Hi,
Nicole shared with me this URL https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/... from the Fedora mailing lists.
TL;DR; is that the new MongoDB license is not considered "free" by Fedora and the question is if we ought to consider it non-free as well.
I feel that Fedora's conclusion is not necessarily unreasonable. I do wonder what the impact might be but I suppose it might not be that large given the installed base of PureOS. It may affect Debian more if they decide they want to remove MongoDB.
I do think there is another question though; how do we decide what stays in and what is kept out of PureOS? I feel we ought to curate our selection of packages from Debian given our limited resources for maintenance and since we're relying on Debian to do the type of license checking and curation that Fedora is doing. While I think that is reasonable given Debian's Free Software Guidelines it may not be appropriate. For example, what if Purism's Liberty services wants to use PureOS and they need MongoDB and have no problem with the license? Relying on Debian will not always meet our needs. This points the need for PureOS to be curated with regard to;
- Licenses - Security - Fitness for purpose
I think we'll need to try and come up with policies for each scope above, even if they end up being "we do what Debian does" or "we rely on Debian."
The URL Nicole shared seems to be a good example of where PureOS policy might differ from our upstream. What is the view of folks here? Should we keep on including MongoDB or should we stop?
Regards,
Jeremiah
Quoting Jeremiah C. Foster (2019-01-16 21:09:21)
Nicole shared with me this URL https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/... from the Fedora mailing lists.
TL;DR; is that the new MongoDB license is not considered "free" by Fedora and the question is if we ought to consider it non-free as well.
Considered non-free in Debian too: https://bugs.debian.org/916107
I do think there is another question though; how do we decide what stays in and what is kept out of PureOS?
[...]
The URL Nicole shared seems to be a good example of where PureOS policy might differ from our upstream. What is the view of folks here? Should we keep on including MongoDB or should we stop?
Yes, we always have the option of doing differently than our upstreams.
Such decision comes with the burden of then _maintaining_ ourselves the delta we create between us and our upstreams.
So I'd say let's first hire some more folks and establish things like proper security tracking for the delta what we _do_ carry already, before considering an even bigger delta!
- Jonas
On Wed, 2019-01-16 at 23:06 +0100, Jonas Smedegaard wrote:
Quoting Jeremiah C. Foster (2019-01-16 21:09:21)
Nicole shared with me this URL https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/... from the Fedora mailing lists.
TL;DR; is that the new MongoDB license is not considered "free" by Fedora and the question is if we ought to consider it non-free as well.
Considered non-free in Debian too: https://bugs.debian.org/916107
I do think there is another question though; how do we decide what stays in and what is kept out of PureOS?
[...]
The URL Nicole shared seems to be a good example of where PureOS policy might differ from our upstream. What is the view of folks here? Should we keep on including MongoDB or should we stop?
Yes, we always have the option of doing differently than our upstreams.
Such decision comes with the burden of then _maintaining_ ourselves the delta we create between us and our upstreams.
+1
So I'd say let's first hire some more folks and establish things like proper security tracking for the delta what we _do_ carry already, before considering an even bigger delta!
+1
Cheers,
Jeremiah
-
Jeremiah C. Foster -
Jonas Smedegaard