First party support for new packages
- Inicie sesión ou rexístrese para enviar comentarios
Hello guys, first time post here. I was wondering what the feelings are of trisquel users
for getting first party support for many program packages that are offered by organizations on the net. There are many programs that are packaged for debian/ubuntu that are offered via their websites now, the world has opened up to gnu-linux quite a bit.
There's a lot of examples of this now actually, many professional programming projects offer linux packages besides their windows executables, and we have a lot of alternatives to the distributions repository itself, but there can be issues with dependencies often times, which is where the concept of first party support becomes important.
There's a new beta nvidia driver(560) that is open source, for example, and installs painlessly on trisquel.
https://www.nvidia.com/download/driverResults.aspx/230225/en-us/
There's actually a zoom package for debian too, I haven't checked if that works.
There's a wine package for debian even, and their repository is really good actually.
There's also virtualbox, https://www.virtualbox.org/wiki/Linux_Downloads, that has their own deb
and despite the advocates for other virtualization solutions, I absolutely love virtualbox, I have always used that, and found it to be the easiest, and even closest to actually emulating a real computer system within my own desktop.
And, there's a lot of projects generally that are really good sources to add utility to gnu-linux distributions, BUT, I was amazed to find out that the idea of supporting first party developers is actually antithetical in the mind of different linux communities, who take people's programs and transform them to fit into their own ideal paradigm. I think this is anti-freedom behavior, so I was hoping to find a different perspective here on trisquel about this matter.
There's also the kernel itself, and believe it or not, some linux distributions do not have good support for the linux kernel, and force users to rely on their repositories, their ironically NEW linux.
I imagine it will work here on trisquel, but that's a question I have too, is whether or trisqel supports first party sources, including the linux kernel itself, and even the libre kernel, which I want to rebuild for own purposes at some point...
http://linux-libre.fsfla.org/pub/linux-libre/releases/LATEST-6.10.N/
Also I brought you guys a desktop background I made with the picture taken of the m87 blackhole, for those who like dark backgrounds... and space science... Hi welcome thank you good bye...
Anexo | Tamaño |
---|---|
1920_1080_M87.jpg | 60.8 KB |
First of all: welcome!
I was amazed to find out that the idea of supporting first party developers is actually antithetical in the mind of different linux communities
We are a *GNU*/Linux community. The difference matters: https://www.gnu.org/gnu/why-gnu-linux.html
The Trisquel project follows the GNU Free System Distribution Guidelines, including this paragraph:
A free system distribution must not steer users towards obtaining any nonfree information for practical use, or encourage them to do so. The system should have no repositories for nonfree software and no specific recipes for installation of particular nonfree programs. Nor should the distribution refer to third-party repositories that are not committed to only including free software; even if they only have free software today, that may not be true tomorrow. Programs in the system should not suggest installing nonfree plugins, documentation, and so on.
https://www.gnu.org/distros/free-system-distribution-guidelines.html
So, when a package is absent from Trisquel's repository because it is nonfree, it is actually for our good. It is precisely what many (most?) Trisquel users are searching for: a distribution that allows them to install anything in the repository without having to check by themselves if the program denies their freedoms. In Trisquel, it does not (well, a mistake can occur: it is then considered a critical bug, fixed with the highest priority).
Of course, Trisquel does not implement DRM: the user is free to install anything, including from what you call "first-party sources". Then, she must check by herself if the software is free. If not, we consider it is bad. In particular, it is against our community guidelines to recommend proprietary software in this forum:
Our community's resources --the forum, documentation, etc-- are for free software only. Please do not distribute, recommend, or support non-free software here.
https://trisquel.info/en/wiki/trisquel-community-guidelines
You see the problem is not how the software is distributed, whether it is in Trisquel's repository, but whether it is free. Zoom in particular is nonfree. Even worse, it is known malware:
- https://www.zdnet.com/article/critical-zoom-vulnerability-triggers-remote-code-execution-without-user-input/
- https://www.washingtonpost.com/technology/2020/12/18/zoom-helped-china-surveillance/
- https://arstechnica.com/tech-policy/2020/11/zoom-lied-to-users-about-end-to-end-encryption-for-years-ftc-says/
- https://www.theverge.com/2020/6/12/21288995/zoom-blocking-feature-chinese-government-censorship
- https://www.vice.com/en/article/k7e599/zoom-ios-app-sends-data-to-facebook-even-if-you-dont-have-a-facebook-account
Also, using Zoom steers other to surrender their freedoms, to communicate with you. Please do not recommend it here. Idem for kernels shipping with nonfree firmware.
That's cool man, I was really referring to the broader internet as a source mainly.
A first party source for gnu, would be the gnu repositories for example.
A first party source for linux, would be the linux repositories.
Or for trisquel users, we have the libre linux kernel, which it took me a little work, searching the trisquel website to find the source for.
http://linux-libre.fsfla.org/pub/linux-libre/releases/LATEST-6.10.N/
It's not in the common language surrounding gnu-linux and computer programming, but I think
it is a very important concept for the modern world, where adaptation to remote technological
applications is of critical importance, even to regular people, who like major organizations, depend on technology to support their lives.
We share in a situation right now, where freedoms are denied through the medium of technology, and as it advances, the methods by which freedoms are denied also become more advanced. A key intersection between freedom and technology, is the security aspect of the situation. So for example, many people rely on their operating systems in order to represent themselves to remote organizations on the internet, such as their email service provider, which can represent their identity, or their bank, in order to perform financial transactions. After all the politics involved, I think you'll find we all agree, when the situation is boiled down to security,
and it's fundamental aspects.
I like first party sources as an alternative to prescribed methods for using gnu-linux operating systems, because it is profound from a security perspective first and foremost.
One of the questions I attempted to answer recently, was as to whether or not different distribution's systems made it easy to actually build and install the linux kernel, which users can with a little knowledge rebuild themselves, giving themselves a unique linux kernel, as opposed to the default linux kernel that is shipped with distro's, which is an attack vector for advanced malicious exploitation.
I actually learned, that a variety of 'linux' distributions, did not actually, in fact, support linux, the kernel. Instead, they only supported their own unique version of the linux kernel.
So, that means that for users, they could not simply go to kernel.org or it's other distribution points, and download their own kernel of choice, and build it freely. I learned that people's freedom, to do the most basic tasks with our operating system was actually restricted, and in a variety of different ways. I also learned that this subject matter has apparently been rendered anathema, long ago before I arrived to examine the situation.
One of the initial steps in exploiting people, and organizations via technology, is to identify the target system, so for example, an operating system such as trisquel has specific software, and specific configurations of it's software, that are shipped out by default, and it's the same situation for users of any operating system in fact. Default programs, and default settings, have been understood for a long time to be the enemy of people's freedom, precisely because of the fact, that it enables malicious organizations to produce a template, that will enable them, to exploit everybody using trisquel version 11, or everybody using debian 12, or everybody using windows 11.
This is why the issue of first party sources is absolutely of critical importance for the gnu-linux community to comprehend in depth. For a distribution to support a first party source, that would mean it would enable users, to go and use first party sources, instead of building barriers to their freedom, and their security.
People are unwilling to speak freely, in 2024, and even after the expansion of the internet, and technology, programming has directly contradicted people's freedom. The truth is, that freedom is so uniquely special while it's definition isn't limited. Whether or not organizations take advantage of the fact, is a choice.
If you don't like default programs, default settings and want packages to be made from first-party sources, you could try Parabola, see at https://parabola.nu, which follows the GNU FSDG like Trisquel.
Parabola has a very light base system (not even including kernel), so setting your system with Parabola requires you to make choices of everything you want to install, and the documentation shows working configurations but it is up to you to decide. So this is more work than using Trisquel, but it is certainly interesting and I am also using Parabola.
Parabola is using Archlinux repositories but to avoid non-free software in there (Archlinux includes non-free software, be careful), it has a metapackage your-freedom that conflicts with all known non-free programs in archlinux repositories, and has specific repositories with replacements for non-free programs.
For each package, on the Parabola or the Archlinux website (depending from which repository it is), you have a "source files" link that includes a file called PKGBUILD, which is a build recipe, like a shell script, that fetches the sources from the first-party, and may also include some additional files, typically patches.
Besides, you can even make your packages from any source available on internet, just make a PKGBUILD and run makepkg. I you want to share them with others and are willing to do the work as described in https://wiki.parabola.nu/Package_maintainer_guide, you could even add them to the Parabola repository.
First of all, I repeat: you can get software directly from their developers. That is fine.
Nevertheless, you then want to check by yourself the integrity and the authenticity of the program by respectively verifying its checksum and the digital certificate, if the developers distribute those. That is not enough though: the site you download from may be impersonating that of the developers (phishing). You also need to check by yourself whether the program respect your freedoms. Searching the license on https://www.gnu.org/licenses/license-list.html may not be enough: a blob may be found in the middle of what is otherwise source code distributed under the terms of a free license. Other freedom issues may be more subtle. Sometimes, they can be solved with small modifications to the source code (Trisquel's package helpers do that) that the developers refuse. You need to install the necessary tooling to build the program and its dependencies. Building may take hours and consumes electricity (possibly coming from fossil fuels, depending on where you live). For each dependency, which may have themselves dependencies (welcome to dependency hell), you need to repeat the process. Sometimes, it is only a matter of configuration to avoid a nonfree dependency, but you then need to learn how to configure the program or its building process.
Even the least technical users deserve the control of the work they achieve with their computers. They usually do not want to become programmers and system administrators: that is fine. Even those who are developers and system administrators usually have better things to do than spending their time all following the same process (a waste of effort: it is better to work as a collective) to have the program suit their needs, which are often not that unique. For instance, many users only want free software. 100% free GNU/Linux distributions fulfill that purpose. In particular their package managers, their repositories, and the default configuration of the packages in there.
It is good to help the user adapt the software to her needs, which may actually differ from those of most of the users. Here again, a distribution eases her life: Trisquel has 'apt-get source', Guix works even more on that (but that distribution is hard for non-technical users), etc.
You know what's funny I probably made the comment on the wrong forum really, because it's all the other distributions that really demonstrate this problem in a pronounced way, and nice simple and clean distro's like trisquel, or debian are super simple to work with and customize fully, find packages for, get those packages working, and their dependencies..
So I'm going to try to build the libre-kernel sometime today
I looked up the page on the current version of trisquel 11, learned that it was based on jammy ubuntu
"Aramo is a long term support (LTS) version in development. It is based on Ubuntu 22.04 (Jammy Jellyfish)."
Which is the really good version of ubuntu that has tons of packages, tons of resources on the web, and is super stable.
Got the dependencies for building the kernel like this...
sudo apt install bc binutils bison dwarves flex gcc git gnupg2 gzip libelf-dev libncurses5-dev libssl-dev make openssl perl-base rsync tar xz-utils pahole
then I just need to make a root account and start building it.
I actually want to customize every single thing, when I'm gnu'in, I want to rebuild all the programs, I want to get inside of every aspect of the system, but there are actually so many barriers typically, that I can't even find the time to move on to other aspects of the system, if for example, I'm stuck trying to learn their unique build system for the kernel, ect.
It actually takes maybe an hour to rebuild the kernel, more or less depending on variance... and it's even simpler with other programs if we learn the way to do so in advance.
I want to get into rebuilding wine, and even the nvidia driver, which are really interesting to play around with. Gnu-linux is at the point where it might perform as well as windows does actually, it's development has improved so much thanks to it's community, but I think there are barriers to closing this gap within the software that have yet to be discovered...
The only problem I have with trisquel right now, is the lack of f2fs support in the installer.
Got the dependencies for building the kernel like this...
Trisquel has 'apt-get build-dep'. It helps.
I just need to make a root account and start building it.
I believe 'sudo', which is by default in Trisquel, is enough. If you want a root terminal without adding a root user:
$ sudo -i
I actually want to customize every single thing, when I'm gnu'in, I want to rebuild all the programs, I want to get inside of every aspect of the system, but there are actually so many barriers typically, that I can't even find the time to move on to other aspects of the system, if for example, I'm stuck trying to learn their unique build system for the kernel, ect.
Again: some distributions make that easier for you than fetching a tarball from the upstream developers and following their instructions in there. Trisquel focuses more on user-friendliness than on hackability but it has 'apt-get source' and 'apt-get build-dep' anyway, as I have already mentioned. You may love GNU Guix, which explicitly aims to be hackable: https://guix.gnu.org