gnu-linux-libre
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [GNU-linux-libre] Third-Party Package Managers


From: Denis 'GNUtoo' Carikli
Subject: Re: [GNU-linux-libre] Third-Party Package Managers
Date: Mon, 10 Jul 2023 03:41:59 +0200

On Sat, 1 Jul 2023 02:07:36 -0400
bill-auger <bill-auger@peers.community> wrote:
> docker, cargo, pip, npm, many many more - they are all similar enough
> for our purpose, to be considers as equivalent competing
> implementations of the same misguided use-case: to search for,
> download, and install foreign un-vetted software onto your system
> 
> that alone makes them all very ugly and undesirable from the distro's
> perspective - all things being equal, we should not need any of them
> - they all exist because windows and mac do not have proper package
> management; so every programming language established their own
According to an academic paper on the topic[1] "Two arguments in
defense of language-specific managers are scalability and portability".

The scalability here is precisely what we have a hard time to address
with general purpose package managers like the one used in Parabola or
even Guix.

That same paper from 2019 has some numbers:
+---------------+-----------------------+
| Debian        | over  59 000 packages |
| Maven Central | over 290 000 packages |
| RubyGems      | over 150 000 packages |
+---------------+-----------------------+

So even if we can't add 150 000 packages in Guix like that, there is
still a way: In case of R there is a simple (unofficial) software that
creates an (unofficial) Guix repository from the R packages.

That software is probably easy to modify to create an R repository that
excludes nonfree software (R repository licensing is very strict but
allows a few specific nonfree licenses).

So here we have 3 cases:
- Repositories that are 100% free software -> nothing to do.
- Repositories that are not 100% free software but have strict
  licensing -> Can be fixed somehow with the same approach than R.
- Repositories with lax licensing information: Very complicated to fix.

This also means that while GNU tries to come up with plans to tackle the
most difficult cases (like cargo), there is still some room for people
to try to fix or find workarounds for the easiest cases in the
meantime, especially if it is fast to do.

References:
----------
[1]https://hisham.hm/papers/muhammad_2019_taxonomy.pdf

Denis.

Attachment: pgpaIvhVZxONv.pgp
Description: OpenPGP digital signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]