kodi - multiple issues
Open, LowPublic

Description

Reference: https://labs.parabola.nu/issues/1035 https://bugs.debian.org/877656

Kodi features repo of additional plugins. RMS stated (see reference for links) that repos like that should have only free software, otherwise entire software is considered nonfree (http://lists.nongnu.org/archive/html/gnu-linux-libre/2016-04/msg00116.html). Parabola patches Kodi to use their own hosted Kodi repo, see patch: https://git.parabola.nu/abslibre.git/tree/libre/kodi/libre.patch.

We could either use their repo or create our own. But maintaining such repos could be pita.

mladen created this task.May 30 2017, 1:31 PM
mladen edited the task description. (Show Details)
mak lowered the priority of this task from "95" to "Freedom Issue".Aug 19 2017, 5:08 AM

Parabola issue 1035 really tracks two different issues: a) contains non-free decompression engine for RAR archives, and b) support for non-free addons.

Only the latter is relevant for Debian (and therefore PureOS): RAR archive support is optional and by default disabled, and not explicitly enabled in our build routines. This can be verified by checking that build logs contain "Non-free: No" e.g. at https://buildd.debian.org/status/package.php?p=kodi

jonas.smedegaard claimed this task.EditedSep 9 2017, 8:56 AM
jonas.smedegaard edited the task description. (Show Details)
jonas.smedegaard added a subscriber: hema.prathaban.
jonas.smedegaard removed a subscriber: hema.prathaban.

Parabola patch is therefore overzealous: Only the three lines changing URL are relevant.

More sustainable than subscribing to a non-default repository - whether maintained by us or picking a third-party repository - is to setup a proxy for the feed which filters the repository feed and lets through only those with a license known to be Free.

Upstream repository feed:

wget http://mirrors.kodi.tv/addons/krypton/addons.xml.gz

There are 1035 addons:

zgrep -Po '<addon id="\K[^"]*' addons.xml.gz | grep -c .

Of those, 744 includes licensing field:

zgrep -Po '<license>\K[^<]*' addons.xml.gz | grep -c .

License fields are mostly Free - few are restricted to non-commercial use, and unclear:

zgrep -Po '<license>\K[^<]*' addons.xml.gz | sort -u
mladen added a comment.Sep 9 2017, 9:34 AM

What about those which don't have license field?

Not sure what you are asking.

Perhaps I answered already: "[...] setup a proxy for the feed which filters the repository feed and lets through only those with a license known to be Free."

Yes, but if a plugin does not have a license tag, can we consider it public domain?

no, by default things without license are considered proprietary unless someone did investigation and put it in pd if it suits that. If you want you could try contact authors of those addons and ask them to specify license

In most of the World, copyright is automatic (i.e. there is an implicit "all rights reserved"), and as a consequence licensing must be explicit too (and arguably copyright statement must be explicit too, to be able to validate if the licensing was granted by the copyright holder and not bogusly from someone else not in possesion of rights granted).

More here (and surrounding document): https://en.wikipedia.org/wiki/Copyright#Registration

Plan: Establish a web service as a debian.net subdomain:

  • Write script to strip from feed any addon not known to be freely licensed
      • A working first draft done!
    • Write web service to host proxied+filtered addon feeds
    • Setup web service, and run filter script as cron job
    • Register subdomain for web service
    • File bugreport against Debian Kodi package with patch to use web service
    • Extend service to other addons, e.g. Hydrogen

adding @theodotos.andreou so he knows about the need of service similar to debian.net subdomain. Coordinate that together.

jonas.smedegaard closed this task as "Resolved".Oct 4 2017, 1:16 AM

Kodi was removed from Debian testing some time ago due to FTBFS with GCC7.

Today I filed release-critical bug#877656 and presented a fix which involves separating the mechanism to download addons in a separate package - which PureOS can then block.

Technically the issue is thus solved: If the bugs in Debian gets solved AND are done in a different way that currently prospected, then we have a new situation and may need to reopen this bugreport (and apply the patch in bug#877656 ourselves).

jonas.smedegaard reopened this task as "Open".EditedOct 5 2017, 10:45 AM

Debian kodi package re-entered unstable today, which means it will likely re-enter PureOS 10 days from now.

Thus reopening this task.

(different approaches to addressing the issue now tracked in separate subtasks)

jonas.smedegaard changed the title from "[FREEDOM ISSUE] kodi" to "[FREEDOM ISSUE] kodi - multiple issues".Oct 5 2017, 11:15 AM
jonas.smedegaard edited the task description. (Show Details)

While we will for now remove Kodi (as it was in our default installation to showcase basically the power of Free software) because it is blocked from entering Debian testing - we will re-introduce this package with all fixes around services.

Current status:

  • Exposure to non-free addons (T209)
    • Temporary workaround: Simply avoid shipping kodi in PureOS at all.
      • Pending: Unconfirmed if removal is in effect yet.
    • Solution: PureOS-forked kodi package, stripped of knowledge about problematic official Kodi addon feed.
      • Pending: Seems to need manual action to become effective.
  • Provision of free addons (T208)
    • Solution: Provide manually curated feed
      • Avoided: unlikely to be maintainable.
    • Solution: Provide automatically curated feed
      • service works, but need polish (including a web page and TLS encryption)
      • addon package drafted but not yet released to Debian.
jonas.smedegaard changed the title from "[FREEDOM ISSUE] kodi - multiple issues" to "kodi - multiple issues".Oct 24 2017, 3:21 PM
jonas.smedegaard lowered the priority of this task from "Freedom Issue" to "High".
jonas.smedegaard removed a project: Freedom.

Freedom issue has been separated as T209

jonas.smedegaard lowered the priority of this task from "High" to "Low".Oct 26 2017, 12:54 PM

Add Comment