https://libreplanet.org/wiki/XMPP the page on XMPP in LibrePlanet wiki].
  
# https://lists.fsfe.org/mailman/private/android/2017-December/001049.html
+
# https://lists.fsfe.org/mailman/private/android/2017-December/001049.html (requires subscription)
# https://lists.fsfe.org/mailman/private/android/2017-December/001075.html
+
# https://lists.fsfe.org/mailman/private/android/2017-December/001075.html (requires subscription)
 +
 
 +
===== Investigate if these can be built and run entirely in free/libre system distributions =====
 +
 
 +
* [https://github.com/pbatard/rufus Rufus]: claims to build and run only on Windows.
 +
 
 +
=====EME=====
 +
[[Tor Browser]] - https://trac.torproject.org/projects/tor/ticket/16285
 +
 
 +
=====Nonfree JS=====
 +
Every JavaScript file in every software for each new version release should be evaluated with command line tool that has the same capabilities as LibreJS. Unfortunate there's no such tool yet.
 +
 
 +
=====Proprietary tethers=====
 +
"Tethering a product or program means designing it to work only by communicating with a specific server." - https://www.gnu.org/proprietary/proprietary-tethers.en.html
 +
 
 +
Currently the integration server is not configurable in this client.
 +
* Riot.im
 +
 
 +
=====IRC clients=====
 +
{|class=wikitable
 +
|-
 +
! Software
 +
! Evaluation link
 +
! Issue
 +
|-
 +
| Native browser IRC client
 +
| [irc://web.libera.chat/#fsf irc://web.libera.chat/#fsf]
 +
| [[IceCat]]: [https://savannah.gnu.org/bugs/index.php?53530 Free web-based IRC client replacement for Mibbit needed]
 +
|-
 +
| [[Gamja]]
 +
| [https://web.libera.chat/gamja/ https://web.libera.chat/gamja/]
 +
| ?
 +
|-
 +
| [[Kiwi IRC]]
 +
| [https://web.libera.chat/#fsf https://web.libera.chat/#fsf], [https://kiwiirc.com/nextclient/#irc://web.libera.chat/#fsf https://kiwiirc.com/nextclient/#irc://web.libera.chat/#fsf]
 +
| [https://github.com/kiwiirc/kiwiirc/issues/294 LibreJS feature request]
 +
|-
 +
| [[The Lounge]]
 +
| [https://demo.thelounge.chat/ https://demo.thelounge.chat/]
 +
| [https://github.com/thelounge/thelounge/issues/2318 LibreJS feature request]
 +
|-
 +
| [[qwebirc]]
 +
| [http://webchat.quakenet.org/?channels=fsf http://webchat.quakenet.org/?channels=fsf]
 +
| [https://github.com/qwebirc/qwebirc/issues/345 LibreJS feature request]
 +
|}
 +
 
 +
We're using irc:// in [https://directory.fsf.org/wiki/Template:Print_entry Template:Print_entry] (used on the entry pages like [[IceCat]]) and [https://directory.fsf.org/wiki/Template:IRC_text Template:IRC_text] (used on the [[Main Page]]).
  
[[youtube-dl]] based software
+
=====Parabola blacklisted software=====
* There is a small bit of the program that appears to download some DRM js and some other questionable js.
+
Somebody should ask the developers to remove proprietary code/fonts, etc, from the software listed below.
* Even if we manage to have positive review in order to keep/list it in the directory, this doesn't change the fact that the network effect of people depending on, recommending or even giving their time to YouTube will keep happening. I think [http://lists.nongnu.org/archive/html/gnu-linux-libre/2017-09/msg00008.html bill-auger] and jxself also suggested people to help with vaeringjar's (a user in #peers IRC channel) project to make a Youtube downloader that periodically checks YouTube itself and mirrors '''legally shareable''' content (with correct license metadata) from YouTube to torrents and to Internet Archive. However Internet Archive [https://archive.org/post/1073163/please-free-the-javascript-being-forced-to-average-visitors also has some software freedom issues related to their JavaScript].
 
  
# http://lists.nongnu.org/archive/html/gnu-linux-libre/2017-07/msg00000.html
+
Blacklisted Parabola software that is approved in the Directory
# http://lists.nongnu.org/archive/html/gnu-linux-libre/2017-09/msg00003.html
+
''Note: these programs are considered to be non-free as published by their respective upstreams;
 +
but many of them have known liberation procedures
 +
and are available in Parabola and other FSDG distros in modified form.''
  
==Parabola blacklisted software==
 
 
* [[Abiword]]
 
* [[Abiword]]
 
* [[Abs]]
 
* [[Abs]]
Line 104: Line 226:
 
* [[Parley]]
 
* [[Parley]]
 
* [[Bladerf]]
 
* [[Bladerf]]
 +
 +
===Collections===
 +
 +
====[[Collection:Replicant|Replicant]]====
 +
"Note that we have currently two FSDG compliant Mobile operating systems:
 +
Replicant and PureOS. Though I'm unsure how if PureOS has ways for
 +
users to contribute code there as I didn't try to do it, so that could
 +
be a reason why it's not listed. For PureOS it also might make way more
 +
sense to contribute patches in upstream projects directly if the goal
 +
is to make applications mobile phone friendly. Though adding support
 +
for phones like the Pinephone in PureOS might also be a good idea.
 +
 +
We can also probably install Parabola and GuixSD on some smartphones,
 +
but it probably requires in both cases to package some bootloaders or
 +
kernels and write installation instructions somewhere, and I guess that
 +
we'd also need to try to see how usable they are once this is done." - GNUtoo
 +
 +
==About==
 +
 +
This project page is for heightened scrutiny, packages that need a second pass essentially.
 +
 +
Software should be considered non-free until proven otherwise - the burdon of proof should be on the developers to prove their code is 100% freely distributable.
 +
 +
==Script==
 +
[See https://git.parabola.nu/blacklist.git/tree/?h=development for more scripts]
 +
 +
<pre>
 +
#!/bin/bash
 +
 +
readonly WIKI_BASE_URL=https://directory.fsf.org/wiki
 +
readonly BLACKLIST_URL=https://git.parabola.nu/blacklist.git/plain
 +
readonly BLACKLIST_FILE=blacklist.txt
 +
 +
 +
wget $BLACKLIST_URL/$BLACKLIST_FILE
 +
[ ! -f ./$BLACKLIST_FILE ] && echo "download failed" && exit 1
 +
 +
 +
readonly PACKAGES=$(grep '^\s*[^:#]*:.*' ./$BLACKLIST_FILE                          | \
 +
                    sed 's/^\s*\([^:#]*\):.*/\1/ ; s/^./\U&/g ; s/-./\U&/g ; s/-/_/g')
 +
 +
for package in $PACKAGES
 +
do status=$(curl -s -o /dev/null -w "%{http_code}" $WIKI_BASE_URL/$package)
 +
  if  [ "$status" == '200' ]
 +
  then echo "$package entry exists"
 +
  elif [ "$status" == '404' -o "$status" == '301' ]
 +
  then echo "$package entry not found"
 +
  else echo "$package unknown response"
 +
  fi
 +
done
 +
</pre>
 +
 +
==License verification==
 +
All pages in license pages should have the correct version of the GPL. "The ones I looked at were pretty old, so I'm guessing they're mostly gplv2, but we should get it fixed." (Donald) "It's either the project which inserted the name without version, or the person who added the entry which did it that way." (Adfeno)
 +
* [[License:GPL]]
 +
* [[License:LGPL]]
 +
* [[License:MPL]]
 +
 +
==See also==
 +
* [[Free_Software_Directory:Antifeatures|Antifeatures]]
 +
* [[Free Software Directory:Notifications|Notifications]]
  
 
[[Category:Project Team]]
 
[[Category:Project Team]]

Revision as of 03:53, 1 November 2021

Evaluates if suspected software is nonfree so we can remove them from the Directory or avoid to add them.

Team Captain: David Hedlund

Participants:

Unapproved software

Entries here should be Protected with the following settings: [Edit=Allow only administrators] (indefinite) [Move=Allow only administrators] (indefinite)

Nonfree

Non-Free Network Services

Promotes or depends entirely on a non-libre network service.

1 listed:

 Name
LanguageToolLanguageTool

Trademark

"Trademarks and FOSS are not incompatible" - https://static.fsf.org/nosvn/licensing/2020/FOSSmarksv2.pdf

6 listed:

 Name
Bugzilla
IceCat/Lightbeam
Iceape
Pale Moon
Scratch
SeaMonkey

Free variants that tries to keep synchronization with upstream development:

Anti-features that are incompatible with the GNU FSDG

NonFreeDep

Definition: the application depends on a non-free application (e.g. Google Maps) - i.e. it requires it to be installed on the device, but does not include it.

Some free programs sometimes (willingly or accidentally) end up having nonfree dependencies, which makes them not usable for people wanting to only run free software.

For instance, when forking a GNU/Linux distribution to make one that follows the Free System Distribution Guidelines (FSDG) you have to patch many of the packages. And there are even lists of software that need patching to help people doing that. Having something that scales more in term of number of software and that can re-generate a similar list would be a good idea.

If the developers of the free program ended up depending on nonfree dependencies accidentally, FSDG compliant distributions probably need to patch or remove that program. If that program is not packaged (yet) people might also want to do that patching themselves.

So in that case, it might be a good idea anyway to store that information in the free software directory to help people and distributions, and when applicable provide information on how to deal with the problem (replace with a fork, don't ship/use that program, build without foo nonfree depdency, etc).

If the project ended up depending on nonfree software accidentally, it might be very interesting to list that too, along with some text that explain what needs to be done to help that project fix it, so that after some time the distributions and users would end up not needing that nonfree depdenciy anymore with the new versions of that software.

NonFreeAdd

Definition: the application promotes non-free add-ons, such that the app is effectively an advert for other non-free software.

NonFreeAssets

Definition: the application contains and makes use of non-free assets. The most common case is apps using artwork - images, sounds, music, etc - under a non-commercial license.

Tracking

Definition: the application tracks and reports your activity to somewhere without your consent. It’s commonly used for when developers obtain crash logs without the user’s consent, or when an app is useless without some kind of authentication

Software evaluation

See also: Project Team Free software evaluation

4 listed:

 License
Brave Browser
Chromium
Iridium Browser
Signal

Discussed

Chromium-based browsers and software

See also [1].

Electron[2]

Qt WebEngine[1][2]

  1. https://lists.gnu.org/archive/html/directory-discuss/2017-12/msg00008.html
  2. https://lists.gnu.org/archive/html/libreplanet-discuss/2017-01/msg00001.html
Telegram (desktop client)
  • NonFreeNet, UpstreamNonFree - https://f-droid.org/en/packages/org.telegram.messenger/
  • Has delayed availability of source files compared to the binary release. See the numbered items below for more information.
    • Investigate if, after a binary release, the software has a license notice available somewhere and a place telling how to contact the copyright holders for the complete corresponding source.
  • Free/libre software philosophy related issue: lacks federation with XMPP. See the whole parent thread of the references from the enumerated list below, and also the page on XMPP in LibrePlanet wiki.
  1. https://lists.fsfe.org/mailman/private/android/2017-December/001049.html (requires subscription)
  2. https://lists.fsfe.org/mailman/private/android/2017-December/001075.html (requires subscription)
Investigate if these can be built and run entirely in free/libre system distributions
  • Rufus: claims to build and run only on Windows.
EME

Tor Browser - https://trac.torproject.org/projects/tor/ticket/16285

Nonfree JS

Every JavaScript file in every software for each new version release should be evaluated with command line tool that has the same capabilities as LibreJS. Unfortunate there's no such tool yet.

Proprietary tethers

"Tethering a product or program means designing it to work only by communicating with a specific server." - https://www.gnu.org/proprietary/proprietary-tethers.en.html

Currently the integration server is not configurable in this client.

  • Riot.im
IRC clients
Software Evaluation link Issue
Native browser IRC client irc://web.libera.chat/#fsf IceCat: Free web-based IRC client replacement for Mibbit needed
Gamja https://web.libera.chat/gamja/ ?
Kiwi IRC https://web.libera.chat/#fsf, https://kiwiirc.com/nextclient/#irc://web.libera.chat/#fsf LibreJS feature request
The Lounge https://demo.thelounge.chat/ LibreJS feature request
qwebirc http://webchat.quakenet.org/?channels=fsf LibreJS feature request

We're using irc:// in Template:Print_entry (used on the entry pages like IceCat) and Template:IRC_text (used on the Main Page).

Parabola blacklisted software

Somebody should ask the developers to remove proprietary code/fonts, etc, from the software listed below.

Blacklisted Parabola software that is approved in the Directory Note: these programs are considered to be non-free as published by their respective upstreams; but many of them have known liberation procedures and are available in Parabola and other FSDG distros in modified form.

Collections

Replicant

"Note that we have currently two FSDG compliant Mobile operating systems: Replicant and PureOS. Though I'm unsure how if PureOS has ways for users to contribute code there as I didn't try to do it, so that could be a reason why it's not listed. For PureOS it also might make way more sense to contribute patches in upstream projects directly if the goal is to make applications mobile phone friendly. Though adding support for phones like the Pinephone in PureOS might also be a good idea.

We can also probably install Parabola and GuixSD on some smartphones, but it probably requires in both cases to package some bootloaders or kernels and write installation instructions somewhere, and I guess that we'd also need to try to see how usable they are once this is done." - GNUtoo

About

This project page is for heightened scrutiny, packages that need a second pass essentially.

Software should be considered non-free until proven otherwise - the burdon of proof should be on the developers to prove their code is 100% freely distributable.

Script

[See https://git.parabola.nu/blacklist.git/tree/?h=development for more scripts] 

#!/bin/bash

readonly WIKI_BASE_URL=https://directory.fsf.org/wiki
readonly BLACKLIST_URL=https://git.parabola.nu/blacklist.git/plain
readonly BLACKLIST_FILE=blacklist.txt


wget $BLACKLIST_URL/$BLACKLIST_FILE
[ ! -f ./$BLACKLIST_FILE ] && echo "download failed" && exit 1


readonly PACKAGES=$(grep '^\s*[^:#]*:.*' ./$BLACKLIST_FILE                           | \
                    sed 's/^\s*\([^:#]*\):.*/\1/ ; s/^./\U&/g ; s/-./\U&/g ; s/-/_/g')

for package in $PACKAGES
do status=$(curl -s -o /dev/null -w "%{http_code}" $WIKI_BASE_URL/$package)
   if   [ "$status" == '200' ]
   then echo "$package entry exists"
   elif [ "$status" == '404' -o "$status" == '301' ]
   then echo "$package entry not found"
   else echo "$package unknown response"
   fi
done

License verification

All pages in license pages should have the correct version of the GPL. "The ones I looked at were pretty old, so I'm guessing they're mostly gplv2, but we should get it fixed." (Donald) "It's either the project which inserted the name without version, or the person who added the entry which did it that way." (Adfeno)

See also


Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the page “GNU Free Documentation License”.

The copyright and license notices on this page only apply to the text on this page. Any software or copyright-licenses or other similar notices described in this text has its own copyright notice and license, which can usually be found in the distribution or license text itself.

Retrieved from "https://directory.fsf.org/wiki?title=Free_Software_Directory:Free_software_evaluation&oldid=86157"