You are not logged in.

#1 2017-12-09 09:18:31

pepper
Member
Registered: 2017-12-09
Posts: 2

Arch development in detail and user privacy

Hi, I hope to be in the correct forum section. I would like to know how arch linux developers decide about the evolution of this distro.

1) Is the process of tasks divisions transparent? Is it performed also on this forum? Exactly where is performed?
(I do not want to know where the project updates are shown but where the developer "x" tells the developer "y": "you do this", "I take care of this", "no, it's better that he does" or understand however, how it works and if it is transparent.)
2) Is there a boss? are there equal decision-making powers ?
3) Is there an official "sort of warranty" that spying softwares (of every kind, like ubuntu's amazon search bar) aren't shipped with the distro regardless of the license type? Is there a checking process about this "problem" (main and also AUR repos)?

Thank you.

Last edited by pepper (2017-12-09 09:28:48)

Offline

#2 2017-12-09 09:28:52

Allan
Supreme Leader
From: Brisbane, AU
Registered: 2007-06-09
Posts: 10,711
Website

Re: Arch development in detail and user privacy

1) Developers do what they want.
2) Developers do what they want.
3) Developers do what they want.

Offline

#3 2017-12-09 09:55:55

pepper
Member
Registered: 2017-12-09
Posts: 2

Re: Arch development in detail and user privacy

Does arch linux express itself regarding probable espionage software in the distribution (as debian,fedora or mint do) or again "Developers do what they want" ?

Offline

#4 2017-12-09 10:31:21

heisenberg
Member
Registered: 2017-05-27
Posts: 51

Re: Arch development in detail and user privacy

pepper wrote:

Does arch linux express itself regarding probable espionage software in the distribution (as debian,fedora or mint do) or again "Developers do what they want" ?

I guess they do what they want (Allan is a dev, iirc). However, take a look here https://wiki.archlinux.org/index.php/Arch_Linux

Offline

#5 2017-12-09 17:28:48

Alad
Wiki Admin/IRC Op/TU
From: The Land of The Bloat
Registered: 2014-05-04
Posts: 1,776
Website

Re: Arch development in detail and user privacy

As the link above says, Arch will ship whatever upstream ships with a minimum of required changes. If upstream happens to make questionable decisions about "probably espionage software" (e.g. atom, smtube), then so be it and we'll tell people to complain to upstream instead of us. After all, patching something in Arch implies the change will be in Arch only, and not in any other distributions.

If you don't agree with this logic, it's as simple as not installing the packages in question, or using some distribution with strict adherence to the GNU free software guidelines.

Last edited by Alad (2017-12-09 17:34:45)


Mods are just community members who have the occasionally necessary option to move threads around and edit posts. -- Trilby
Honest Alad's Package Emporium—Now with added bugs! (Closed until further notice)

Offline

#6 2017-12-09 17:48:12

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 19,100
Website

Re: Arch development in detail and user privacy

pepper wrote:

1) ... where the developer "x" tells the developer "y": "you do this"...

https://lists.archlinux.org/listinfo/

pepper wrote:

2) Is there a boss?

You.  You decide what to install and what not to install.  You can decide to build a package with different options, patches, or configure flags.  You are responsible for your system; no one else is.

pepper wrote:

3) Is there an official "sort of warranty"

Definitely not.  But there is a security team.  Feel free to contribute to it.


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#7 2017-12-09 18:45:46

loqs
Member
Registered: 2014-03-06
Posts: 4,557

Re: Arch development in detail and user privacy

Alad wrote:

As the link above says, Arch will ship whatever upstream ships with a minimum of required changes.

However what constitutes necessary changes is solely at the discretion of the packager.
For instance https://git.archlinux.org/svntogit/comm … ibvirt#n92

Trilby wrote:

But there is a security team.  Feel free to contribute to it.

A pity that team seems only reachable via IRC.

It does seem there are more rules of formal governance for TU's and for maintainers of AUR packages than for developers.

Offline

#8 2017-12-09 23:35:31

Alad
Wiki Admin/IRC Op/TU
From: The Land of The Bloat
Registered: 2014-05-04
Posts: 1,776
Website

Re: Arch development in detail and user privacy

However what constitutes necessary changes is solely at the discretion of the packager.

Yes, that's mentioned in the same wiki article. "The principles here are only useful guidelines. Ultimately, design decisions are made on a case-by-case basis through developer consensus."

In any case, I would say that the "limited patching" idea prevails in most of our repo packages. Compare any random sampling of packages in Arch with say, Debian.


Mods are just community members who have the occasionally necessary option to move threads around and edit posts. -- Trilby
Honest Alad's Package Emporium—Now with added bugs! (Closed until further notice)

Offline

#9 2017-12-10 06:11:15

Allan
Supreme Leader
From: Brisbane, AU
Registered: 2007-06-09
Posts: 10,711
Website

Re: Arch development in detail and user privacy

loqs wrote:

A pity that team seems only reachable via IRC.

Or the bug tracker, or the security email address, or ...

Offline

#10 2017-12-10 10:35:43

loqs
Member
Registered: 2014-03-06
Posts: 4,557

Re: Arch development in detail and user privacy

Allan wrote:
loqs wrote:

A pity that team seems only reachable via IRC.

Or the bug tracker, or the security email address, or ...

The first point I agree would usually be the best option but please see https://bugs.archlinux.org/task/56647.
security email address I do not see such an address listed on https://wiki.archlinux.org/index.php/Arch_Security_Team and a search engine query of "arch linux security email address"
only returned references to the arch-security mailing list which as I understand it is only used to post security announcements.
Eli Schwartz has been working towards a solution in this case and I should thank him for his efforts.

Offline

#11 2017-12-10 10:47:49

Allan
Supreme Leader
From: Brisbane, AU
Registered: 2007-06-09
Posts: 10,711
Website

Re: Arch development in detail and user privacy

loqs wrote:

security email address I do not see such an address listed on https://wiki.archlinux.org/index.php/Arch_Security_Team and a search engine query of "arch linux security email address"

security@...

Offline

#12 2017-12-10 14:54:32

Alad
Wiki Admin/IRC Op/TU
From: The Land of The Bloat
Registered: 2014-05-04
Posts: 1,776
Website

Re: Arch development in detail and user privacy

loqs wrote:

security email address I do not see such an address listed on https://wiki.archlinux.org/index.php/Arch_Security_Team and a search engine query of "arch linux security email address"

???

If you have a private bug to report, contact security@archlinux.org. Please note that the address for private bug reporting is security, not arch-security. A private bug is one that is too sensitive to post where anyone can read and exploit it, e.g. vulnerabilities in the Arch Linux infrastructure.

I guess it puts some emphasis on "private bugs"...


Mods are just community members who have the occasionally necessary option to move threads around and edit posts. -- Trilby
Honest Alad's Package Emporium—Now with added bugs! (Closed until further notice)

Offline

#13 2017-12-10 18:01:31

loqs
Member
Registered: 2014-03-06
Posts: 4,557

Re: Arch development in detail and user privacy

Alad wrote:
loqs wrote:

security email address I do not see such an address listed on https://wiki.archlinux.org/index.php/Arch_Security_Team and a search engine query of "arch linux security email address"

???

If you have a private bug to report, contact security@archlinux.org. Please note that the address for private bug reporting is security, not arch-security. A private bug is one that is too sensitive to post where anyone can read and exploit it, e.g. vulnerabilities in the Arch Linux infrastructure.

I guess it puts some emphasis on "private bugs"...

Thank you the pointing that out do not know how I missed it.

Offline

Board footer

Powered by FluxBB