So feel free to close this one here as it will come in from Debian soon :)

Fix released to Debian as version 0.9.7-3: https://tracker.debian.org/news/863564

Hydrogen-compatible XML feed with only DFSG-free drumkits are now established at http://freepats.zenvoid.org/hydrogen.xml

Yes, I recommend to drop smplayer and smtube from PureOS.

so, do you suggest to drop them both from archive (its not like we don't have plenty of other apps for such use case) and improvement in security and freedom of archive might be enough big to simply remove them from pureos archive (we can always change that in future if it changes)

seems smplayer (authored by same upstream as smtube) is sloppy about executing external code: As an example, if youtube parsing fails then it offers to download updated javascript code for parsing - from insecure URL!

it seems the version of smtube currently in Debian does *not* rely on tonvid.com. A likely related issue to that is https://bugs.debian.org/797500

funny, I am the maintainer for mps-youtube and while it is cli based, it can show video as well (defaults to mpv for such usage)

possible alternatives to smtube are minitube and (for console only, and therefore quite likely limited to audio) mps-youtube

smtube is an interactive Youtube browser - that is different from smplayer/mpv/youtube-dl which only supports feeding an explicit already known Youtube URL.

for the record: mpv uses youtube-dl for accessing Youtube and other online streaming services,

Awesome, thanks! This is the best way to fix these bugs!

Fixed libsdl1.2 has entered Debian testing, so assume that means it is fixed in PureOS as well.

I disagree there is any issue here at all, and recommend to *not* apply the Parabola patch, as it seems to be a result of simple search'n'replace for _potentially_ bad strings - without then checking sanity of the resulting changes.

The diff I had already done, but your description on *why* you changed as you did is quite helpful.

Can this help:

I worry about bitrot for PureOS too.

This is the list which contains only free drumkits: https://tracker.pureos.net/P2
I have removed drumkits clearly labeled as non-free as well as others without license.

I'll examine manually all drumkits offered in Debian package the online repo. If there really are some not allowed by FSF, can we simply patch the package?

turns out the package hydrogen-drumkits contain roughly the free parts of what is offered online, so setting up a curated live list is really no gain.

The list curated by Parabola seems to permit non-commercial CC licenses and does therefore not comply with Debian Free Software Guidelines.

Patch applied to Debian package, queued for release in 5 days (unless Debian maintainer intervenes).

After I stumbled upon this: https://lists.parabola.nu/pipermail/assist/2015-December/000586.html

@baconicsynergy, thanks for the interest, but this is not a discussion forum, but a place to report issues. We will be happy to discuss this on our forums: https://forums.puri.sm.

That's not freedom issue, but could be classified as a privacy problem.

Fixed.

I'll work on this one.

Package: purebrowser
Version: 46.2.0esr-1pureos1
Priority: optional
Section: web
Maintainer: Pureos Team <all@puri.sm>
Installed-Size: 103 MB
Provides: firefox-esr, gnome-www-browser, www-browser
Depends: libasound2 (>= 1.0.16), libatk1.0-0 (>= 1.12.4), libc6 (>= 2.17), libcairo2 (>= 1.2.4), libdbus-1-3 (>= 1.9.14), libdbus-glib-1-2 (>= 0.78), libevent-2.0-5 (>= 2.0.10-stable), libffi6 (>= 3.0.4), libfontconfig1 (>= 2.11), libfreetype6 (>= 2.2.1), libgcc1 (>= 1:4.0), libgdk-pixbuf2.0-0 (>= 2.22.0), libglib2.0-0 (>= 2.20.0), libgtk2.0-0 (>= 2.24.0), libhunspell-1.4-0, libnspr4 (>= 2:4.10.9), libnss3 (>= 2:3.26), libpango-1.0-0 (>= 1.14.0), libsqlite3-0 (>= 3.7.12-1~), libstartup-notification0 (>= 0.8), libstdc++6 (>= 5.2), libvpx4 (>= 1.6.0), libx11-6, libxcomposite1 (>= 1:0.3-1), libxdamage1 (>= 1:1.1), libxext6, libxfixes3, libxrender1, libxt6, zlib1g (>= 1:1.2.0), xul-ext-ublock-origin, xul-ext-https-everywhere, fontconfig, procps, debianutils (>= 1.16)
Recommends: gstreamer1.0-libav, gstreamer1.0-plugins-good
Suggests: fonts-stix | otf-stix, fonts-lmodern, mozplugger, libgssapi-krb5-2 | libkrb53, libgnomeui-0, libcanberra0
Conflicts: iceweasel (<< 45), j2re1.4, pango-graphite (<< 0.9.3)
Breaks: xul-ext-torbutton
Replaces: firefox-esr
Download-Size: 41.7 MB
APT-Manual-Installed: yes
APT-Sources: http://repo.pureos.net/pureos green/main amd64 Packages
Description: Pureos web browser
Purebrowser is a powerful, extensible web browser with support for modern

web application technologies.

Fixed.

Fixed.

Yeah, I have similar comments for smtube issue. As this is also indeed Free software and sadly it is not usable without nonfree nvidia, we will postpone the work on it because of obvious dependency havoc it would cause. It also doesn't break FSF rules afaik.

Also, I don't get why the thing is actually a "freedom issue" if it's actually free software (sure, it only becomes really useful if one uses non-free drivers, but we don't ship those. Removing this thing will cause some pain though, mainly through psensor and qtwebengine)

woah, so it needs more work on it...

Broken Depends:

conky: conky-all
mate-sensors-applet: mate-sensors-applet-nvidia
psensor: psensor

Fixed.

Fixed.

Fixed.

I'll patch this one today.

Fixed.

I'll patch this one today.

only removing the file will fail build, fortunate enough you showed us the parabola patch as well (I usually like to create or re-create my own patch but I will go with importing this one and see what happens) :)

I'll patch this one today.

Actually it Depends on it but it should work fine with free version. I'll patch this one as well today.

I'll patch this one today.

I'll patch this one today.

I think we could patch this one (comment or remove parts of source code to remove such pop-outs).

I should probably ping Manoj about this one as https://github.com/angband/angband/blob/master/copying.txt is telling a bit different story

Fixed.

Fixed.

Fixed.