[OpenIndiana-discuss] [oi-dev] ANNOUNCE: gcc ported Firefox 37.0b3 now backported to snv_130 x86/x64, Should work on OI/Hipster/S11.[0-3]/S12 etc.

Nikola M minikola at gmail.com
Thu Mar 26 10:21:05 UTC 2015


On 03/26/15 06:25 AM, Martin Bochnig wrote:
> 90% of the work I did since 2013 was closely related to amd64 
> (x86/x64-only), rather than sparc. But probably it will take 25 
> further years until somebody starts to figure this out.
Maybe people would better see things from your perspective if there are 
some code sharing between your project and others.
>> OI also supports SVR4 .pkg packages so this could be looked at as
>> rehearsal of making external products to Openindiana/illumos, although
>> there is also possibility of making IPS repository, accessible using
>> certificates.
> It would have been stupid, had Sun completely burnt all bridges of backwards compatibility.
> But that was before you started using Solaris. You didn't live through those times of IPS "democracy" in 2007.
I just yesterday found this page about turning SVR4 packages into IPS ones:
http://docs.oracle.com/cd/E26502_01/html/E21383/pkgsvr4.html
haven't tried it yet.

Openindiana also supports installing SVR4 packages (and S10/11)
I was always inclined to see IPS networked way as something more modern 
but maybe your views on SVR4 that it is modernized and fit for a 
purpose, could live inside subset of illumos distributions that use it, 
as an open standard?
Maybe your updates on using SVR4 packaging (is it been updated outside 
illumos?), could end up contributed inside illumos or existing SVR4 in 
illumos is already fit for use that can rival IPS?
I think that exchanging packages between distributions is already done 
with .spec files and processes to make pkgsrc, deb, IPS and possibly 
SVR4 .pkg packages?
Exchanging definitions of packages it through .spec files, to lower 
porting effort between distributions to a minimum. What do you think 
about those ideas?
>> I want to be able build FF and and other things too, by myself
>> locally, so I can contribute in area I can. So having binary-only does
>> not help in that.
> How shall I understand this?
> A) You don't want any bins
Bins are Ok - that is what ready-made distributions are for, only 
building process needs to be reproducible by users.
(e.g. get source -> use same process of making package as in binary 
release, but only for that package -> producing package as user).
Anyway that's something what most of free software licenses give as a 
right to every user of software. You know - what is open, stays open, 
and ability to make changes, fork etc.
> B) You want to contribute
Of course , everyone to their abilities and level of expertize.
Yet no one can wider their knowledge without doing something and sharing 
ideas through changes and every contribution counts.
> C) In order to get into a position to contribute FF related work, rather than contributing and working on the src until it works, you expect _me_ to provide it in fully functional manner!??
>
> Does that make sense?
I think no one actually expects anything from anyone :) Nor asks. You 
decide it by yourself.
Producing something is never job for one person.
If more people are not involved in a production process organization has 
to be like that to easily include more people in. With more people, also 
burden of making something is lower on developer.

I think that is only expected is to do things in open manner, where 
changes to the code are visible, being able to be audited by users 
themselves, admins and distribution maintainers.

*There is much more then producer <-> consumer relationship in free 
software and open source.*

Valuating one's contribution through money is not directly connected 
with the level of involvement, it is more of a business model and 
marketing and position on the market, but that is clearly not the role 
of developer potentials of an Operating system/software distribution to 
think about those things.
Maintaining good name and good image is maybe good enough.

I think that sales and marketing are very much also needed in free 
software projects, to provide incentives (monetary support) for 
developers to do their work.
Also developers are not the only ones using final product, but people 
that are using it in the wild, so listening to their needs is crucial to 
supporting developers needs (of course with developers freedom of making 
new great things).
Also it should be noted that code and packaging and maintaining and 
support and testing and bug reporting contributions, also value , and in 
many cases are more valuable then money.
Money influx is in direct correlation not only to the "greatness" of the 
products, but also as the image outside world has it to it. (Are people 
positive and smiley, does process of including new people is open, is 
doing things transparent, does it fit with competition.)
>> That said, without source, you can not be sure what is inside, like it
>> was for chromium port we already had here.
> How ridiulous is that very "argument", and why won't you stop repeating it time and again??
Because it is right. it's how free software work. You get sources from 
somewhere, why people after you should not have same rights to have 
sources like you did??

If person A has source code of a product and person B changes source to 
produce binary to person A, then , person A should have source 
distributed with binary.  If not, person B is in violation. (That is 
copyleft).

So person A can continue where person B is left , contribute to the code 
and not having eternal B-providing A-receiving relationship, but mutual one.
If money is not involved, person B is receiving all source code and 
person A receives receives no changed code but original one.
Benefits of person A using binaries from person B are non-existant , 
because it is much safer for person A not to use binaries of person B,
because person A can not be sure what changes are actually made by 
person B if not having same-licensed source is not delivered together 
with binaries (And validated by third party, e.g. distribution 
maintainer, upstream maintainers, etc).
So even in simple many A -source - B - source+binary relationship,
there are third parties the evaluate is B doing right thing for A, that 
reflects wither A (user) would care about B is doing or not.
If A does not posses power to evaluate changes of B, if B provides 
source, B seeks confirmation on other people/members of team for them  
or pushing changes of source to upstream.
It's not A's job to provide those confirmation, but B's, too.
Value exchanged here is code, not binary, because if code is available, 
everyone should be able to make binary.

> I) I have the src and I do know what's in. Either folks trust me or the refuse to.
That is not acceptable.

"Trust" is product of continuous checks by many people of one's work.

If one expects to be believed to he's words only, why withdrawing from 
public evaluation process of he's work? He should not expect trust if do so.

> II)Let's assume you had the src, it would be the very same. (Except that _you_ would be the one folks needed to be trusting.)
It would certainly not be the same, because I will have also power to 
make my own binary, fork it, change it, re-distribute it, like copyleft 
is meant to be.
That kind of contribution, with source, would be actually appreciated.

Not upholding that right to the user, divides people, stops sharing of 
knowledge and...
...let me not describe it with much stronger words...

And you are right about sharing trust.
Trust should be divided between more people who check it between themselves.

That is also a source of freedom of speech and other personal freedoms, 
to be able to publicly state if one's work is bad.
Stating "you don't need code" is deciding to make all other people 
"second-grade" to himself (!) turning them in passive users.
That is also derogatory  to users to treat them with such disrespect.., 
while asking for contribution.
If there is no code, user can not become developer and make 
contribution, because it is not in he's interest.

> III) Let's imagine, I would openly publish the diffs plus explain in detail for weeks what folks have to do in
Nobody cares if you are not open source and same-licensed as code you 
start from.

Imagine how many people used to make Mozilla products from 1995 till 
today, and included their copyright in the product?
They included their copyright in the product and they are the ones who 
actually made a product, not maintainer, distributor or new contributor.
If contributor refuses to uphold with original usage and source code 
rights, he is in violation with he's own interests and others.

> order to get through the build procedure, somebody would upload bins resulting from that, it's still not clear if the resulting bins were generated from 100.00000% this exact src,
I suggested you do that with .spec files, so person building it could 
use "recipes" using all open source components to build it independently.

Problem with "checking binaries" should not exist actually.
If source is open, AND changes are audited and accepted by third party, 
then every binary should work equal (using same system ABI).
If someone adds binary blobs to it's binaries, that is he's own demise.

Process, code and procedures and tools, from source to the binary should 
be available to anyone
if someone wants to have open product.

>   or if big brother has secretly added some hidden functionality. Therefore it would still come down to the original scenario described in I), namely that all end-users (except for the few who built it by themselves _plus_ veryfied millions of lines of code by themselves, which is unlikely)
User is not forced verifying a single lines of code. That line of 
thinking is not true.

It is project maintainers , whom developer sends patches to existing 
project files and new same-licensed files adding functionality,
check it, include it or refuse it.
It is chain of trust that makes user believe software he is using is right.

So process is like
code+changes, porting -> code maintainers -> distribution maintainers -> 
testing -> users
users ->feedback, bug reports -> distribution maintainers -> 
code+changes, porting

Users rely on maintainers and upstream checks and open code and 
visibility of patches during development, audited by colleagues and 
testing that is done prior releasing, that final code is OK.

And making binaries out of code should be trivial and not something 
"esoteric"..

"End user" could in any time become: coder, deveopler, code 
maintainer,distribution maintainer and tester.
That is how projects grow.

> needed to blindly trust the persons who generated bins and provided them.
It is never "one person".
And best way of achieving trust is have open changes through all process 
of development.

And not to be alone but with other people producing and auditing.
Also process of making final binaries, can strictly not be under control 
of ones who wrote it.

Therefore, nothing but the code can survive making into binaries, and 
that is what maintainers and testing people (code level, distribution 
level) are for.
> IV) I consider you a friend because you know a few things of what is happening outside (more than most others here).
> But every time you argue in this way, I get newly disappointed.
Sorry, it's in human nature to make better things through explaining views,
maybe someone is right some time, and other is right some other time,
but no one is right every time :)

Also from different perspectives, some things might seems right, but as 
soon as one look at a bigger picture and consult with others, that could 
only lead to benefit of everyone.
When I talk to you I think I am contributing to your project and that it 
benefits you to hear it.
> Are folks too brainwashed or too unaware (to avoid having to say _too misinformed_), in order to comprehend how worthless and ridiculous all these "security concerns" are?? It's just a show to keep folks busy, feeling good and chatting.
I beg to differ.
People using free software and open source, have true power of having 
their data safe and their products independent and their life better.
It is negative to think that people are without power to change things 
to better for themselves.

People that have source have power to make it better and together with 
that, their lives.

> Who and where is the enemy of privacy?
> Let's ask google just 5 secs:
>
> Your hard drives were RIDDLED with NSA SPYWARE for YEARS
> http://www.theregister.co.uk/2015/02/17/kaspersky_labs_equation_group/
It is interesting but not related to previous talk.
I am sure there are many non-US producers of hardware in the world, not 
in their interes sphere of influence, so choosing wisely hardware 
producers in the future, can benefit human freedom.

But we focus on free and open source software here.
> On top of that EACH AND EVERY "officially approved" dsl-modem establishes a 2nd hidden connection to the NSA in the very moment you switch it on.
Please provide sources/articles about that and you can update Wikipedia 
article or write article about that in some blog, accordingly.
This is off-topic , maybe loosely related to the question of open 
development, but not quite on track.

> Report: NSA paid RSA to make flawed crypto algorithm the default
> The NSA apparently paid RSA $10M to use Dual EC random number generator.
> http://arstechnica.com/security/2013/12/report-nsa-paid-rsa-to-make-flawed-crypto-algorithm-the-default/
Of course, let people know, and choose open hardware and open software 
in the future.
And by open, that also means with audited open changes.
> What's your response to _that_?

I cant' compare anyone here with NSA, it would be pretty not fit 
comparison. :P

> Well, you encrypt some of your personal emails - but not even create the keys by yourself, but instead use a free public provider for that.
> Because you trust them, right.
Please. That is private information and I don't expect information from 
private conversations to be put on public without permission. I think 
you can understand that.

> But you don't trust me?
> Well, that's your choice.

As I said, it's not question of trusting you. I can trust you fully, but 
that is unrelated to benefit of everyone else.
Trust is not result of your actions only.

Trust is result of interactions with others.
If you do not interact, intensively, with others (share code), others 
can not know how you do things.
Not knowing how one do things does not produce trust, knowing one can 
produces estimates on further behavior, therefore, trust.

Person can trust their life to you, personally, but why should anyone be 
forced to choose, wither to trust you or not??
If you make a mistake , alone, should that be demise of all people 
around you?
It is to much burden for a man, that should be shared between many people.

So it's not in any way personal feeling.
I can trust you all I want , i can say you are great, hard working guy , 
people can support you in every way, only that would not make things 
better for you if you do not do things right for all the users.

Ones that criticize, complain, make fuss about things, protest or share 
their ideas - they make a positive difference. :)
Not those that only tap you on the back...

>> There are more people here wanting to build FF on this list and OI and
>> I would like to collaborate on building FF/SM and chromium with them.
>> I know there are patches available, that Oracle uses to contribute
>
> What is your definition of "contributing"?????

Contributing is everything you do about an project.
Contributing is writing this letter to help others understand your 
thoughts, responding with yours, mentioning project's name in casual 
talk, advocating using it before people, complaining on sites fro 
supporting/not supporting product, organizing public events with 
project's introductions, posting findings in personal blogs, commenting 
and expanding documentation, writing documentation, posting 
informational videos on internet, maintaining documentation, writing 
wiki articles, posting bug reports, trying to add informational data to 
bug reports, do testing of new packages, build packages with your 
changes, posting patches with changes, translate documentation, opening 
and maintain local user communities, maintain community sites, 
maintaining mailing lists and forums, posting ideas for a project, send 
patches to implement ideas, localizing software, porting packages, make 
new applications, packaging applications, packaging distributions, 
maintaining OS distribution, making OS distribution releases, 
distributing OS distributions on media and internet, providing support 
for users, providing administration services using project, writing 
articles about using it in real-life problems, advocating project, doing 
marketing, doing support sales, providing financial influx from 
customers to the maintainers and developers.

One needs to be positive to the project AND people and do what is best 
for the project to achieve it's goals. Including acting when goals are 
being defined.
> Expecting me to provide them,
As said, nothing is expected from anyone, nor requested.
That is what free will (and distribution of work) is for.

Free software actually exists, as I see it, to distribute all hard parts 
between people on the project (and different projects) and to make 
quality products out of many contributions,

And let people actually do something valuable with a project's product, 
instead of just doing product itself all the time.

> while you publish them with big fanfare under your name and folks will congratulate you and send you whatever flowers or money (all the things they don't do, if I upload something, as I just witnessed - yet another time?
It is interesting thing to be considered.
I learned that for contributor, mentioning in contributors file and/or 
changelog (for project starters, big contributors also inside project 
documentation) should be and usually is enough.

It is also important who is the one who publicized it first, one more 
benefit of having things developed on open.
No one is able and should not be able to take credit of other one's work.

Only thing that could not never be sold, is authorship of a work.
Copyright could be put under open/free software license, also with exact 
usage rights , that usually are the same as original license of work,
copyright right could be sold, etc. but no one can ever lose he's 
authorship of he's work!

Benefit to the author or contributor comes usually not directly from the 
fact or act of making something or contribution to source,
but usually from supporting of a product and general feeling that having 
capable guy on paying list, is a result of trust that he is doing good work.

If your feelings are hurt due to someone not mentioning your making of 
something, or presenting your work as he's you could sue him.
Or read license and see if it requires mentioning all contributors in 
every release after that or not.
But that is not the problem for general population who uses the work.

> I took the hassle to compile FF37 down on snv_130 (after it already worked well on internal OpenSXCE2015.03) only to do OI users something friendly and nice.
> And what's the reaction?? Gimme MOAR.
Thank you very much for supporting OI with applications.

I would appreciate if porting applications of free software projects to 
illumos distributions,
are backed up with source, so they could be included in OI for 
everyone's use in right manner.

Only way of including yourself in the OI project itself is if your 
contribution is open source with all needing parts to reproduce your 
work, so it could be distributed through OI.

Other ways could include exchanging .spec file recipes for exchange of 
knowledge
and shorten time of building applications between distributions.

Of course there could be closed paid-for software for OI, and everyone 
is welcome to contribute to OI as a a possibly stable platform to he's 
applications sales.

> Well, it was a telling experience, and I learned from it.
> Won't happen again, anytime soon.
I hope you understand that sharing binary-only packages on public 
mailing list could include some sort of criticism on community that is 
formed around open-source and free software principles.
> Insteaed OpenSXCE finally gets it own mailing list this very weekend.
That would be great, I hope you would welcome people joining with you in 
discussions?.
I wonder why you haven't make your own mailing list long time ago? I 
think I mentioned it long time before, too.
> Who wants to join, will be invited.
> Who doesn't, stays here - as simple as that.

You are planning OpenSXCE mailing list to be invite-only?
Opensolaris mailing list is always free for anyone to join.

I just suggest you to make your mailing list self-hosted, using mailman 
or so.

Take care and I would be glad to see how things are doing for you
and if I can help in any other way , of course with Open source and free 
software development.




More information about the openindiana-discuss mailing list