Web lists-archives.com

Re: Whether remotely running software is considered "software" for Debian.




I'm getting tired of this.  You keep avoiding my questions and changing the
subject.  Unless you start answering my questions, I'm going to stop
responding.

On Mon, Aug 28, 2017 at 02:21:01PM +0500, Andrey Rahmatullin wrote:
> On Mon, Aug 28, 2017 at 08:55:43AM +0000, Dr. Bas Wijnen wrote:
> > > > Are you saying that a Debian system where only main is enabled is unsafe?
> > > [...]
> > > > If that is correct, it is a huge problem that that is the default setup
> > > > we ship, don't you think?
> > > It is, but solving it most likely means actually violating Debian
> > > principles,
> > 
> > You cannot be serious...  You believe that if our rules say we should harm our
> > users, the rules are more important than the users?  
> No, I believe our users are more important and so you shouldn't set
> arbitrary restrictions on main just so your apt search output could be
> untainted.

Don't change the subject.  You say that non-free is essential for our users to
be safe, but you find it acceptable that it is not enabled by default.  How is
that not hurting our users?

> > Also, I'm interested to hear which rule would be broken
> "Debian will remain 100% free", "non-free is not part of Debian" etc.

Your position is that it is acceptable for a program in main to require a
non-free service, as long as that non-free service doesn't run on the same
computer.  Why is that suddenly no longer true when the non-free service is
hosted on our own servers?  Or do you perhaps agree with me that a program
requiring a non-free service cannot be in main?

> > if we make it the default to provide our users with updates that they
> > need to be safe.
> But then you will be able to see and install non-free software, isn't that
> what you don't want to happen?

It's a sacrifice I'm willing to make for our users.  It would be better if the
essential parts would be in a separate repository so I could enable only those,
but as long as that isn't implemented, of course I think the safety of our
users is more important than the looks of my package list.

Finally, for the third time, please explain your position on my hypothetical
unrar-nonfree scenario.

Thanks,
Bas

Attachment: signature.asc
Description: PGP signature