Incompatible Packages and Projects
As project oriented on free, permissive licensed software Hyperbola has a strict way to integrate different software-projects and packages based on them. Followed up the possible reasonings for us to decline packages for building or remove them from our repositories:
- Package (software) is only available for the GNU/Linux-platform itself and is not as port for BSD possible, including the exclusive usage of interfaces being only available on GNU/Linux
- Package (software) is bloated in technical, social and / or economical (eg. hardware resources) aspects, which means integration makes it the one major dependency for many others or its own dependency-tree is way more complex
- Package (software) includes several already known vulnerable and insecure implementations and also opposes the essential long-term support from Hyperbola as the maintaining person(s) just state to always update to the newest version without having any interest in stable release-schedules
- Package (software) is clearly non-free in its outcome and includes several parts impossible to remove or to modify, also declining the modification without asking, excluded would be packages (software) being right possible to patch and non-scaling in size of code with upstream maintainers decided to follow free and libre basics removing problematic parts / code
- Package (software) is in its original state not complete free and libre, therefore patching would be needed but this would end in such tremendous work that even forking would be the better option
- Package (software) is not based on the pure work of the community and is just a corporate project pretending to be free and libre in its licensing with people attend but nevertheless misusing their engagement so named copyright-holding companies get their profit with
All of those named points are reducing or even worse declining the elemental freedom of the user, to learn, to modify, to share and to use for any purpose without restrictions. Hyperbola was and is always about essential freedom and with its goal of technical emancipation oriented on lightweight software and design so people can learn and fully control their system by all means. Including software-projects and packages based on them opposing this will never be done, also not just for convinience!
List of packages and projects being not integrated and removed
Name | Description | Reasoning |
---|---|---|
systemd | system and service manager | See our reasoning here. |
dbus | Freedesktop.org message bus system | See our reasoning here. |
openssl | Toolkit for Secure Sockets Layer and Transport Layer Security | See our reasoning here. |
bluez | Daemons for the bluetooth protocol stack | See our reasoning here. |
xorg | Xorg X server | See our reasoning here. |
gtk-doc | Documentation tool for public library API | There is no need to implement a toolset for generating any kind of HTML-based documentation or even more complex file-formats while man pages are absolutely sufficient. |
libcanberra | Implementation of the XDG Sound Theme Specification | Package is not needed for running any kind of application and just make more work to maintain it, while the software itself is using more in its own dependency-tree. |
avahi | Service Discovery using mDNS/DNS-SD | Package is named as being compatible with the non-free framework Bonjour from Apple and is also a possible attack-vector throughout the network. |
zstd | Zstandard - Fast real-time compression algorithm | Package is free and permissive licensed but nevertheless bloat within especially social and economical aspects as some projects implement it as mandatory dependency without any kind of choice left to fast select another interface and dependency. Corporate project imposing their goals and destroying other free software with imperative things (breaks portability, ignores backwards compatibility, and replaces existing services, forcing into adoption)! |
protobuf | Protocol Buffers - data interchange format | Package is free and permissive licensed but nevertheless bloat within especially social and economical aspects as some projects implement it as mandatory dependency without any kind of choice left to fast select another interface and dependency. Corporate project imposing their goals and destroying other free software with imperative things (breaks portability, ignores backwards compatibility, and replaces existing services, forcing into adoption)! |
libatasmart | ATA S.M.A.R.T. Reading and Parsing Library | Package is based on interfaces only available on GNU/Linux, making it impossible to be ported and / or used further. |
java / openjdk | Java development kit | See our reasoning here. |
rust | Systems programming language | See our reasoning here. |
sudo | Give certain users the ability to run some commands as root | See our reasoning here. |
gettext | GNU internationalization library | Enforcing usage of Java and C# (.Net / Mono), while including references towards those non-free language implementations. Package itself is completely bloated in all named categories. |
mono | Implementation of the .NET platform including runtime and compiler | Package is free and permissive licensed but nevertheless bloat within especially social and economical aspects as some projects implement it as mandatory dependency without any kind of choice left to fast select another interface and dependency. Corporate project imposing their goals and destroying other free software with imperative things as the company Microsoft has only given the permission for the core-parts, holding back essential copyright material and is able planning to force all free C# implementations underground some day using their software patent (source). |
nodejs | Evented I/O for V8 javascript | Package is free and permissive licensed on the first look but nevertheless bloat within all parts. Also it is a possible attack-vector as JavaScript is exectued at run- and build-time with many further needed dependencies for projects. Further reasoning is to be read here. |
npm | A package manager for javascript | We do not distribute any further package-manager outside our own as there will be never any kind of control which kind of licensed dependency is loaded and installed. Possible non-free dependencies would be then provided direct on the system. |
pip | The PyPA recommended tool for installing Python packages | We do not distribute any further package-manager outside our own as there will be never any kind of control which kind of licensed dependency is loaded and installed. Possible non-free dependencies would be then provided direct on the system. |
conan | A distributed C/C++ package manager | We do not distribute any further package-manager outside our own as there will be never any kind of control which kind of licensed dependency is loaded and installed. Possible non-free dependencies would be then provided direct on the system. |
cargo | Package manager for Rust | We do not distribute any further package-manager outside our own as there will be never any kind of control which kind of licensed dependency is loaded and installed. Possible non-free dependencies would be then provided direct on the system. |
flatpak | Application sandboxing and distribution framework | The project itself would bring up another way to distribute software, but as there is no source available without non-free packages and also no restriction to be implemented: Possible non-free dependencies and software would be then provided direct on the system. |
chromium | A web browser built for speed and simplicity | See our reasoning here. |
qt-webengine | Provides support for web applications | Package is based fully on chromium. |
youtube-dl / yt-dlp (any fork) | A command-line program to download videos from YouTube.com and more sites | Besides that the only purpose of this software is to work with non-free platforms, this so-called “streamripper”-projects are part of further problems in contact with copyright-questions. Free and libre software mustn't use non-free platforms to circumvent them and make usage in a way nevertheless possible for accessing. For reaching possible easy download and extraction of data most of the projects incorporate JS, SWF, and SDK interpreters in order to deliver some functionality; packaging these runs contrary to delivering freedom as a number 1 priority (more information here). |
electron | Build cross platform desktop apps with web technologies | Package is not fully free and permissive licensed and bloat within all categories. Corporate project imposing their goals and destroying other free software with imperative things (breaks portability, ignores backwards compatibility, and replaces existing services, forcing into adoption)! |
midori | Lightweight web browser | The original project was abandoned since 2019 and further forks done on the base of electron. |
go | Core compiler tools for the Go programming language | Hyperbola only provides gcc-go within the repositories and rejects the usage of go beyond as the language itself is designed to download further dependencies at buildtime, while there is no guarantee those are free and libre licensed. Besides that this concept opposes the idea of a stable design for software. |
cdrtools | Supporting CD, DVD and BluRay burning | Package includes Apple's license binding with no clarification (apple_driver utility is non-free) and has an incompatible mix of the GPL and the CDDL, for which Hyperbola cannot include this software and all further projects exclusive only based on this. |
kodi | Software media player and entertainment hub for digital media | Package contains non-free decompression engine for RAR archives and support for non-free addons, parts are furthermore only useful with java-runtime (jre7-openjdk and/or later versions) and it depends on libpulse and recommends pulseaudio optional installation. |
pulseaudio | A general-purpose sound server | Package contains absurd bugs and conceptional problems such as SIGSEGV, following then takes some client applications with when crashing. There are also buffering issues which cause sound to stutter, jitter, and basically providing bad output. Reports of bugs with the hardware mixer, breaks or jitters input streams when adjusting line-in or mic volume; misidentifies mixer controls, depends on openssl, depends on systemd. |
libhandy | Library full of GTK+ widgets for mobile phones | Package is mandatory for many newer GTK+ applications and instead of being just an option it is taken that way into the very basic needs for compilation, which causes even more dependencies. |
imagemagick | An image viewing/manipulation program | Package has trademark issues. |
directx-headers | DirectX headers for using D3D12 | The whole purpose of this package is only to provide some support for execution of DirectX-based applications and games. As technology-stack DirectX stays completely non-free, so there is also no purpose for Hyperbola including such package. |
directx-shader-compiler | A compiler for HLSL to DXIL (DirectX Intermediate Language) | The whole purpose of this package is only to provide some support for execution of DirectX-based applications and games. As technology-stack DirectX stays completely non-free, so there is also no purpose for Hyperbola including such package. |
redis | An in-memory database that persists on disk | Package is free and permissive licensed, but in its whole approach only usable in combination with specialized software. Corporate project imposing their goals and destroying other free software with imperative things (breaks portability, ignores backwards compatibility, and replaces existing services, forcing into adoption)! |
syslog-ng | Next-generation syslogd with advanced networking and filtering capabilities | Package is free and permissive licensed, but in its whole approach making a difference between users paying or not. Corporate project imposing their goals and destroying other free software with imperative things (breaks portability, ignores backwards compatibility, and replaces existing services, forcing into adoption, source)! |
libsecret | Library for storing and retrieving passwords and other secrets | Package is another approach for having password-management in applications possible. But especially those sensible fields should not done within a library, while this also results into more dependencies and no lightweight implementation! |
polkit | Application development toolkit for controlling system-wide privileges | Privileges should be always being handled with care, especially not system-wide controlled by only one service / package including severe security-issues and being foremost oriented only onto GNU/Linux. |
udisks2 | Disk Management Service, version 2 | Package is providing foremost only support towards GNU/Linux and is not available elsewhere. Furthermore dependencies for polkit, libatasmart and others needed. |
gvfs | Virtual filesystem implementation for GIO | Package is bloat within all named aspects and includes also interfaces to non-free webservices. |
pam | PAM (Pluggable Authentication Modules) library | Package has different security-issues and is not oriented on the way of technical emancipation as Hyperbola is trying to adapt lightweight implementations. |
Packages and projects using those named dependencies within the listing as mandatory dependency can't and won't be integrated within the repositories of Hyperbola at any time.
Please be also aware that even if it would be possible to patch several dependencies out for packaging a concrete version: This patch would only work for a concrete version and release. With any new released version the whole work would be done again or even worse is no longer possible. Also take into your perspective that even a questionable dependency is once optional it may be changed in coming new releases. For a small system and project like Hyperbola this is not acceptable. You cannot select the fitting convinient way, just some packages are not fitting and others do. Either to follow the whole strict way for not ignoring issues or staying pragmatic. The decision for the project is oriented onto not ignore all issues!
The bigger picture and conclusion
While many other systems and system-distributions include those above listed packages in one form or another (other names and descriptions) Hyperbola is oriented fully on the freedom for the users. To keep the packages named is mostly done with the reasoning of convinience, set above freedom and technical emancipation in general.
This list is not meant to be used as false argument against Hyperbola as project, likewise stating it would be ideological misleaded. Everyone and every user is free in the own decision. So what is furthermore done local stays upon that. But to keep up the freedom and especially the free decision software-projects named are excluded. Learning how to build and package software is part of our main purpose for the users.
So is it about “isolation” for Hyperbola? No, for sure not. But the project is setting up a clear statement with all those packages listed not compatible. A clear statement in regards for the principles and values being important for Hyperbola and as every project those matters for us. If this is to be seen different? That's absolutely working, but for sure not in our perspective. And perhaps this drop of information and principles likewise values keeps on growing as to oppose the misusage of free, libre culture in its roots. Perhaps others may say that politics do not matter for software, we see it different. Everything is part of and political, otherwise this project and the whole sphere of free and libre software, licensing and culture would not exist! There is also a right not to use a package and choose a different one as part of a diverse approach building the own system for the own usage.