Hello,

By "I don't like the tivoization issue" I understand you mean "I don't
like how the GPL-3 was designed to forbid tivoization". Is that
correct, and if so, why do you think it's a bad thing?

yes. There are use case (e.g. automotive, safety), where you *have* to lock
the system, for good reasons.
We can think that people might want to use the same component for unrelated usages, and open it in that case, or something similar.
But if you have a component in automotive that is a safety component, you
have to lock and close it, even if you use some OS tools to build it. Specifically, forcing usage of old coreutils, old bash, and old non-gpl3 software
won't make fsf happier, nor the component more secure.

I quite don't understand that.
Debian can't change the license of the software that it distributes,
so I don't see how it would be failing to that respect, and what it
could do to remedy that failure.
Also, I don't see how Debian's goals would or should include helping >companies sell closed software. But again, I might not be
understanding what you're saying.

I think I explained it above, Debian shouldn't enforce usage of GPL-3 software, try to cooperate
and find a way to fix the tivoization forbid issue to make a better license, that
can reconcile businesses and fsf.

When you close too much, people find alternative ways, and they are usually less
secure. But I agree that Debian can't do too much on this issue.

Gianfranco

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi,

On 3/26/25 19:09, Gianfranco Costamagna wrote:

yes. There are use case (e.g. automotive, safety), where you *have* to lock the system, for good reasons.

No, because TiVo has the exact same good reasons, legally speaking.

If there is free software on these devices, then the user must be
allowed to replace it by other free software, with no reduction in functionality.

This does not mean that the result will be street legal, or fulfill
whatever other safety requirements there are, but the key point of free software is to give the user control. The interests of businesses are
relevant only until the point where they start interfering with the
rights of individuals. If a business wants to use free software, they
can do so by following our rules, and if they do not want to abide by
those rules, they can write their own software.

Attaching a transmitter to GNUradio requires a licence nearly everywhere
in the world as well.

Simon

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, 2025-03-26 at 08:50 +0000, Gianfranco Costamagna wrote:

And another bonus question. How do you feel about the general concept of free software going forward? Is it something that is growing / embraced
by the world (big corporations, software companies, etc), or is the
trend to nerf it and trend towards models such as open-core and exploit
it as far as possible?

it is growing, but we can do better. In my opinion we might want to start thinking about 
providing some cloud infrastructure, or even some AI based on our code.
Bonus point, let AI analyze the code to find potential bugs and report upstream/developers if anything is found

At the current state commercial AIs handle high-complexity tasks better and there are always a bit of lag for open weight models. That means even if I implement the said feature in DebGPT, it is likely to perform best with
payed LLM services.

* Do you think Debian can use some budget to buy commercial AI quota to
help developer at scale (given that we have figure out the exact use case
of it)?

If Debian isn't happy with commercial services, we still have a fall back
of hosting GPU servers and run open weight LLMs, and expose the API to
Debian members. However, based on years of communication with leader@
and the infra team, IIRC, hosting GPU servers as official Debian infra
is not easy at all.

If the GPUs were from nvidia, it clearly needs lots of packages from
non-free and non-free-firmware sections to properly function.
If the GPUs were from AMD, it can work with packages in main, but
the effort of AMD ROCm has not reached the pytorch-rocm milestone.
In contrast, I've made pytorch-cuda (contrib) usable quite a while ago.

Anyway, I'm hosting a LLM inference library packaging project for GSoC 2025, and we will push forward to effort of making vLLM/SGLang usable on Debian out-of-the-box. I think that is one of the most promising use cases of
the packages maintained by Debian Deep Learning Team.

* If we were to host GPU servers to self-host LLMs, what is your opinion
on the infra issue?

And another because I'm supposed to be driving to work and it's more fun to type questions than to sit in traffic... how do you feel about how AI is going? Massive corporations are scraping and processing vast amounts
of work in the commons that gets regurgitated as new and original code. Where do you stand on this, both ethically and in the context of the future of projects like Debian?

We shouldn't loose the AI embracing opportunity. We can have some sort of open source
AI, and we should pursue it, otherwise the risk will be of Debian being kicked out from the market
even more.

I feel the original question is more for Debian Deep Learning Team instead of DPL candidates. Anyway, we have a couple of lines of efforts towards
"AI embracing opportunity":

1. DebGPT for exploring how LLM can help our work in any extent
2. ROCm (open-source) for a major competitor against nvidia's CUDA (proprietary)
The milestone for this line of effort is pytorch-rocm.
3. Essential deep learning frameworks
pytorch (cpu), pytorch-cuda (Nvidia GPU) are alreayd in shape.
pytorch-rocm (AMD GPU) is still work in progress.
Google's libraries like tensorflow and jax are extremely difficult
to package due to the blockers on the java build system "bazel".
4. LLM inference libraries like vLLM/SGLang
They depend on pytorch-cuda (contrib), which is already in archive.
I'm hosting this part as GSoC this year.

Let me shamelessly advertise the team here to attract potential contributors: https://wiki.debian.org/Teams/DebianAI

Also salsa might want to add some AI checks for patches sanity, or upload sanity to help developers
not do usual mistakes (I'm staring at myself for adding patches and forgetting to update series file)

I have some similar planned features for DebGPT. However, to properly leverage AIs at scale, one major obstable you will encounter is public acceptance of this new technology.

The use of LLMs are a little bit controvercial in the community due to unreliability of what they outputs. But I'd say as an "expert" in the
area it is fully possible to "patiently" learn about the up and down
sides of LLMs and learn to make proper use of them. Such "capability
of making proper use of LLM while not getting trouble from LLM hallucination" is in my opinion one of the most important survival skills like driving
in the next century, but so far it might only exist in domain experts and
some active users. It is also a fact that a random user may immediately
build a negative opinion once LLMs makes mistakes.

If I were a DPL candidate I'll simply see efforts on "embracing AI" in
Debian as specific user/developer/team experiments at the current stage, instead of escalating to the project scale. It needs time to get mature,
and escalating it too early destine to fail due to the lack of promising
use case and community recognition of how useful it is.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Dear Jonathan,

thank you for another batch of questions.

Am Wed, Mar 26, 2025 at 07:48:39AM +0200 schrieb Jonathan Carter:

How do you feel about organisations such as the Open Source Initiative,

After reading the LWN article "OSI election ends with unsatisfying
results"[1], my trust in the organization is deeply shaken. The reported governance issues-namely lack of transparency in elections-made me
realize that even in the Free Software world, such problems persist.
While I don't know how this affects Debian directly, I hope we can
continue focusing on our principles to build the best system. Perhaps
this also invites reflection on how we uphold accountability in our own processes.

Free Software Foundation

I think the FSF is upholding the same values as we do and I appreciate
this.

and the Linux Foundation?

I need to admit I have no deeper insight into Linux Foundation and
can't comment on this question.

We have two candidates who have mentioned their intent to collaborate more closely with Ubuntu, but should we also be doing more to collaborate with these?

In cases where our goals start to diverge from these organisations (or more accurately, when their goals start to diverge from ours, but bah! I don't want to lead the question too much), should we be paying attention? Or even take action?

I did not mention Ubuntu in my platform, but I'd like to emphasize that
Debian should approach all derivatives equally. Any technical
collaboration, such as incorporating useful patches from any
distribution, is always sensible. While Debian should remain independent
in its decision-making, it is important to stay aware of developments in related projects where relevant.

And pointing the finger to ourselves, how well do you think the Debian
Social contract and DFSG holds up? As a DPL candidate, do you think there's anything substantially missing?

https://www.debian.org/social_contract

Do you have specific concerns or ideas in mind regarding potential gaps?
I admit I have not thought about this yet, but I see the Social Contract
and DFSG as fundamental to Debian's identity. I am open to inspiring
ideas and discussions on how they might evolve.

Do you think that there are there ways we could do better at those promises and be a better Debian?

I believe our promises are well thought out and form a strong
foundation. What matters most is bringing them to life through our
actions. While there is always room to improve how we fulfill them, I
think Debian, in general, does a good job of staying true to them.

And another bonus question. How do you feel about the general concept of
free software going forward? Is it something that is growing / embraced by the world (big corporations, software companies, etc), or is the trend to nerf it and trend towards models such as open-core and exploit it as far as possible?

That's certainly a bonus question, and I believe the DPL has only a
marginal influence on these global trends. I've heard different
perspectives on the future of free software-some optimistic, some
concerned about shifts toward open-core models. What matters most to me
is that Debian continues to grow, which I've tried to illustrate in my
Bits talk at DebConf. As long as Debian thrives, I take that as a
positive sign.

And another because I'm supposed to be driving to work and it's more fun to type questions than to sit in traffic... how do you feel about how AI is going? Massive corporations are scraping and processing vast amounts of work in the commons that gets regurgitated as new and original code. Where do you stand on this, both ethically and in the context of the future of projects like Debian?

At FOSSASIA, I saw a talk that analyzed this topic to some extent. One
of the key takeaways was a graph showing that while commercial AIs are currently more powerful, free AIs are catching up. It will be
interesting to see how this trend develops and what it means for
projects like Debian. As Einstein supposedly said, 'Predictions are
difficult, especially about the future.'

Thank you for your questions
Andreas.


[1] https://lwn.net/Articles/1014603/

--
https://fam-tille.de

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, Mar 26, 2025 at 07:48:39AM +0200, Jonathan Carter wrote:

Dear DPL candidates

(As always, answer as little or much as you want)

How do you feel about organisations such as the Open Source Initiative, Free Software Foundation and the Linux Foundation?

The OSI's recent initiative about Open Source AI definition and the
handling of the board election have been hugely problematic and suffice
it to say I am not a fan of it.

WRT the FSF, I share the position of the FSFE in that I see myself
unable to collaborate with any organisation where RMS has a leading
position.

The Linux foundation to me feels like a group of corporations working
towards a common goal, rather than a group of people working towards the greater good.

We have two candidates who have mentioned their intent to collaborate more closely with Ubuntu, but should we also be doing more to collaborate with these?

I don't think we should broadly collaborate with the FSF or OSI until
the social problems are resolved.

I can't say much about the Linux foundation.

That being said, this should not limit people from engaging with other individual projects hosted in these groups, but it's more a question of
issuing joint statements, or announcing projects in like press releases
and things like that.

In cases where our goals start to diverge from these organisations (or more accurately, when their goals start to diverge from ours, but bah! I don't want to lead the question too much), should we be paying attention? Or even take action?

Most of the decisions that don't directly affect us we don't really need
to care about. Take the Open Source AI definition, we will need to
establish our own definition of what is a DFSG-free AI; but we need to
do that regardless of what OSI defines.

Other matters of the day will be taken care of by GR; like the issue of
RMS was. We may end up just voting not to issue statements in the end,
but having a structured way to reach the decision is helpful.

And pointing the finger to ourselves, how well do you think the Debian
Social contract and DFSG holds up? As a DPL candidate, do you think there's anything substantially missing?

https://www.debian.org/social_contract

Do you think that there are there ways we could do better at those promises and be a better Debian?

I think we're doing OK, but we do need to answer the challenges posed by
AI models and output of AI models. Notably, whether an AI model can be
shipped by Debian, and whether output of AI models can be shipped by
Debian.

But also this is not a really new problem, I'm sure we're already
shipping a lot of invalidly licensed code that just got lifted from StackOverflow.

And another bonus question. How do you feel about the general concept of
free software going forward? Is it something that is growing / embraced by the world (big corporations, software companies, etc), or is the trend to nerf it and trend towards models such as open-core and exploit it as far as possible?

The trend seems to be moving towards permissively licensed products,
which I am not a significant fan of. Many of the hugely important
projects like OpenWRT or mobile Linux OS are only possible because Linux
is GPL licensed, and as corporations shift further towards permissively licensed models and locked down devices, we lose the ability to tinker
with said devices.

And another because I'm supposed to be driving to work and it's more fun to type questions than to sit in traffic... how do you feel about how AI is going? Massive corporations are scraping and processing vast amounts of work in the commons that gets regurgitated as new and original code. Where do you stand on this, both ethically and in the context of the future of projects like Debian?

The AI crawlers are operating in botnets to try to evade detection, and
in turn DDoS websites, and someone should really go to prison there.

The data centers being built eat up more energy than anything before it,
it's like they don't care about climate goals anymore and now just want
to bet everyone's life on AI figuring out a revolutionary new solution
to fix climate change. Sigh.

All these AI products have not yielded any meaningful results, only FUD,
and are becoming a danger to our society and freedom. Heck, I recall
reading that a study found that people put more trust in (wrong) ChatGPT answers than in studied experts.

I've previously said that it's not clear to me which AIs are free
software and how output from an AI can be licensed. I think that's
a more fundamental problem for Debian, but also as mentioned, the
case of people stealing other people's code isn't exactly new, it's
just automated now.

--
debian developer - deb.li/jak | jak-linux.org - free software dev
ubuntu core developer i speak de, en

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Gianfranco Costamagna <[email protected]> writes:

yes. There are use case (e.g. automotive, safety), where you *have* to lock the system, for good reasons.

Please do not confuse the corporate desire to limit liability with actual improvements in safety.

Bdale

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEHguq2FwiMqGzzpLrtwRxBYMLn6EFAmflcp0ACgkQtwRxBYML n6GYHg/+N2pMr2oQU/TYGEaCR9zW8RkFUg2HsI5YZBZLzdoMmhNALdiOoYTsPSaj kHgigj1CJgJEaar9jn/dO39wHZB9Z48arin2MPhtI92KsF5xVX26QWj7E8ka0smN bek5Xy+J5Xrj0eXOqTW2BmQh+iSXYbPmtqV1YApSz1ip5nR8pP32Btg+/Gr81AmJ AhbViP0550AHdee9N2JgNHFD9RQtW/ivERr+w0c0i+n30/H1cUs08W2atVro63LW sv29Ckh/QKfbPQYc3XmsGycHgD32LmLr9ltsTAq8Uo2za5Yc7my9/k3/yebbfB8T psgEecN/FStISwIgqE9RthmkQFXtHS8E50NmQNTwAaUcCGu22Hnu8fI7M5vmqubZ d+M4q8YFTLBK/PiHpiXSuJZYsa8by0bO8L/6YFljkxu9j9i0oj3TlMcVCFV+yfXu R9/LzKlxCGIymFitPSEQMebcQZIaNAagqHeCd9ydpcG0yzqD/QrvwpQ4kpzLodXv vw8LJ5jxrit05IREXXS61aYgp2sQyVMz/hoOKZhWvmmE6Ilu/5XhB1dsmmzZkl38 wDt0NqZTcqAmgjzvGHfYfyr+DG5lRt49ktHxBugVTorcRj22pLLYjn0grLlTcfV2 6qJtjoIGifOLycH3/P36AgKZlUGlNQRx6O/vSJpe1A5Lgf59Iik=
=/KxK
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

CgpTZW50IGZyb20gV29ya3NwYWNlIE9ORSBCb3hlcgoKT24gTWFyIDI3LCAyMDI1IDEyOjE3LCBH aWFuZnJhbmNvIENvc3RhbWFnbmEgPGxvY3V0dXNvZmJvcmdAZGViaWFuLm9yZz4gd3JvdGU6Cgo+ Cgo+IGl0IGlzIGdyb3dpbmcsIGJ1dCB3ZSBjYW4gZG8gYmV0dGVyLiBJbiBteSBvcGluaW9uIHdl IG1pZ2h0IHdhbnQgdG8gc3RhcnQgdGhpbmtpbmcgYWJvdXQgIAoKPiBwcm92aWRpbmcgc29tZSBj bG91ZCBpbmZyYXN0cnVjdHVyZQoKCkluIHdoYXQgd2F5PyBBcmUgeW91IGF3YXJlIG9mIHdoYXQg SSd2ZSBiZWVuIGRvaW5nIG92ZXIgdGhlIGxhc3IgMTQgeWVhcnMgd2l0aCBPcGVuU3RhY2sgaW4g RGViaWFuID8gV2hhdCBtb3JlIGRvIHdlIG5lZWQgPwoKClRob21hcyBHb2lyYW5kICh6aWdvKQoK Cg== PGh0bWw+PGJvZHk+PGJyPjxicj48ZGl2IGRpcj0ibHRyIj5TZW50IGZyb20gV29ya3NwYWNlIE9O RSBCb3hlcjwvZGl2Pgo8ZGl2IGRpcj0ibHRyIj5PbiBNYXIgMjcsIDIwMjUgMTI6MTcsIEdpYW5m cmFuY28gQ29zdGFtYWduYSAmbHQ7bG9jdXR1c29mYm9yZ0BkZWJpYW4ub3JnJmd0OyB3cm90ZTo8 L2Rpdj4KPGRpdiBkaXI9Imx0ciI+Jmd0OzwvZGl2Pgo8ZGl2IGRpcj0ibHRyIj4mZ3Q7IGl0IGlz IGdyb3dpbmcsIGJ1dCB3ZSBjYW4gZG8gYmV0dGVyLiBJbiBteSBvcGluaW9uIHdlIG1pZ2h0IHdh bnQgdG8gc3RhcnQgdGhpbmtpbmcgYWJvdXTCoCA8L2Rpdj4KPGRpdiBkaXI9Imx0ciI+Jmd0OyBw cm92aWRpbmcgc29tZSBjbG91ZCBpbmZyYXN0cnVjdHVyZTwvZGl2Pgo8YnI+PGRpdiBkaXI9Imx0 ciI+SW4gd2hhdCB3YXk/IEFyZSB5b3UgYXdhcmUgb2Ygd2hhdCBJJiMzOTt2ZSBiZWVuIGRvaW5n IG92ZXIgdGhlIGxhc3IgMTQgeWVhcnMgd2l0aCBPcGVuU3RhY2sgaW4gRGViaWFuID8gV2hhdCBt b3JlIGRvIHdlIG5lZWQgPzwvZGl2Pgo8YnI+PGRpdiBkaXI9Imx0ciI+VGhvbWFzIEdvaXJhbmQg KHppZ28pPC9kaXY+Cjxicj48L2JvZHk+PC9odG1sPg==

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)