Should ArchLinux as community join this?

Tairosonloa · 2017-09-18 17:30:24

Hi all,

I have read about this initiative, which asks for Governments to legislate about publicly financed software and developed for the public sector to be made publicly available under a Free and Open Source Software license.

Some Communities, like Debian, openSuse, Gnome, KDE, etc. have joined in favor of this cause, like many others and random people. Should ArchLinux do the same?

Here is more info: https://publiccode.eu/

Last edited by Tairosonloa (2017-09-18 17:34:21)

Buddlespit · 2017-09-18 21:43:12

I would think that some code written using taxpayers monies would be something that could be vital to national security (both offensive and defensive). I wouldn't want the code for the nuclear launch systems to be open source. If you can read the code, you can defeat the code.

But that's just me playing at devil's advocate.

Trilby · 2017-09-18 23:06:33

ArchLinux users can join whatever they want, sign whatever petition they want, and vote any way they want. The ArchLinux community is not a unitary entity that can do any of these things. It could be possible that someone with enough influence in the community might try to speak for everyone on political issues. But I have faith that none of those currently in those positions would be so foolish to do so.

EDIT: upon reading further I drastically changed even my personal opinion on this. I would (indiviually and personally) advocate for publicly funded software to be open source, but this proposal seems to be advocating specifically for GPL-like strong copy-left which I'd not support.

Last edited by Trilby (2017-09-19 01:22:13)

Allan · 2017-09-19 00:44:17

Trilby wrote:

It could be possible that someone with enough influence in the community might try to speak for everyone on political issues.

I will....

Trilby wrote:

But I have faith that none of those currently in those positions would be so foolish to do so..

... not express an opinion!

I would be very disappointed Arch Linux as an organisation made a comment on this.

eschwartz · 2017-09-19 01:49:00

Buddlespit wrote:

I would think that some code written using taxpayers monies would be something that could be vital to national security (both offensive and defensive). I wouldn't want the code for the nuclear launch systems to be open source. If you can read the code, you can defeat the code.
But that's just me playing at devil's advocate.

As in, standing for the unenlightened masses who panic every time they hear that linux has a bug, but never hear when Windows has a bug?

Any nuclear launch system so terrible that you can "defeat it" by reading the code, is, well, buggy, and hiding the code won't make the bugs go away. Why on earth would I feel safe when nuclear launch systems are running around designed in such a way that the source code design parameters mandate viable attack patterns?

...

This campaign is so depressing. Every time the fanatics come out in support of some movement, all they really do is make sure everyone associates the movement with fanaticism.

Copyleft is completely orthogonal to the purpose of publicly-funded code -- if anything, we should be broadening e.g. this US-specific concept: https://www.usa.gov/government-works

Buddlespit · 2017-09-20 11:55:05

Eschwartz wrote:

Buddlespit wrote:
I would think that some code written using taxpayers monies would be something that could be vital to national security (both offensive and defensive). I wouldn't want the code for the nuclear launch systems to be open source. If you can read the code, you can defeat the code.
But that's just me playing at devil's advocate.
As in, standing for the unenlightened masses who panic every time they hear that linux has a bug, but never hear when Windows has a bug?

Where did that come from? Actually, I meant that maybe we should think about what should and shouldn't be released as it pertains to national security. As I said in my first sentence.
But, I will also freely admit that I'm not a coder, nor do I have any interest in coding. So (as you pointed out), I can be waaaaay off base here.

Eschwartz wrote:

Any nuclear launch system so terrible that you can "defeat it" by reading the code, is, well, buggy, and hiding the code won't make the bugs go away. Why on earth would I feel safe when nuclear launch systems are running around designed in such a way that the source code design parameters mandate viable attack patterns?

Pick any scenario you want. Launch systems, tracking systems, listening systems. Hell, cars are able to be hacked remotely. But (again, not a coder) I don't really know if source code would be needed to find those vulnerabilities.

...

Eschwartz wrote:

This campaign is so depressing. Every time the fanatics come out in support of some movement, all they really do is make sure everyone associates the movement with fanaticism.
Copyleft is completely orthogonal to the purpose of publicly-funded code -- if anything, we should be broadening e.g. this US-specific concept: https://www.usa.gov/government-works

Maybe I should have left this topic alone.

Trilby · 2017-09-20 12:34:02

Buddlespit wrote:

Pick any scenario you want. Launch systems, tracking systems, listening systems. Hell, cars are able to be hacked remotely. But (again, not a coder) I don't really know if source code would be needed to find those vulnerabilities.

No, the source code being released would not make these more volunerable. The end result, as suggested by ESchwartz, is just the opposite.

Any software which intended to keep something secure that could be more readily "hacked" (or cracked) simply because it's source code was available was completely and profoundly poorly designed. That is not how security works - at best that'd be security through obscurity which is really no security at all. Even proprietary code is never really that secret. The code could be stolen, leaked, sold on the black-market, decompiled and/or reverse-engineered etc. Open-sourcing it has two effects relevant to this type of security:

1) Any false sense of security through obscurity will be instantly gone, this is good because - as noted - it's a false sense of security. Though I don't think anyone (even government people) really think security comes directly from the source code being a "secret".

2) Security vulnerabilities will be noticed sooner. So they can be fixed! The only way to advocate for closed source on this point would be on par with saying it's better to not go to a doctor because they might find something wrong with you. If I have cancer, I'd rather know and have hope of treating it early enough than live in ignorant bliss for a shorter period of time. Diseases and security vulnerabilities will not cease to exist simple because we try hard to not find out about them.

In summary, I don't think there is any sane way to argue that open sourcing such code would be a (software) security risk. Quite the opposite - open sourcing such software would increase the security of said software. There are some reaons one would prefer to keep such software prorprietary, but this is not one of them.

Reasons to keep it proprietary may include preventing other nations from using the same stuff. If we think we have top-notch software for our weapons systems, do we really want to let our potential enemies also have that same software? I don't know how compelling this point is on it's own, but this is a genuine point in favor of keeping it closed source.

Another reason for closed source would be the same as every other bit of software: the owner of the intellectual property rights wants to ensure their job security, income, or stock value. In the open source world we sometimes look down on such motives, but they are quite natural and perfectly reasonable when not abused.

So the real question of this issue is not whether open-sourcing would be a security risk (it's not), but whether it is an ethical obligation given that public funds are used to create the software. Here I also think ESchwartz's point on comparing to other government works is spot on. I could support such software being open source and/or public domain (in the US products of publicly funded government work are typically in the public domain). But this too is quite different from the strong copy-left that seems to be advocated for in the campaign linked to by the OP.

Last edited by Trilby (2017-09-20 12:44:40)

Buddlespit · 2017-09-20 20:35:27

That was a well laid out, eloquent and educational. Thank you, sir.

Steef435 · 2017-09-20 23:10:04

Not sure if I'm derailing this thread too much by asking (in which case, I'm sorry), but why the negative stance on copyleft? Apart from the unreadable fat licenses that come with it, I blame copyright law for that.

The way I look at it, public domain and copyleft basically result in the same freedom, copyleft just encourages this freedom to be adopted in other works (as well as collaboration), while public domain does not. Ideally, I'd live in a world with implied copyleft-like practices. But I really wonder where GNU/Linux et al would've been without copyleft.

Or is this just in the specific context of publicly funded code, with the idea that any restriction, thus including copyleft restrictions, is bad practice?

Trilby · 2017-09-20 23:26:46

Steef435 wrote:

copyleft just encourages this freedom to be adopted in other works

You and I must have a *very* different definition of the word "encourages" and "freedom". I'd write that sentence: copyleft requires the same restriction be applied in other works. I'm personally morally opposed to the FSF and the GPL. I currently live with it as a necessary evil which I hope will not perpetually remain necessary.

Last edited by Trilby (2017-09-20 23:27:10)

Steef435 · 2017-09-21 19:13:40

I think we're much on the same page. Enforced copyleft goes against my principles (it is in a sense also restriction of freedom). BUT I do believe that it's the only decent way for open source code that can be read, modified, and shared (also freedoms) to survive in a world that has been fully indoctrinated to look at copyright and closed source as a consequence as normal. Homo homini iupus est. To reiterate: if Linux had not been under a copyleft license, I think a big company like Microsoft would've consumed it already. Do you look at it the same way?

Trilby · 2017-09-21 19:24:57

Steef435 wrote:

Do you look at it the same way?

No.

The BSDs are not under copyleft licenses (some are even working hard to rid themselves of any GPL'ed code, I'm pretty sure a current FreeBSD base install is already GPL free). Minix isn't under a copyleft license. Haiku isn't under a copyleft license.

Microsoft has not "consumed" any of those, but MS did do this.

GPL is not what made linux the dominant modern unix-like for two reasons. First, the cause of this was more a happy accident for linux that BSD was bogged down in legal battles as linux emerged, so linux gained greater market share earlier. Momentum is on linux's side, not licensing. Second, linux isn't the dominant modern unix-like at all, not by a long shot; MacOS is (which also is not GPLed nor other strong copy-left).

If one argues in favor of strong copy-left because they think it is the "right" way to do things, I will disagree, but I can appreciate their point of view. But arguing that strong copy-left is the cause of linux's success is really just a complete nonstarter.

More importantly, what would it mean to be "consumed"? If Linus and everyone else who contribute{d,s} to linux project had opted for a permissive license, how would MS "consume" the results? MS could put linux on disks and charge people money for them ... sure, but that would stop it from still being freely available everywhere else (technically they could do this much now with GPLed code). If anything this would have actually accelerated linux's market share as MS would be distributing it!.

MS might take linux and build their own OS on top of it (like Mac did to BSD with OSX). But this wouldn't prevent linux from continuing to develope. Quite the opposite, as at that point hardware vendors would *need* to have linux compatibility (as that'd be Winux compatibility).

In the digital world, letting someone else use your stuff doesn't prevent you from using it too.

Last edited by Trilby (2017-09-21 19:44:16)

Roken · 2017-09-21 19:27:27

Personally, I believe that there are much weaker links in the Nuclear programme than the source code. Humanity being the top weak link.

bart_vv · 2017-09-21 20:17:44

Trilby wrote:

Second, linux isn't the dominant modern unix-like at all, not by a long shot; MacOS is (which also is not GPLed nor other strong copy-left).

Good one.

Trilby · 2017-09-21 20:34:27

It wasn't a joke. Actually of all the BSDs and linux and MacOS, the last is the most unix-like as it actually is Unix (the only one of the bunch to meet the Single Unix Specification).

ngoonee · 2017-09-21 20:56:18

Trilby wrote:

1) Any false sense of security through obscurity will be instantly gone, this is good because - as noted - it's a false sense of security. Though I don't think anyone (even government people) really think security comes directly from the source code being a "secret".

Oh you have such faith in humanity

Awebb · 2017-09-21 21:11:08

Allan wrote:

I would be very disappointed Arch Linux as an organisation made a comment on this.

If there was such a comment, I'd expect it to start like: "Since the governing bodies of the European Union obstinately refuse to subscribe to the appropriate Arch mailing lists, ...".

eschwartz · 2017-09-24 17:43:17

Steef435 wrote:

Not sure if I'm derailing this thread too much by asking (in which case, I'm sorry), but why the negative stance on copyleft? Apart from the unreadable fat licenses that come with it, I blame copyright law for that.
The way I look at it, public domain and copyleft basically result in the same freedom, copyleft just encourages this freedom to be adopted in other works (as well as collaboration), while public domain does not. Ideally, I'd live in a world with implied copyleft-like practices. But I really wonder where GNU/Linux et al would've been without copyleft.
Or is this just in the specific context of publicly funded code, with the idea that any restriction, thus including copyleft restrictions, is bad practice?

Yes, specifically in the context of publicly-funded code.

I think copyleft is a useful thing, as a personal choice. It doesn't have much to do with freedom, rather it is focused on creating a restricted environment that competes with proprietary code, with the entry requirement of "share your stuff with us, and we'll share our stuff with you".

It has its place, but that place is not publicly-funded code... that would be switching one restricted environment for another which makes it a superbly fallacious argument disguised as "freedom".

Maybe I don't want proprietary software makers to benefit from publicly-funded code, but I am not dishonest enough to advocate that as a law.

...

Corporations that would privately improve on such code pay their taxes too (as little as they can get away with, sure, but they still fund government works) and of course Joe Sharewaremaker and Jane Appdeveloper would probably like to use that code too. Enshrining strong copyleft in the law is not something I see as a good idea, no matter how pleasant on a personal level.

The US has a policy to release funded works into the public domain.
The UK mandates open-source licenses, *for example MIT*.
I don't see why the FSFE needs to advocate for other European governments to use open-source-with-strong-subliminal-preference-for-copyleft licenses.

eschwartz · 2017-09-26 00:20:57

By the way, via the Freenode #archlinux-offtopic channel:

8:06:14 PM - Repentinus: eschwartz, by the way, if any of the official campaign materials give an impression that we want public code to be copyleft, please let me know and I'll see that they're changed. I cannot do anything about supporter comments or feelings though.
8:14:27 PM - eschwartz: Repentinus: I think it is mostly the fact that the FSF is heavily associated with the GPL, and it isn't immediately apparent that the FSFE holds a less hardcore (rms/monk-like) attitude, and that "Free Software" is generally used by people who want to specifically make Stallman's point.
8:15:26 PM - eschwartz: I guess they could add a disclaimer, but maybe it would flow better if they simply added comparisons to the UK's adoption of largely-MIT licensing or the US public-domain concept
8:16:11 PM - Repentinus: I'll pass that recommendation on to the people in charge of the campaign.
8:16:21 PM - eschwartz: awesome, thanks
8:16:52 PM - eschwartz: You wanna drop a comment on the arch BBS thread, or can I quote you?
8:17:50 PM - Repentinus: You can quote me. I am not much of a fora person these days.

So I suppose I should retract my opinion.

Last edited by eschwartz (2017-09-26 00:23:23)

Trilby · 2017-09-26 01:57:23

Repentinus via eschwartz wrote:

by the way, if any of the official campaign materials give an impression that we want public code to be copyleft, please let me know and I'll see that they're changed. I cannot do anything about supporter comments or feelings though.

Is Repentinus officially affiliated with this campaign? If so, is he fucking joking?! I did not get that "impression" from any third-party commenter, I got it strait from the website linked by the OP on which it is not an impression but as clear and direct a statement as could possibly be.

eschwartz · 2017-09-26 02:49:13

I dunno, the impression from the website which I got was its immediate link to "publicly available under a Free and Open Source Software licence" which immediately jumped into the history of Richard Stallman etc. I get the impression that somehow, they didn't quite realize that we actually hear Free and Open Source Software and think "oh, Free and Open Source Software according to the common meaning, just like they said".

Apparently, they recognize many different licenses, including non-copyleft ones, if you go link-chasing: https://fsfe.org/freesoftware/basics/comparison.en.html
But as you say, the official website gives a strong impression of preferring copyleft -- and Repentinus, who is definitely involved in the campaign according to his own admission (though "not as much as I'd like") as well as with the FSFE was surprised at the method of my disapproval. So I will assume it was a legitimate if rather dramatic failure to communicate, and hopefully they will update their campaign to explicitly call out existing, non-copyleft models as good examples. (Which I think is useful anyway. "See, the US/UK already use PD, and MIT/various licenses. You should too!")

Last edited by eschwartz (2017-09-26 02:49:58)

nbd · 2017-09-26 03:27:03

But why the copyleft is "evil"? On my view it prevents the situation when ones spend their time on producing freely available code, while others spend theirs on making profit from it.

eschwartz · 2017-09-26 03:31:05

nbd wrote:

But why the copyleft is "evil"? On my view it prevents the situation when ones spend their time on producing freely available code, while others spend theirs on making profit from it.

Copyleft isn't evil.

Mandating copyleft for government-developed code funded by public taxpayer $$ is evil.

nbd · 2017-09-26 03:34:00

I was referring to Trilby's post:

Trilby wrote:

I'm personally morally opposed to the FSF and the GPL. I currently live with it as a necessary evil which I hope will not perpetually remain necessary.

ngoonee · 2017-09-26 04:33:14

nbd wrote:

But why the copyleft is "evil"? On my view it prevents the situation when ones spend their time on producing freely available code, while others spend theirs on making profit from it.

Making a profit is not evil, and is in fact necessary. Anyone who volunteers to freely spend their time and intellect on freely available code is in fact donating that time and intellect.

copyleft forces everyone to donate, and restricts freedom in that way.

Arch Linux

#1 2017-09-18 17:30:24

Should ArchLinux as community join this?

#2 2017-09-18 21:43:12

Re: Should ArchLinux as community join this?

#3 2017-09-18 23:06:33

Re: Should ArchLinux as community join this?

#4 2017-09-19 00:44:17

Re: Should ArchLinux as community join this?

#5 2017-09-19 01:49:00

Re: Should ArchLinux as community join this?

#6 2017-09-20 11:55:05

Re: Should ArchLinux as community join this?

#7 2017-09-20 12:34:02

Re: Should ArchLinux as community join this?

#8 2017-09-20 20:35:27

Re: Should ArchLinux as community join this?

#9 2017-09-20 23:10:04

Re: Should ArchLinux as community join this?

#10 2017-09-20 23:26:46

Re: Should ArchLinux as community join this?

#11 2017-09-21 19:13:40

Re: Should ArchLinux as community join this?

#12 2017-09-21 19:24:57

Re: Should ArchLinux as community join this?

#13 2017-09-21 19:27:27

Re: Should ArchLinux as community join this?

#14 2017-09-21 20:17:44

Re: Should ArchLinux as community join this?

#15 2017-09-21 20:34:27

Re: Should ArchLinux as community join this?

#16 2017-09-21 20:56:18

Re: Should ArchLinux as community join this?

#17 2017-09-21 21:11:08

Re: Should ArchLinux as community join this?

#18 2017-09-24 17:43:17

Re: Should ArchLinux as community join this?

#19 2017-09-26 00:20:57

Re: Should ArchLinux as community join this?

#20 2017-09-26 01:57:23

Re: Should ArchLinux as community join this?

#21 2017-09-26 02:49:13

Re: Should ArchLinux as community join this?

#22 2017-09-26 03:27:03

Re: Should ArchLinux as community join this?

#23 2017-09-26 03:31:05

Re: Should ArchLinux as community join this?

#24 2017-09-26 03:34:00

Re: Should ArchLinux as community join this?

#25 2017-09-26 04:33:14

Re: Should ArchLinux as community join this?

Board footer