Difference between revisions of "Free Software Directory:Free software evaluation"

From Free Software Directory
Jump to: navigation, search
(Nonfree JS: Mentions the real question.)
(Nonfree JS: https://notabug.org/GPast/avideo/src/master/README.md text about youtube-dl)
Line 37: Line 37:
  
 
[[youtube-dl]] based software
 
[[youtube-dl]] based software
 +
 +
 +
* From https://notabug.org/GPast/avideo/src/master/README.md
 +
<p>AVideo /ævə&#39;dɛjo:/ is a powerful, 100% libre video and audio downloader for GNU/Linux. With your freedom and privacy a #\1 priority, avideo offers you peace of mind in watching everything from world news and documentaries to the latest cat videos.</p>
 +
 +
<p>AVideo builds on the power of the infamous youtube-dl to ensure that the user&#39;s liberty is not sacrificed.</p>
 +
 +
<p>YouTube-DL incorporates JS, SWF, and SDK interpreters in order to deliver some functionality. However, packaging these runs contrary to delivering freedom as a number 1 priority.</p>
 +
 +
<p>It was discovered in 2017 on the [https://trisquel.info/en/forum/do-youtube-dlhtml5-video-everywhere-run-nonfree-js Trisquel GNU/Linux fora] that youtube-dl included the quite unexpected functionality to run JavaScript.
 +
Further investigation by Grace Past revealed this to be a component of [https://superuser.com/questions/773719/how-do-all-of-these-save-video-from-youtube-services-work#answer-773998 DRM on YouTube], meaning the non-free code sourced from YouTube is an
 +
[https://www.gnu.org/philosophy/proprietary.html unethical means] to an [https://www.defectivebydesign.org/what_is_drm_digital_restrictions_management unethical end]. Thus, in order to provide you with control over your computer, such a sacrifice unfortunately must be made.</p>
 +
 +
<p>Similar reasoning applies to the other cases of interpreters for non-free software packaged with the parent. If any methods of addressing these issues arise that allow them to be attacked without compromising core values, they shall be promptly implemented;
 +
however, aside from such a possible workaround, it is avideo&#39;s aim to avoid compromising [https://www.gnu.org/philosophy/free-sw.html user freedom].</p>
 +
 
* There is a small bit of the program that appears to download trivial JS from YouTube.com. It's trivial because it does simple math calculations that ultimately result in the same or similar string. VLC doesn't use youtube-dl, is able to decode the URL, and doesn't execute the script's content directly, it instead takes only some parts of the script (using carefully delimited regular expressions) and then VLC uses its own code to operate on the extracted text. For references, see the numbered list below.
 
* There is a small bit of the program that appears to download trivial JS from YouTube.com. It's trivial because it does simple math calculations that ultimately result in the same or similar string. VLC doesn't use youtube-dl, is able to decode the URL, and doesn't execute the script's content directly, it instead takes only some parts of the script (using carefully delimited regular expressions) and then VLC uses its own code to operate on the extracted text. For references, see the numbered list below.
 
* Even if we manage to have positive review in order to keep/list it in the directory, this doesn't change the fact that the network effect of people depending on, recommending or even giving their time to YouTube will keep happening. I think [http://lists.nongnu.org/archive/html/gnu-linux-libre/2017-09/msg00008.html bill-auger] and jxself also suggested people to help with vaeringjar's (a user in #peers IRC channel) project to make a Youtube downloader that periodically checks YouTube itself and mirrors '''legally shareable''' content (with correct license metadata) from YouTube to torrents and to Internet Archive. However Internet Archive [https://archive.org/post/1073163/please-free-the-javascript-being-forced-to-average-visitors also has some software freedom issues related to their JavaScript].
 
* Even if we manage to have positive review in order to keep/list it in the directory, this doesn't change the fact that the network effect of people depending on, recommending or even giving their time to YouTube will keep happening. I think [http://lists.nongnu.org/archive/html/gnu-linux-libre/2017-09/msg00008.html bill-auger] and jxself also suggested people to help with vaeringjar's (a user in #peers IRC channel) project to make a Youtube downloader that periodically checks YouTube itself and mirrors '''legally shareable''' content (with correct license metadata) from YouTube to torrents and to Internet Archive. However Internet Archive [https://archive.org/post/1073163/please-free-the-javascript-being-forced-to-average-visitors also has some software freedom issues related to their JavaScript].

Revision as of 10:33, 26 February 2018

This project page is for heightened scrutiny, packages that need a second pass essentially.

Software should be considered non-free until proven otherwise - the burdon of proof should be on the developers to prove their code is 100% freely distributable.

Chromium-based browsers[1]

Discourse:

  • Discourse itself. The current page revision is old and the evaluation needs to take into account the JavaScript trap and LibreJS compatibility. Ssee Talk:Discourse page for instructions on how to contribute to ongoing evaluation.

Electron[1]

Qt WebEngine[1][2]

  1. https://lists.gnu.org/archive/html/directory-discuss/2017-12/msg00008.html
  2. https://lists.gnu.org/archive/html/libreplanet-discuss/2017-01/msg00001.html

Telegram (desktop client)

  • Has delayed availability of source files compared to the binary release. See the numbered items below for more information.
    • Investigate if, after a binary release, the software has a license notice available somewhere and a place telling how to contact the copyright holders for the complete corresponding source.
  • Free/libre software philosophy related issue: lacks federation with XMPP. See the whole parent thread of the references from the enumerated list below, and also the page on XMPP in LibrePlanet wiki.
  1. https://lists.fsfe.org/mailman/private/android/2017-December/001049.html
  2. https://lists.fsfe.org/mailman/private/android/2017-December/001075.html

Nonfree JS

Every JavaScript file in every software for each new version release should be evaluated with command line tool that has the same capabilities as LibreJS. Unfortunate there's no such tool yet.


youtube-dl based software


AVideo /ævə'dɛjo:/ is a powerful, 100% libre video and audio downloader for GNU/Linux. With your freedom and privacy a #\1 priority, avideo offers you peace of mind in watching everything from world news and documentaries to the latest cat videos.

AVideo builds on the power of the infamous youtube-dl to ensure that the user's liberty is not sacrificed.

YouTube-DL incorporates JS, SWF, and SDK interpreters in order to deliver some functionality. However, packaging these runs contrary to delivering freedom as a number 1 priority.

It was discovered in 2017 on the Trisquel GNU/Linux fora that youtube-dl included the quite unexpected functionality to run JavaScript. Further investigation by Grace Past revealed this to be a component of DRM on YouTube, meaning the non-free code sourced from YouTube is an unethical means to an unethical end. Thus, in order to provide you with control over your computer, such a sacrifice unfortunately must be made.

Similar reasoning applies to the other cases of interpreters for non-free software packaged with the parent. If any methods of addressing these issues arise that allow them to be attacked without compromising core values, they shall be promptly implemented; however, aside from such a possible workaround, it is avideo's aim to avoid compromising user freedom.

  • There is a small bit of the program that appears to download trivial JS from YouTube.com. It's trivial because it does simple math calculations that ultimately result in the same or similar string. VLC doesn't use youtube-dl, is able to decode the URL, and doesn't execute the script's content directly, it instead takes only some parts of the script (using carefully delimited regular expressions) and then VLC uses its own code to operate on the extracted text. For references, see the numbered list below.
  • Even if we manage to have positive review in order to keep/list it in the directory, this doesn't change the fact that the network effect of people depending on, recommending or even giving their time to YouTube will keep happening. I think bill-auger and jxself also suggested people to help with vaeringjar's (a user in #peers IRC channel) project to make a Youtube downloader that periodically checks YouTube itself and mirrors legally shareable content (with correct license metadata) from YouTube to torrents and to Internet Archive. However Internet Archive also has some software freedom issues related to their JavaScript.
  • Decision to make: since youtube-dl downloads a script that ends up only doing trivial work so it can be considered free/libre still, should we list it in the directory despite knowing that it helps the network effect described in the item above? What about putting an antifeature notice?
  1. http://lists.nongnu.org/archive/html/gnu-linux-libre/2017-07/msg00000.html
  2. http://lists.nongnu.org/archive/html/gnu-linux-libre/2017-09/msg00003.html

Parabola blacklisted software

Blacklisted Parabola software that is approved in the Directory

Script

[See https://git.parabola.nu/blacklist.git/tree/?h=development for more scripts]

#!/bin/bash

readonly WIKI_BASE_URL=https://directory.fsf.org/wiki
readonly BLACKLIST_URL=https://git.parabola.nu/blacklist.git/plain
readonly BLACKLIST_FILE=blacklist.txt


wget $BLACKLIST_URL/$BLACKLIST_FILE
[ ! -f ./$BLACKLIST_FILE ] && echo "download failed" && exit 1


readonly PACKAGES=$(grep '^\s*[^:#]*:.*' ./$BLACKLIST_FILE                           | \
                    sed 's/^\s*\([^:#]*\):.*/\1/ ; s/^./\U&/g ; s/-./\U&/g ; s/-/_/g')

for package in $PACKAGES
do status=$(curl -s -o /dev/null -w "%{http_code}" $WIKI_BASE_URL/$package)
   if   [ "$status" == '200' ]
   then echo "$package entry exists"
   elif [ "$status" == '404' -o "$status" == '301' ]
   then echo "$package entry not found"
   else echo "$package unknown response"
   fi
done

License verification

All pages in license pages should have the correct version of the GPL. "The ones I looked at were pretty old, so I'm guessing they're mostly gplv2, but we should get it fixed." (Donald) "It's either the project which inserted the name without version, or the person who added the entry which did it that way." (Adfeno)



Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the page “GNU Free Documentation License”.

The copyright and license notices on this page only apply to the text on this page. Any software or copyright-licenses or other similar notices described in this text has its own copyright notice and license, which can usually be found in the distribution or license text itself.