On 18/01/18 13:10, Carsten Agger wrote:
On 01/18/2018 12:45 PM, Daniel Pocock wrote:
If an organization like FSFE wants to know that the software, dependencies and build tools are all really free software then the "shortcut" to take is to use a Debian package because then you know somebody has checked all those things.
Discourse is under GPL v.2. Is there really a reason to doubt that it's truly free software?
I don't want to comment on Discourse in particular because I haven't checked it but many of the other web applications I've looked at offer a similar free software license for the top-level project but when you scratch under the surface you find at least one dependency or build tool that is not free software.
For example, JSHint chose a free license (MIT) but because they copied a file from JSLint they ran into trouble:
https://github.com/jshint/jshint/issues/1234
When I started looking at HOMER (GNU Affero v3), I found one bad library:
https://groups.google.com/d/msg/homer-discuss/Q-oWrHLTTBU/AaBTAax8DwAJ
So if you can't find every web application in Debian, that is probably a good thing: it means Debian is saving you time by giving you a shortlist of web applications that have already been checked and can be supported.
For any web application, even if everything in the stack is free software, do FSFE volunteers have time to check it every time they take a container directly from the developers of a project? Or would you prefer to save your time and rely on a distribution that does those checks?
One other thing I should have mentioned when Discourse mailing list mode was mentioned: it is not really like a mailing list, it is more like alpha/beta quality compared to real mailing lists. It also obfuscates the email addresses so people can't communicate privately or use PGP.
Regards,
Daniel