Search Engine on start.fedoraproject.org

Mike McGrath mmcgrath at redhat.com
Fri Jul 23 19:20:42 UTC 2010


On Wed, 21 Jul 2010, Mike McGrath wrote:

> It's been pointed out to me that start.fedoraproject.org is in violation
> of Infrastructure's free software policy:
>
> http://infrastructure.fedoraproject.org/csi/free-software-policy/en-US/html-single/#FreeSoftware-Standard-Choosing
>
> In particular the "Proprietary Dependence" clause.  Now, start.fp.o has
> existed long before the policy was put in place and a grandfather
> exception does exist.... but I thought I'd mention it.  This could be an
> opportunity to completely re-think the start.fedoraproject.org home page.
> I know that upon its design there was some major things in the works but
> AFAIK most if not all of them fell through and that search engine link was
> all that was left.
>
> Thoughts, comments?
>

Got this from jds2001 (Jon Stanley - Board Member, cardnals fan) who
requested that I forward it on:

I don’t think that start.fp.o violates the free software policy, as we
don’t host Google in Fedora Infrastructure.  I think that if we had a
Google Search Appliance, that would very clearly violate the policy.
Making calls to external services to me seems questionable from a pure
freedom standpoint, but from a practical standpoint, very difficult to
actually do.

Take Red Hat Bugzilla for example, which is (I think everyone would agree)
in Fedora’s critical path – without it, Fedora doesn’t happen. However,
the source code for that particular instance of Bugzilla, which has
admittedly been modified from the upstream version to meet Red Hat’s (and
Fedora’s) needs remains locked up inside of Red Hat. Do we cease to use it
simply because the source is unavailable? If we cease to use Google on
start.fedoraproject.org, I don’t see how we in good conscience could
continue using Red Hat's Bugzilla. As for Mo’s question on “what is closed
in RHT BZ?”, the admin API that pkgdb uses to create components, etc is
not upstream (it wasn’t the last time I did pkgdb work that required it,
and had to work against a test instance provided by Red Hat rather than my
own test instance). Note that this is not an issue of trust in RHT, or a
lack of appreciation for the service that they provide gratis, but rather
a simple statement of “we can’t be hypocrites”

As Jef pointed out, if you cannot personally inspect the systems of a
service provider, you have no assurance that the system that you’re using
is indeed open. Going back to Bugzilla, yes, there is an upstream project
called “Bugzilla”, which is what Red Hat’s instance is based on. No one
disagrees with that. However, there is no way for me to audit that what is
actually being provided by that “service” is the upstream code base, just
as there’s no way for a Fedora user (without sysadmin-web) to audit the
fact that the Mediawiki instance that we provide is in fact the Mediawiki
code that we purport it to be.

In short, I don’t think that we can remove Google search without also
removing all other external dependencies from the infrastructure, which is
neither desirable nor practical.

$0.02
-Jon


More information about the advisory-board mailing list