Python alt-installer Pip has non-free software in its repositories

Projet:Trisquel
Version:7.0
Composant:License problems
Catégorie:Rapporter un bogue
Priorité:critical
Attribué:Non assigné
Statut:closed
Description

Pip has free software in its repository, but also has proprietary/non-free software in it as well. See:

Aladdin Free Public License (AFPL) (Non-free license):

http://pypi.python.org/pypi?:action=browse&c=43

DFSG approved (possibly not FSF standards):

http://pypi.python.org/pypi?:action=browse&c=44

Free For Educational Use:

http://pypi.python.org/pypi?:action=browse&c=46

Free For Home Use:

http://pypi.python.org/pypi?:action=browse&c=47

Free To Use But Restricted:

http://pypi.python.org/pypi?:action=browse&c=50

Free for non-commercial use:

http://pypi.python.org/pypi?:action=browse&c=48

Freeware:

http://pypi.python.org/pypi?:action=browse&c=51

Other/Proprietary License:

http://pypi.python.org/pypi?:action=browse&c=90

I believe there are some poorly sorted items in the listed repositories that are free software, but most of them are non-free.

As an example, installing Module (non-commercial use only) looks like this:

mithrandir@trisquelbook:~$ sudo easy_install module

(also can be run with 'sudo pip install {package}')

install_dir /usr/local/lib/python2.6/dist-packages/

Searching for module

Reading http://pypi.python.org/simple/module/

Best match: module 0.1.1

Downloading http://pypi.python.org/packages/source/m/module/module- 0.1.1.tar.gz#md5=fcfda6d426fd1852ec374d014c11c719

Processing module-0.1.1.tar.gz

Running module-0.1.1/setup.py -q bdist_egg --dist-dir /tmp/easy_install- 13lc8Y/module-0.1.1/egg-dist-tmp-quzI0_

zip_safe flag not set; analyzing archive contents...

module: module references __file__

module: module MAY be using inspect.getouterframes

module: module MAY be using inspect.stack

Adding module 0.1.0 to easy-install.pth file

Installed /usr/local/lib/python2.6/dist-packages/module-0.1.0-py2.6.egg

Processing dependencies for module

Finished processing dependencies for module

jeu, 07/21/2011 - 00:21
Priorité:normal» critical

Bumping up to critical as freedom issue.

As I see it, either a new repository should be started (expensive, time-consuming) or pip should be removed all together (a shame as it contains free software as well as non-free.)

mer, 11/09/2011 - 12:31
Composant:Programs» License problems
mar, 03/08/2016 - 18:43
Version:» 7.0

Just a note: if someone makes an alternative version of pip, make sure you check for the indication of a libre license category and whitelist based on that; blacklisting based on categories you might suppose are for proprietary programs would be ineffective.

lun, 10/31/2016 - 17:12

Is it possible to remove pip and provide only the free packages as trisquel packages?

ven, 12/09/2016 - 16:33
jeu, 04/12/2018 - 19:35

I made an script to solve this issue. It's not very efficient, so I hope someone with interest can rewrite in another programming language and improve it.

mer, 08/08/2018 - 04:33
Statut:active» patch (ready)

Now a merge request https://devel.trisquel.info/trisquel/ubuntu-purge/merge_requests/33

ven, 10/12/2018 - 17:24
Statut:patch (ready)» fixed

Patch merged.

dim, 10/14/2018 - 02:23

It looks like this only removes python-pip. Should python3-pip be removed too? It has the same issue of pointing to a repository containing non-free software.

dim, 10/28/2018 - 02:25
Statut:fixed» closed

Automatically closed -- issue fixed for 2 weeks with no activity.