You are not logged in.

#1 2020-09-06 01:57:40

barondottir
Member
Registered: 2020-09-06
Posts: 3

How come proprietary "nvidia" package is in official repositories?

Correct me if I am wrong, but isn't official repositories exclusively reserved for 100% FLOSS packages? How come the package "nvidia" is there in the official repositories instead of in AUR, even when it is not FOSS and completely proprietary? Is it an exception? Are there any other such exceptions?

Offline

#2 2020-09-06 02:06:32

Scimmia
Bug Wrangler
Registered: 2012-09-01
Posts: 7,871

Re: How come proprietary "nvidia" package is in official repositories?

barondottir wrote:

Correct me if I am wrong, but isn't official repositories exclusively reserved for 100% FLOSS packages?

Nope, no idea where you got that idea.

Offline

#3 2020-09-06 02:19:53

barondottir
Member
Registered: 2020-09-06
Posts: 3

Re: How come proprietary "nvidia" package is in official repositories?

Scimmia wrote:
barondottir wrote:

Correct me if I am wrong, but isn't official repositories exclusively reserved for 100% FLOSS packages?

Nope, no idea where you got that idea.

Sorry, my bad then. Is there an official page which lists all non-FLOSS packages on official repositories?

Last edited by barondottir (2020-09-06 02:26:09)

Offline

#4 2020-09-06 02:40:38

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 24,239
Website

Re: How come proprietary "nvidia" package is in official repositories?

You can check the license of any package via pacman commands.

If you want only Free/Libre software, you may prefer Parabola.


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#5 2020-09-06 02:48:23

eschwartz
Trusted User/Bug Wrangler
Registered: 2014-08-08
Posts: 3,622

Re: How come proprietary "nvidia" package is in official repositories?

No there is not. Arch explicitly considers it totally normal to do so; off the top of my head, we ship https://www.archlinux.org/packages/comm … eamspeak3/ and https://www.archlinux.org/packages/comm … 4/discord/

Arch does believe in free software -- we provide a free software operating system which doesn't depend on proprietary software to run. Any (well, most) Linux operating system could do that.
We *also* believe people have the right to use proprietary software addons if they want to, and in some cases we make it exceedingly easy for them to opt in.

All we care about is that we have written permission from the proprietary owners to do so, and we distribute these in /usr/share/licenses/ along with marking the package as possessing a "custom" license:
https://github.com/archlinux/svntogit-c … ISSION.eml
https://github.com/archlinux/svntogit-c … ibute.mbox

However, the unofficial, thirdparty project "Parabola" is dedicated to providing an Arch-like OS experience while providing a GNU FSDG approved overlay to ensure that Parabola follows the libre ideals you are probably thinking of. As part of this, they maintain a blacklist of all non-free software they know about, and filter it from their repos or in some cases rebuild it to make sure it is free by removing some optional features. Here is their blacklist and partially complete documentation on the reasons for each (some package descriptions are noted as FIXME): https://git.parabola.nu/blacklist.git/t … cklist.txt

Note they are fairly strict on this, and consider e.g. the linux kernel to be non-free due to included proprietary firmware blobs that are redistributable but don't come with source code. The linux-libre kernel is designed to "libre-ify" this. They do this for some other packages too. They also sometimes fork packages to patch out the text "Linux" and replace it with "GNU/Linux", which Arch will never ever do and in fact if we cared we would call our distro "Arch GNU/Linux".

You are welcome to use Parabola if you want -- they have some pretty decent people there and they try hard to stay pretty compatible with most of the arch ideals, and they have very legitimate reasons for forking Arch and provide true value on top of Arch to their users (the value being "I would like a FSDG distro"). Though of course, since they are not Arch, they'll be the first people to tell you you should seek help from their support medium, not ours.

Last edited by eschwartz (2020-09-06 02:50:49)


Managing AUR repos The Right Way -- aurpublish (now a standalone tool)

Offline

#6 2020-09-06 03:15:26

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 24,239
Website

Re: How come proprietary "nvidia" package is in official repositories?

A note on the above-linked blacklist: that includes many "blacklisted" packages that are completely free/libre and are blacklisted for completely unrelated reasons (e.g., branding as Arch vs Parabola).  So while that should include everything that Parabola considers non-free in our repos, it will also include many other "false positives."


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#7 2020-09-06 04:15:14

eschwartz
Trusted User/Bug Wrangler
Registered: 2014-08-08
Posts: 3,622

Re: How come proprietary "nvidia" package is in official repositories?

Yep -- like I said, they'll do that for "Linux" vs "GNU/Linux", but I forgot to mention they'll do it for applying parabola-specific modifications to Arch itself.

https://git.parabola.nu/blacklist.git/tree/SYNTAX#n37 describes the tagging that file uses, only "nonfree" or "semifree" tagged blacklist lines matter for the purpose of this discussion.
(Branding-related packages are predictably tagged as "branding", and include packages pointing to our mirrorlist, lsb-release and filesystem (for the os-release file) which are used to identify the distribution and need to be changed by *any* derivative, etc.)

Last edited by eschwartz (2020-09-06 04:18:15)


Managing AUR repos The Right Way -- aurpublish (now a standalone tool)

Offline

#8 2020-09-06 04:32:35

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 24,239
Website

Re: How come proprietary "nvidia" package is in official repositories?

I'm curious about there definition of "nonfree" as several packages they list as nonfree are licensed (single license only) as GPL.  How could non-libre software be GPL licensed?

EDIT: oops, I was checking my own packages from a filtered version of the blacklist, but I filtered poorly and got some false-positive matches.  After filtering better for the ones they actually tag as nonfree (not just with the word "nonfree" on the line), I see only intel-ucode on my system which is not GPL.

Last edited by Trilby (2020-09-06 04:38:20)


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#9 2020-09-06 05:37:27

barondottir
Member
Registered: 2020-09-06
Posts: 3

Re: How come proprietary "nvidia" package is in official repositories?

Thanks a lot to both of you for the detailed explanation. Parabola seems a bit too extreme. I am only concerned with proprietary programs due to privacy reasons. This may come of as naive, but are the official proprietary packages checked against telemetry/remote connections? Like, in Windows, Nvidia has a telemetry enabled by default, is that the case for the "nvidia" package in arch repo?

Also, is it possible to list all installed packages along with their license, using pacman? So, that I can sort and see what proprietary license packages are installed.

Offline

#10 2020-09-06 06:06:33

eschwartz
Trusted User/Bug Wrangler
Registered: 2014-08-08
Posts: 3,622

Re: How come proprietary "nvidia" package is in official repositories?

pacman -Qi will by default list all packages installed, and you could eyeball or grep the license fields. Using expac is more flexible/scriptable if you're interested in specific pacman database metadata fields.

Or you could review all licenses installed to /usr/share/licenses as those must be installed unless the package uses one of the common licenses in /usr/share/licenses/common/ (all open source ones).

...

As for telemetry/remote connections, if the upstream software does it we'd generally consider it an upstream bug to be fixed upstream. We might not package it if the software seems malicious...

Anyway we never run things for you automatically (no automatically enabled services except the ones which boot the OS), you need to choose to use programs services as and when you intend to, and nvidia doesn't even provide their fancy GUI for Linux AFAIK, so basically what nvidia users would end up using is the kernel modules plus the -utils package containing runtime support libraries which aren't going to contain telemetry.

There are open-source programs I package which contain code to check for plugin updates and send usage statistics (size of userbase, how many users on each operating system) upstream. I take the developer's word for it that this data is fully anonymized and not concerning, and plugin updates are useful, so... I leave it be. Most software doesn't even do that.


Managing AUR repos The Right Way -- aurpublish (now a standalone tool)

Offline

Board footer

Powered by FluxBB