Python alt-installer Pip has non-free software in its repositories
Project: | Trisquel |
Version: | 7.0 |
Component: | License problems |
Category: | bug report |
Priority: | critical |
Assigned: | Unassigned |
Status: | closed |
Jump to:
Pip has free software in its repository, but also has proprietary/non-free software in it as well. See:
Aladdin Free Public License (AFPL) (Non-free license):
http://pypi.python.org/pypi?:action=browse&c=43
DFSG approved (possibly not FSF standards):
http://pypi.python.org/pypi?:action=browse&c=44
Free For Educational Use:
http://pypi.python.org/pypi?:action=browse&c=46
Free For Home Use:
http://pypi.python.org/pypi?:action=browse&c=47
Free To Use But Restricted:
http://pypi.python.org/pypi?:action=browse&c=50
Free for non-commercial use:
http://pypi.python.org/pypi?:action=browse&c=48
Freeware:
http://pypi.python.org/pypi?:action=browse&c=51
Other/Proprietary License:
http://pypi.python.org/pypi?:action=browse&c=90
I believe there are some poorly sorted items in the listed repositories that are free software, but most of them are non-free.
As an example, installing Module (non-commercial use only) looks like this:
mithrandir@trisquelbook:~$ sudo easy_install module
(also can be run with 'sudo pip install {package}')
install_dir /usr/local/lib/python2.6/dist-packages/
Searching for module
Reading http://pypi.python.org/simple/module/
Best match: module 0.1.1
Downloading http://pypi.python.org/packages/source/m/module/module- 0.1.1.tar.gz#md5=fcfda6d426fd1852ec374d014c11c719
Processing module-0.1.1.tar.gz
Running module-0.1.1/setup.py -q bdist_egg --dist-dir /tmp/easy_install- 13lc8Y/module-0.1.1/egg-dist-tmp-quzI0_
zip_safe flag not set; analyzing archive contents...
module: module references __file__
module: module MAY be using inspect.getouterframes
module: module MAY be using inspect.stack
Adding module 0.1.0 to easy-install.pth file
Installed /usr/local/lib/python2.6/dist-packages/module-0.1.0-py2.6.egg
Processing dependencies for module
Finished processing dependencies for module
Bumping up to critical as freedom issue.
As I see it, either a new repository should be started (expensive, time-consuming) or pip should be removed all together (a shame as it contains free software as well as non-free.)
Just a note: if someone makes an alternative version of pip, make sure you check for the indication of a libre license category and whitelist based on that; blacklisting based on categories you might suppose are for proprietary programs would be ineffective.
Is it possible to remove pip and provide only the free packages as trisquel packages?
There is also a discussion about this here: https://lists.libreplanet.org/archive/html/libreplanet-discuss/2016-04/msg00018.html
I made an script to solve this issue. It's not very efficient, so I hope someone with interest can rewrite in another programming language and improve it.
Now a merge request https://devel.trisquel.info/trisquel/ubuntu-purge/merge_requests/33
Patch merged.
It looks like this only removes python-pip. Should python3-pip be removed too? It has the same issue of pointing to a repository containing non-free software.
Automatically closed -- issue fixed for 2 weeks with no activity.