[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Non-free data in Poppler test suite
From: |
Marius Bakke |
Subject: |
Non-free data in Poppler test suite |
Date: |
Tue, 28 Jun 2022 23:19:47 +0200 |
Hello Guix,
I discovered a potential freedom issue with the Poppler test suite.
Specifically it includes a file with the CC BY-NC-ND (non-commercial)
license:
https://gitlab.freedesktop.org/poppler/test/-/commit/920c89f8f43bdfe8966c8e397e7f67f5302e9435
It turns out the repository is filled with PDFs of unknown origins, that
are impossible to audit.
(this issue only exists on the "core-updates" branch)
Normally we'd remove such files with a 'snippet', but these files are
not actually shipped with Poppler itself: they are downloaded separately
and only used for running tests during the build process:
https://git.savannah.gnu.org/cgit/guix.git/tree/gnu/packages/pdf.scm?h=core-updates&id=8c3e9da13a3c92a7db308db8c0d81cb474ad7799#n226
As such, these files are not accessible to end users of Guix short of
disabling substitutes and grepping the store.
So the million dollar question ... are these files okay to use for Guix?
In my (non-lawyer) opinion, I have faith that Poppler developers would
not distribute files that are not freely redistributable, and that this
counts as "non-functional data" per FSDG guidelines:
https://www.gnu.org/distros/free-system-distribution-guidelines.html
However, we failed to reach a consensus on #guix[0]. What do others
around here think? Should we play it safe and disable Poppler tests?
Raise the issue with FSF? Something else?
[0]: https://logs.guix.gnu.org/guix/2022-06-28.log#195123
--
Thanks,
Marius
(And sorry for being gone for so long! I'm back now, promise.)
signature.asc
Description: PGP signature
- Non-free data in Poppler test suite,
Marius Bakke <=