Github is proprietary software. Why it's used to support the figher against proprietary software?

[amarao]

https://lists.gnu.org/archive/html/discuss-gnustep/2015-12/msg00168.html

GitHub does things that are quite bad for free software and is
not interested in changing them.

[brown121407]

It makes sense from a popularity standpoint, since GitHub is the most used software forge, it may also bring the most signatures. But I would also like if there was a way to contribute to this with free software. SourceHut would have been a more appropriate place for this, but I don't know how much traction it would have gained then.

[nukeop]

This was in 2015. Today, Github allows you sign the letter using only free software. And it's also good for publicity.

[jdoe0000000]

Would it be possible to also allow signers to send an email to request that their signatures be added? The anti-rms repo is doing that too.

This was in 2015. Today, Github allows you sign the letter using only free software. And it's also good for publicity.

@nukeop: I'm not aware that this is possible. Would you mind pointing out where I can find information on how to do this?

[Areso]

@jdoe0000000 try this one: https://docs.github.com/en/github/authenticating-to-github/signing-commits

[brown121407]

@nukeop, @jdoe0000000

I was skeptical of the claim that you can sign the letter using only free software. I created a fork, cloned it locally, made the commit, and sent a pull request from GNU Guix's IceCat with LibreJS enabled, so I guess @nukeop was right. You can sign it using only free software, if "free software" includes GitHub after LibreJS blocks its non-free scripts.

[jdoe0000000]

try this one: https://docs.github.com/en/github/authenticating-to-github/signing-commits

@Areso That's for making cryptographically signed commits, not for making commits to add your signature to the support letter.

[jdoe0000000]

@brown121407 That's good to know. Thanks for finding this out!

[nukeop]

@nukeop, @jdoe0000000

I was skeptical of the claim that you can sign the letter using only free software. I created a fork, cloned it locally, made the commit, and sent a pull request from GNU Guix's IceCat with LibreJS enabled, so I guess @nukeop was right. You can sign it using only free software, if "free software" includes GitHub after LibreJS blocks its non-free scripts.

You can use Github CLI if you don't want to run non-free javascript.

[amarao]

You can use Github CLI

Which is pure 'contrib' section for Debian, not 'main', because github cli is completely useless without proprietary server code.

[appetrosyan]

IF you are so inclined, I still have a GitLab repository. It's purely a backup, in case Microsoft decides to take this one down!

[nukeop]

You can use Github CLI

Which is pure 'contrib' section for Debian, not 'main', because github cli is completely useless without proprietary server code.

It's ok if server code is proprietary since you're not running it yourself. This doesn't violate any of the GPL freedoms.

[KOLANICH]

Client code is also proprietary, and carries a browser fingerprinting script they call a "CAPTCHA". It is completely inacceptable.

[Motophan]

Can we try asking rms?

[nataraj-hates-MS-for-stealing-github]

I agree with issue starter.

I am very unhappy that i _hadto use github account to sign this

[nukeop]

Client code is also proprietary, and carries a browser fingerprinting script they call a "CAPTCHA". It is completely inacceptable.

Client code works with LibreJS. And you can always use the MIT-licensed github cli.

[KOLANICH]

Client code works with LibreJS. And you can always use the MIT-licensed github cli.

Try to sign-up with LibreJS enabled.

[ahangarha]

Just wanted express my stand with the Issue. I think those who would support RMS and FSF knew how to sign petition. I would say even number doesn't matter as much principles do. I prefer to get defeated by more people but keep my principles up.

FSF and RMS has long history of taking their (and I assume our) principles up. They don't need any compromise for getting support from their own camp, rather, it is the time to manifest the principal and ethical difference between the two camps.

I don't want to just criticize. I appreciate that unlike some sick minded people in Iran who signed petition against some Free Software activity in Iran on Facebook!!! you didn't take the petition there. I think we still can make a second option for signing the petition which is FLOSSy.

Aggregating the two list wouldn't be a big issue.

[ahangarha]

It makes sense from a popularity standpoint, since GitHub is the most used software forge, it may also bring the most signatures. But I would also like if there was a way to contribute to this with free software. SourceHut would have been a more appropriate place for this, but I don't know how much traction it would have gained then.

My suggestion is to make a repo there and link both to each other. Make that one the main one and let people know if it is more convenient for them to sing on github, the option is there. As the result, we won't miss anything. We both keep up with out stand for Free Software way and also give easier way to those who might have technical challenge with SourceHut.

I think it is very much practical. Then, this repo would be a mirror to that one. merge can take place every 12 hours or even daily.

[brown121407]

@ahangarha, good idea.

@nukeop please let us know what you think about this and if you're willing to cooperate on this idea. We can set up a mailing list besides a repo on Sourcehut extremely easy, and people can contribute with only free software and outside of GitHub. I volunteer to (help) manage it, apply patches and all that, if you need someone.

[nukeop]

I want a single destination for all signatures. Creating repos on other websites is a great way to spread the signatures too thinly and lose our focus. I can allow one official email address to exist, if I get access to it.

[brown121407]

@nukeop, then what about only creating a public mailing list on Sourcehut? Since it would be public, you can read anything you want from there. We can encourage people that want to send patches created with git format-patch there or just want to request their name to be added and they don't want to use GitHub but don't know git either.

[nukeop]

If you can handle problems like spam and malicious entries, that would be perfect.

[brown121407]

@nukeop, I'll look out for spam and filter it as best as I can.

Let me know what you think about this: https://lists.sr.ht/~brown121407/rms-support-letter The address is ~brown121407/rms-support-letter@lists.sr.ht and the details about how to work with it are in the list description.

[nataraj-hates-MS-for-stealing-github]

I want a single destination for all signatures. Creating repos on other websites is a great way to spread the signatures too thinly and lose our focus.

Then doing that at GitHub that is owned by most evil software corporation, is really bad idea. At least if we are speaking about free software.

[brown121407]

@nukeop, we have the first signature on that mailing list I posted, so we kindly ask you to take those into consideration too. Relevant for #843 too. When you add people's signatures from there it would be kind of you to reply to their email to mention that they have been added. Thank you.

[ahangarha]

I wanted to thank the person who opened this issue and those who participated in finding workaround and the maintainer who was open to suggestions and finally implemented it.

I respect such attitudes and the courage to keep up with our hold on Software Freedom.

Wish best for all.

[brown121407]

@nukeop, we have the first signature on that mailing list I posted, so we kindly ask you to take those into consideration too. Relevant for #843 too. When you add people's signatures from there it would be kind of you to reply to their email to mention that they have been added. Thank you.

I have archived my list above so people won't send their signatures anymore, and redirected the two that signed to the list that now appears in the README. I think now this and #843 can be closed.

[Tyil]

software forge, it may also bring the most signatures. But I would also like if there was a way to contribute to this with free software. SourceHut would have been a more appropriate place for this, but I don't know how much traction it would have gained then.

For what it's worth, there is a copy of this repository available on Sourcehut, allowing one to completely avoid all proprietary software in order to support Stallman.

https://git.sr.ht/~tyil/rms-support

[zaytsevand]

Thanks for the opportunity to show my support in a convenient, non-discriminative for less FSF-inclined way.

[spiko-md]

Not everyone can even access github: https://developer-tech.com/news/2021/jan/08/github-restored-iran-us-gov-permits-sanctions-exemption/

[6r1d]

@spiko-md, do you see any solutions? Should the github site be mirrored? Will codeberg and couple other ways suffice to add the signatures?

[jobbautista9]

@spiko-md The article only says that GitHub will restrict access to private repos. This one is public, so even if you're in Iran, or Cuba, you should still be able to access this repo I think.

Otherwise, there are already alternatives, like email and codeberg.

[nunojpg]

The fact that we disagree in part or almost entirely with RMS ideas (example that Github is bad for free software, sorry RMS, you are wrong), but we still understand how important he is for free software politics is what I understand one of this letter main reasons.

[KOLANICH]

we disagree

Make statements for yourself. IMHO GH is harmful, since M$ has started abusing the power it has. I'd like to migrate off it.

[Tyil]

example that Github is bad for free software, sorry RMS, you are wrong

RMS is right, though. GitHub may be good for open source software, but not free software. GitHub tries to persuade people to use open source licenses that allow relicensing without any worry, which companies love, since it's giving them free shit with no reason to give back. But these licenses aren't viral copy-left, and thus don't guarantee any kind of freedoms to the users the moment a company decides they don't want users to have freedom.

IMHO GH is harmful, since M$ has started abusing the power it has.

Correct, though I'd argue GitHub was a terrible platform even before Microsoft bought it.

[KOLANICH]

open source licenses that allow relicensing without any worry

It is a good thing IMHO. Myself I use Unlicense. "Freedom" of GPL is not freedom at all, but just copyright trolling no better than the one proprietarians do.

What I meant under "harmful" is that GH:

• tries to vendor-lock-in people by demanding them to be signed in for some actions (though some of this is worked around)
• inserted a browser fingerprinting script and call it a "captcha"
• pushing for TEE-based TFA, such as FIDO 2 by introducing antifeatures, such as "email validation" after every IPv4 address change
• not enough functional without JS

But it is still much better than GitLab, which is free software, just managed by a malicious corp.

BTW, vendor and product lock-in is exactly the behavior of GPL, when "FSF" is considered a vendor and GPL is considered a product.

[nukeop]

Making an account somewhere is not vendor lock-in. You could argue that Github actions are a form of that, but allowing only signed in users to make comments is definitely not vendor lock-in. I have not seen a single captcha in my 5 years of using Github either.

Also FIDO/U2F is an open standard that anyone can implement and use.

[6r1d]

It is a good thing IMHO. Myself I use Unlicense. "Freedom" of GPL is not freedom at all, but just copyright trolling no better than the one proprietarians do.

Showing disadvantages in copyright is a morally right thing to do, not "trolling". Many Linux modules are probably added back because of the GPL, for example.

[KOLANICH]

Showing disadvantages in copyright is a morally right thing to do, not "trolling".

Everyone is aware about disadvantages of copyright. Some immoral people decided to play according the rules for their benefit. Some of them hypocriticaly pretend that it is a right thing and there is nothing wrong with it. BTW, there is "nothing wrong" with robbing people, killing people, enslaving people, extorting from people, all the people staying behind these activities in organized fashion are very well respected in every society. This is the same way "nothing wrong," as "nothing wrong" in using copyright.

Robbing and racketeering every businessman or just a person in some area is also "just showing disadvantages" of robbers being present in society, and according your reasoning is also a "morally right thing to do".

Making an account somewhere is not vendor lock-in. You could argue that Github actions are a form of that, but allowing only signed in users to make comments is definitely not vendor lock-in.

GitHub Actions require (not really, it can be worked around) signin to be able to view logs and to download artifacts and to view "hidden" comments.

I have not seen a single captcha in my 5 years of using Github either.

I have not used sign-up page since I joined GH in 2010. In December 2020 I have registered a bunch of orgs to better organize my repos. Without any "captcha". But in Jan or maybe Feb 2021 I tried to reg a few more orgs .... and saw they have introduced a browser fingerprinting script by a third party they call a "captcha".

Also FIDO/U2F is an open standard that anyone can implement and use.

FIDO2 spec is a backdoored standard containing "attestation". Website owners have incentives to say people "either use FIDO2 impls that pass attestation or GTFO" as one of the way to keep people that have negative value (wasting network bandwidth and server CPU without getting the reward they assumme they get in a form of collected "telemetry", showed ads with high enough conversion or sellig some shit) for their websites - anyone who is not a conformistic idiot. This standard itself is harmful and must not be promoted.

Also it is person's personal business if he wants 2FA with the risk of losing access to his account because of that or not. M$ intentional creating obstacles for 2FA non-users is considered harmful.

[6r1d]

and according your reasoning is also a "morally right thing to do".

Wow, that escalated at a light speed!

Business benefits from Linux a lot. If it was less profitable than BSD, why is Linux popular on the servers again? Maybe, just maybe, it's... Not that evil?

And if it is, show me your logical chain. How do you jump from GPL to robbing?

[KOLANICH]

How do you jump from GPL to robbing?

Very easy. GPL is copyright, copyright is a tool made for de-facto robbing and racketeering people legally and copyright is actually used by people to de-facto blackmail people and de-facto extort from people, including the ones who have licensed their code under GPL (and yes, there are quite some companies whoose business model is built around extortion using GPL, often AGPL in such cases). It is completely legal, but completely inacceptable.

Business benefits from Linux a lot.

I benefit from linux a lot. All my gadgets are linux-based. Without Linux they would have been BSD-based. Without even BSD they would have been Minix-based. Without even Minix, they would have been proprietary shit.

But that people benefit doesn't give anyone any right to extort, even if it is permitted by law and even enforced by law enforcement.

If it was less profitable than BSD, why is Linux popular on the servers again?

Network effect.

Maybe, just maybe, it's... Not that evil?

Linux itself is not evil.

[nukeop]

You're using your own definitions of "right", "robbing", "extortion" and other words, which weakens your argument.

If you need to use emotionally charged terms to support your point it tells me that your point isn't very strong by itself. It's like you're making very decisive moral judgments about things which are typically pretty ordinary. Sounds dramatic but it's transparent that you're not too convinced yourself and need to use grandiose terminology to make your writing project more confidence than you really have.

[KOLANICH]

I was asked, I have given the answer. What to think about my answer - it is up to you. Your beleifs and approvements were not pursued.

[Motophan]

Nuke, sorry but I agree with KOLANICH.

On Wed, Apr 21, 2021, 9:22 PM KOLANICH @.***> wrote:

You have asked, I have given you the answer. What to think about my answer

• it is up to you. Your beleif and approvement were not pursued.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/rms-support-letter/rms-support-letter.github.io/issues/413#issuecomment-824546799, or unsubscribe https://github.com/notifications/unsubscribe-auth/AKEIUFB547QFGJ4ZA4FXJWTTJ6XAHANCNFSM4ZXFOA2Q .

[6r1d]

Guys, you see, there's a bit of a problem with KOLANICH's explanation, and I feel the need to point it out. It's nice that he's not alone, because it shows how people miss the point of GPL and allows me to explain why we're here to the part that isn't informed.

Now, look at this dialog:

Business benefits from Linux a lot.

I benefit from linux a lot. All my gadgets are linux-based. Without Linux they would have been *BSD-based.

There it is. Do you notice this little, but interesting moment?~

Without Linux they would have been *BSD-based

You see, the trick with GPL is that you need to contribute back the stuff you work on. That is, device support, drivers, kernel modules, whatever. For gadgets.

BSD license, sadly, does not require a manufacturer to do so. BSD having a bit less support and drivers is a direct result of that.

Yet another funny trick of modern industry is that people are motivated by profits. That is, if you make a screen, it's new and shiny, you really don't want to make drivers for anything but the most modern and popular, currently proprietary OS.

Maybe, should you be a "Screenmaker co.", you'll even pursue the BSD dev who writes drivers in a lawsuit, because profits are motivating you. And don't tell me that corporations are always nice and right, if some tractor manufacturer did not pursue a farmer and Apple were kinder, we won't have Right to repair, would we now? We've got what we got, corporations want to maximize profits and it means squeezing maximum amount of money, selling your data and suing people when that's convenient.

So, nicely cutting corners and making you contribute a driver for an edge case you don't really care about (GNU GPL) is a neat tiny trick, that allows you to have most of your gadgets at all while not working for a large corporation with ties to screen manufacturer, sound chip manufacturer, processor manufacturer, motherboard manufacturer, video card manufacturer, whatever sensor you need manufacturer, and I can continue this list. Oh, and you can have rights for your invention, too. How cool is that?

GPL is not evil. GPL helps mankind progress outside of the large corporate sector, actually.

[Areso]

@6r1d none of your belowed gadgets will work without proprietary, closed-sorced blobs, superglued to one specific kernel. And the GPL doesn't help with the matter.

[6r1d]

none of your belowed gadgets

Pardon, but... Firstly, it's "beloved" if you did not mean a pun with "below" and otherwise I miss the pun. Secondly, I did not introduce the topic of gadgets.

will work without proprietary, closed-sorced blobs, superglued to one specific kernel

Many of the hardware protocols are open, stuff gets more and more documented, many scopes of said blobs are limited, it's not that terrible, and besides, stuff like Noveau drivers for Nvidia is developed.

And the GPL doesn't help with the matter.

Seriously? I think you're ignoring quite a bit of context for decades there.

[KOLANICH]

Do you notice this little, but interesting moment?

Yes. *BSD have chosen the wrong "cathedral" model of development. Then Linux with its "bazaar" model came and have beaten BSD.

Maybe, should you be a "Screenmaker co.", you'll even pursue the BSD dev who writes drivers in a lawsuit, because profits are motivating you.

In current legal system everyone is allowed to sue anyone (except the souvereign) no matter how nonsense the claims are. AFAIK in Common Law legal system if the defendant has failed to take part in the trial, he loses automatically. Laws disallowing RE, recreation and using of technology and distribution of information are unjust laws and must be abolished. This are the issues in the legal system, not in BSD.

You see, the trick with GPL is that you need to contribute back the stuff you work on.

... under GPL license and even the separate products. Exactly what Steve Ballmer said. Or make a business aggreement with the copyright holder and pay him instead.

And TBH, if a company uses FOSS software, it have quite strong incentives to upstream own patches, and not only just contribute back, but make them be actually merged into the upstream. Otherwise it would be costly to maintain them. When patches are merged into the upstream, their maintainment burden is shifted to other project developers and dustributed more evenly.

Even if the software is developed by the corporation itself, it is often shared under a free license instead of a proprietary one or GPL (remember, the corp is the holder, it is not bounded with GPL terms itself, and it can relicense the software to anyone else under any license it wants (as long as permitted by law) ), to get more 3rd-party devs working on it for free. It is a kind of proof that corporations actually benefit from allowing everyone to enjoy the 4 Freedoms.

And don't tell me that corporations are always nice and right

I have never told so.

We've got what we got, corporations want to maximize profits and it means squeezing maximum amount of money, selling your data and suing people when that's convenient.

It is again the issue with the current legal system. It permits some kinds of de-facto racketeering and extortion and uses law enforcement to help the de-facto racketeers. It is again the issue in the current legal system. Instead of taking part in de-facto racketeering and using the fact that lot of people do that as a justification, one must change the legal system instead. There exist political parties which (at least declared) purpose is exactly that, yarr.

Oh, and you can have rights for your invention, too.

Patents must be abolished.

How cool is that?

Completely not cool. Copyright and patents are not rights. They are legalized racketeering and extortion.

[Tyil]

"Freedom" of GPL is not freedom at all

A common misconception, usually brought forth from egocentrism. There's more people on the world than just you. GPL enforces freedom for the users, not so much the developers. If you truly care about your users, you wouldn't mind giving up the "freedom" to harm them with your software.

In current legal system everyone is allowed to sue anyone (except the souvereign) no matter how nonsense the claims are.

More egocentrism. Please understand that not every country is as fucked as the USA. In fact, most problems plaguing that hellhole are very much localized.

And TBH, if a company uses FOSS software, it have quite strong incentives to upstream own patches

Unless they have an advantage over the competition. In that case, unless they are required to upstream patches, they have a very strong (financial) incentive not to do so. See FreeBSD.

Copyright and patents are not rights.

And that's why the GPL is called "copyleft". It fits into the same framework, but accomplishes the exact opposite, giving freedom to the users instead of taking it away for profit.

[KOLANICH]

GPL enforces freedom for the users, not so much the developers.

Freedom is not the thing that can be "enforced".

If you truly care about your users, you wouldn't mind giving up the "freedom" to harm them with your software.

No, taking my freedom is inacceptable. Trying to persuade me that me of freedom is necessary is like trying to persuade prisoners in concentration camps about the same. It won't be accepted.

Please understand that not every country is as fucked as the USA. In fact, most problems plaguing that hellhole are very much localized.

No, it is the planet Earth a hellhole, US and PRC and EU and UK and RF just follow the trend.

Unless they have an advantage over the competition. In that case, unless they are required to upstream patches, they have a very strong (financial) incentive not to do so. See FreeBSD.

If they have significant advantage in competition from that ... then they would eliminate anyone for that. Thousands and millions if necessary. No shitty license and even no court decision would stop them. Good luck in suing rich corporations (everyone knows which ones exactly, but I won't name them) with close ties to politics and significant defence contracts on the basis of their GPL violation. One suing them would be bankrupt before he even had a chance to win the lawsuit. You cannot use the tool designed specially to racketeer people against the racketeers themselves. In order to start using this tool efficiently, one has to be a racketeer and do the racket. For everything else the tool is useless. And yes, racketeers can try to racketeer racketters, so the dependence of the tool's efficiency on org power is designed to favour more poverful entities more. So the tool is inherently harmful.