Proposal: Revision of policy surrounding 3rd party and non-free software

Toshio Kuratomi a.badger at gmail.com
Tue Jan 21 17:30:57 UTC 2014 

On Tue, Jan 21, 2014 at 09:52:04AM -0500, Christian Schaller wrote:
> This proposal comes out of the work on the Fedora Workstation PRD.
> 
> The Fedora project values freedom and has for a long time tried to minimize our users exposure to non-free software.
> While this is a good idea the time has come for fine tuning the policy a bit. Fedora has been declining in popularity
> for a long time now and we are trying to revamp it with the ongoing Fedora.next work. That work has a lot of components,
> but one of them is to make getting the software you need installed and running easily on Fedora in a userfriendly manner. 
> 
> As part of this a new software installer has been developed, as first seen in Fedora 20 (https://wiki.gnome.org/Apps/Software).
> This new installer has given the Fedora desktop the beginning of a more user friendly way and thus competitive way of installing
> new applications and similar, but to finish the task we need to be able to offer users easy access to the most popular and sometimes
> critical pieces of Linux software available, including non-free software.
> 
> The way we want to achieve this is to make such software discoverable and installable through the new software installer. We want
> to do that in a way we feel is compatible with the overall goals of Fedora and legally sound.
> 
> In order to keep with the Fedora policy of only shipping free software we will only make available 3rd party software that offers
> their own repository for their software. Examples here include Google Chrome and Adobe Acrobat.
> 
A quick note since this jumped out at me on the first read and it's pretty
easy to fix.  This restriction does not addresses free (libre) software
requirements at all.  It addresses legal requirements.  It's much harder for
Fedora Legal to review the random collections of software which RH is not
already liable for than it is for Fedora Legal to review a repository
dedicated to a single upstream project for which that project is
responsible.  (Note that even there, some repositories will be easier to
review than others.  Free(libre) software is easier for Legal to audit than
closed-source.  Software that includes patented code (like chrome) would
mean that Legal has to make sure that the repository owner has a license to
distribute that code and that the license is sufficiently broad that
enabling the 

> In order to keep things clear in a legal sense we will only include such software in collaboration with said upstream and after a review by
> lawyers.
> 
> The software will come with a warning in the installer that this is not software provided by the Fedora project and that users need to contact 
> the relevant upstream for support. We will also make it clear that this is not free software and users will be presented with a need to 'opt-in' 
> to use said non-free software for that reason. 
> 
> We have created a mockup of how this could look, but be aware that this was put together quickly and is in no way the final design. Neither all
> the textual information we want in there as outlined above is included nor is the final version likely to look exactly like this. We still feel it might help 
> people understand a bit more where we are going with this:
> https://dl.dropboxusercontent.com/u/5031519/software/wire-3rd-party-sources-2.png
> 
> The working groups will be free to decide what software to try to get included based on the guidelines above. In terms of technical impact and support overhead the working group will need to decide if something is 'supportable' and work with relevant development teams as needed. 
> 
> In Fedora we want to support and encourage Freedom. We can only achieve that goal if we are considered relevant and with a sizeable community using Fedora.
> We support and encourage the use of free options in Fedora by having them as our default and recommended solutions, but we are only hurting ourselves and 
> limiting our chance to educate and inform our users by making them turn away from Fedora due to feeling that getting what might be critical software for
> their usage is a hassle with Fedora.
> 
> So to summarize the proposal.
> 
> * Fedora will continue to not ship non-free software and as part of that will continue to only default to free software.
> * We will add the needed metadata to the Software installer to give our users the freedom to choose to install legally cleared 3rd party software
> * The Working groups will have the ability to work with legal council and technical teams to achieve this goal

Talking with jwb on IRC, it seems that the intention of this is not to
overrule FESCo but to get a Board change of policy on libre software.
Taking that as a basis to start this conversation, most of this policy
should go to FESCo to decide as it came up just a few months ago and
resulted in this FESCo policy:
https://fedoraproject.org/wiki/Third_Party_Repository_Policy

The Policy covers most of the same things that are covered in the FESCo
policy.  There is one part of this proposal that does need a Board decision,
however.  That's mentioned in the non-free repositories section of the
Current FESCo policy:

== Repositories with non-free (libre) software ==

 Repositories that contain non-free software are not allowed in any form as
 they are contrary to the aims of Fedora. If a product should want to make
 these repositories discoverable it would require a change in policy from
 the Fedora Board. Please be sure that FESCo is included on any such request
 to the Board. 


In FESCo's meeting where we discussed this[1]_, we decided that the Board's
previously established position(s) of Fedora's relationship to Free Software
would conflict with our making it easy to search for non-free software.
Therefore we would need the Board to change that relationship before we
could consider policy allowing non-libre repositories.

At minimum, we'd probbaly need the Board to simply say that it was okay for
us to allow searching and pointing to non-free software in the same manner
as we allow for COPR repos (see the existing FESCo policy for the details).

More satisfying to the people who raised objections would be to either
change or rephrase and clarify the pieces in all the Fedora Policies that seem
to conflict with non-libre software.  Places that I found by quickly
searching this morning:

* The Fedora Foundations: http://fedoraproject.org/wiki/Foundations
  The Freedom Foundation is weighted towards free software.  It could be
  rephrased or changed to make cooperation with non-free software more clear.
  (Also mentioned on other pages like:
  http://fedoraproject.org/en_GB/about-fedora#freedom)
* Vision statement http://fedoraproject.org/wiki/Vision_statement
  Probably could work this in by promoting the collaboration element more
  and talking about collaboration between free software and closed source
  software.
* The Mission Statement: http://fedoraproject.org/wiki/Overview
  * [Our Mission] and [Elements of Fedora's Mission] could be rephrased to
    show our relation to proprietary software.  Could be similar to the
    reworking on the Vision Staement.
  * [Our Core Values] has something interesting: "we guarantee that Fedora
    will always be free for everyone, everywhere, to use, modify and
    distribute"  When we think about whether pointing people to proprietary
    software should be allowed, we tend to think about modification mostly.
    But we probably should think about the other things mentioned here as
    well:  Can we/do we wish to allow pointing to software which:
    * Excludes some people?  (Ex: Not for nuclear plant operators)
    * Excludes some usages? (Not to be used for evil)
    * Distribution? (the third party repo is free to redistribute and they
      give us a license to point to them but our users are not free to
      redistribute the code that they download through that.)
* Our Objectives: http://fedoraproject.org/wiki/Objectives
  * [Creating a Free distribution] Probably mention something about people
    being able to use proprietary software of the products we create
  * [Objectives Outside of the Fedora Project] Need to change the bullet
    point relating to proprietary components.

Personally, I'm on the fence about whether these are good changes or not.
But I do think that if we change direction we should be willing to make that
change pervasively through our whole set of policies rather than just to
enable a single use case.

Moving away from the question for the Board for a moment, I think that the
mockup of the App Installer screens are roughly what FESCo and Fedora Legal
asked for so those would probably be fine.  The change in who is responsible
for approving third party repositories is contrary to things that FESCo
discussed in their meetings about the policy so we'd likely not approve
those verbatim.  Pointing to non-free software (assuming that the Board
okay'd that) would likely be very similar to the current policy for [Other
Repositories with only free (libre) software] listed on the Third Party
Repository Policy page.

.. [1]_:
http://meetbot.fedoraproject.org/teams/fesco/fesco.2013-12-11-18.00.log.html

-Toshio
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/advisory-board/attachments/20140121/4269ae7f/attachment-0001.sig>

More information about the advisory-board mailing list