Incompatible Packages and Projects
As project oriented on free, permissive licensed software Hyperbola has a strict way to integrate different software-projects and packages based on them. Followed up the possible reasonings for us to decline packages for building or remove them from our repositories:
- Package (software) is only available for the GNU/Linux-platform itself and is not as port for BSD possible, including the exclusive usage of interfaces being only available on GNU/Linux
- Package (software) is bloated in technical, social and / or economical (eg. hardware resources) aspects, which means integration makes it the one major dependency for many others or its own dependency-tree is way more complex
- Package (software) includes several already known vulnerable and insecure implementations and also opposes the essential long-term support from Hyperbola as the maintaining person(s) just state to always update to the newest version without having any interest in stable release-schedules
- Package (software) is clearly non-free in its outcome and includes several parts impossible to remove or to modify, also declining the modification without asking, excluded would be packages (software) being right possible to patch and non-scaling in size of code with upstream maintainers decided to follow free and libre basics removing problematic parts / code
- Package (software) is in its original state not complete free and libre, therefore patching would be needed but this would end in such tremendous work that even forking would be the better option
- Package (software) is not based on the pure work of the community and is just a corporate project pretending to be free and libre in its licensing with people attend but nevertheless misusing their engagement so named copyright-holding companies get their profit with
- Package (software) is especially not possible to build without further additional gtk-doc and / or texlive just for the documentation (documentation is a good and essential point, but not with over-engineered dependencies to maintain)
All of those named points are reducing or even worse declining the elemental freedom of the user, to learn, to modify, to share and to use for any purpose without restrictions. Hyperbola was and is always about essential freedom and with its goal of technical emancipation oriented on lightweight software and design so people can learn and fully control their system by all means. Including software-projects and packages based on them opposing this will never be done, also not just for convinience!
List of packages and projects being not integrated and removed
|systemd||system and service manager||See our reasoning here.|
|dbus||Freedesktop.org message bus system||See our reasoning here.|
|openssl||Toolkit for Secure Sockets Layer and Transport Layer Security||See our reasoning here.|
|bluez||Daemons for the bluetooth protocol stack||See our reasoning here.|
|xorg||Xorg X server||See our reasoning here.|
|gtk-doc||Documentation tool for public library API||There is no need to implement a toolset for generating any kind of HTML-based documentation or even more complex file-formats while man pages are absolutely sufficient.|
|libcanberra||Implementation of the XDG Sound Theme Specification||Package is not needed for running any kind of application and just make more work to maintain it, while the software itself is using more in its own dependency-tree.|
|avahi||Service Discovery using mDNS/DNS-SD||Package is named as being compatible with the non-free framework Bonjour from Apple and is also a possible attack-vector throughout the network.|
|zstd||Zstandard - Fast real-time compression algorithm||Package is free and permissive licensed but nevertheless bloat within especially social and economical aspects as some projects implement it as mandatory dependency without any kind of choice left to fast select another interface and dependency. Corporate project imposing goals of free, libre culture and destroying other free software with imperative things (breaks portability, ignores backwards compatibility, and replaces existing services, forcing into adoption)!|
|protobuf||Protocol Buffers - data interchange format||Package is free and permissive licensed but nevertheless bloat within especially social and economical aspects as some projects implement it as mandatory dependency without any kind of choice left to fast select another interface and dependency. Corporate project imposing goals of free, libre culture and destroying other free software with imperative things (breaks portability, ignores backwards compatibility, and replaces existing services, forcing into adoption)!|
|libatasmart||ATA S.M.A.R.T. Reading and Parsing Library||Package is based on interfaces only available on GNU/Linux, making it impossible to be ported and / or used further.|
|java / openjdk||Java development kit||See our reasoning here.|
|rust||Systems programming language||See our reasoning here.|
|sudo||Give certain users the ability to run some commands as root||See our reasoning here.|
|gettext||GNU internationalization library||Enforcing usage of Java and C# (.Net / Mono), while including references towards those non-free language implementations. Package itself is completely bloated in all named categories.|
|mono||Implementation of the .NET platform including runtime and compiler||Package is free and permissive licensed but nevertheless bloat within especially social and economical aspects as some projects implement it as mandatory dependency without any kind of choice left to fast select another interface and dependency. Corporate project imposing goals of free, libre culture and destroying other free software with imperative things as the company Microsoft has only given the permission for the core-parts, holding back essential copyright material and is able planning to force all free C# implementations underground some day using their software patent (source).|
|pip||The PyPA recommended tool for installing Python packages||We do not distribute any further package-manager outside our own as there will be never any kind of control which kind of licensed dependency is loaded and installed. Possible non-free dependencies would be then provided direct on the system.|
|conan||A distributed C/C++ package manager||We do not distribute any further package-manager outside our own as there will be never any kind of control which kind of licensed dependency is loaded and installed. Possible non-free dependencies would be then provided direct on the system.|
|cargo||Package manager for Rust|
|flatpak||Application sandboxing and distribution framework||The project itself would bring up another way to distribute software, but as there is no source available without non-free packages and also no restriction to be implemented: Possible non-free dependencies and software would be then provided direct on the system.|
|chromium||A web browser built for speed and simplicity||See our reasoning here.|
|qt-webengine||Provides support for web applications||Package is based fully on chromium.|
|youtube-dl / yt-dlp (any fork)||A command-line program to download videos from YouTube.com and more sites||Besides that the only purpose of this software is to work with non-free platforms, this so-called “streamripper”-projects are part of further problems in contact with copyright-questions. Free and libre software mustn't use non-free platforms to circumvent them and make usage in a way nevertheless possible for accessing. For reaching possible easy download and extraction of data most of the projects incorporate JS, SWF, and SDK interpreters in order to deliver some functionality; packaging these runs contrary to delivering freedom as a number 1 priority (more information here).|
|electron||Build cross platform desktop apps with web technologies||Package is not fully free and permissive licensed and bloat within all categories. Corporate project imposing goals of free, libre culture and destroying other free software with imperative things (breaks portability, ignores backwards compatibility, and replaces existing services, forcing into adoption)!|
|midori||Lightweight web browser||The original project was abandoned since 2019 and further forks done on the base of electron.|
|go||Core compiler tools for the Go programming language||Hyperbola only provides gcc-go within the repositories and rejects the usage of go beyond as the language itself is designed to download further dependencies at buildtime, while there is no guarantee those are free and libre licensed. Besides that this concept opposes the idea of a stable design for software.|
|cdrtools||Supporting CD, DVD and BluRay burning||Package includes Apple's license binding with no clarification (apple_driver utility is non-free) and has an incompatible mix of the GPL and the CDDL, for which Hyperbola cannot include this software and all further projects exclusive only based on this.|
|kodi||Software media player and entertainment hub for digital media||Package contains non-free decompression engine for RAR archives and support for non-free addons, parts are furthermore only useful with java-runtime (jre7-openjdk and/or later versions) and it depends on libpulse and recommends pulseaudio optional installation.|
|pulseaudio||A general-purpose sound server||Package contains absurd bugs and conceptional problems such as SIGSEGV, following then takes some client applications with when crashing. There are also buffering issues which cause sound to stutter, jitter, and basically providing bad output. Reports of bugs with the hardware mixer, breaks or jitters input streams when adjusting line-in or mic volume; misidentifies mixer controls, depends on openssl, depends on systemd.|
|libhandy||Library full of GTK+ widgets for mobile phones||Package is mandatory for many newer GTK+ applications and instead of being just an option it is taken that way into the very basic needs for compilation, which causes even more dependencies.|
|imagemagick||An image viewing/manipulation program||Package has trademark issues.|
|directx-headers||DirectX headers for using D3D12||The whole purpose of this package is only to provide some support for execution of DirectX-based applications and games. As technology-stack DirectX stays completely non-free, so there is also no purpose for Hyperbola including such package.|
|directx-shader-compiler||A compiler for HLSL to DXIL (DirectX Intermediate Language)||The whole purpose of this package is only to provide some support for execution of DirectX-based applications and games. As technology-stack DirectX stays completely non-free, so there is also no purpose for Hyperbola including such package.|
|redis||An in-memory database that persists on disk||Package is free and permissive licensed, but in its whole approach only usable in combination with specialized software. Corporate project imposing goals of free, libre culture and destroying other free software with imperative things (breaks portability, ignores backwards compatibility, and replaces existing services, forcing into adoption)!|
|syslog-ng||Next-generation syslogd with advanced networking and filtering capabilities||Package is free and permissive licensed, but in its whole approach making a difference between users paying or not. Corporate project imposing goals of free, libre culture and destroying other free software with imperative things (breaks portability, ignores backwards compatibility, and replaces existing services, forcing into adoption, source)!|
|libsecret||Library for storing and retrieving passwords and other secrets||Package is another approach for having password-management in applications possible. But especially those sensible fields should not done within a library, while this also results into more dependencies and no lightweight implementation! It communicates using dbus and is therefore not possible to be included for Hyperbola at any time.|
|polkit||Application development toolkit for controlling system-wide privileges||Privileges should be always being handled with care, especially not system-wide controlled by only one service / package including severe security-issues and being foremost oriented only onto GNU/Linux.|
|udisks2||Disk Management Service, version 2||Package is providing foremost only support towards GNU/Linux and is not available elsewhere. Furthermore dependencies for polkit, libatasmart and others needed.|
|gvfs||Virtual filesystem implementation for GIO||Package is bloat within all named aspects and includes also interfaces to non-free webservices.|
|pam||PAM (Pluggable Authentication Modules) library||Package has different security-issues and is not oriented on the way of technical emancipation as Hyperbola is trying to adapt lightweight implementations.|
|retroarch / libretro||Reference frontend for the libretro API||Package is providing several non-free libraries and projects.|
|qt-location||Provides access to position, satellite and area monitoring classes||Package is used for geo-tracking of users.|
|php||A general-purpose scripting language that is especially suited to web development||See our reasoning here.|
|sbc||Bluetooth Subband Codec (SBC) library||See our reasoning here.|
Packages and projects using those named dependencies within the listing as mandatory dependency can't and won't be integrated within the repositories of Hyperbola at any time.
Please be also aware that even if it would be possible to patch several dependencies out for packaging a concrete version: This patch would only work for a concrete version and release. With any new released version the whole work would be done again or even worse is no longer possible. Also take into your perspective that even a questionable dependency is once optional it may be changed in coming new releases. For a small system and project like Hyperbola this is not acceptable. You cannot select the fitting convinient way, just some packages are not fitting and others do. Either to follow the whole strict way for not ignoring issues or staying pragmatic. The decision for the project is oriented onto not ignore all issues!
List of packages and projects being integrated but in staled state
|weechat||Fast, light and extensible IRC client (curses UI)||Since release 3.5 the project is enforcing zstd using it as mandatory dependency. So the last functional version for Hyperbola is 3.4.1 and being on hold in this state.|
|minetest||Multiplayer infinite-world block sandbox game||Since release 5.5 the project is enforcing zstd using it as mandatory dependency. So the last functional version for Hyperbola is 5.4.1 and being on hold in this state with current version 5.3.|
|wyrmsun||Real-time strategy game based on history, mythology and fiction||Since release 4.0.0 the project is enforcing qt-location using it as mandatory dependency. So the last functional version for Hyperbola is 3.5.4 and being on hold in this state.|
|ccache||Compiler cache that speeds up recompilation by caching previous compilations||Since release 4.0 the project is enforcing zstd using it as mandatory dependency. So the last functional version for Hyperbola is 3.7.12 and being on hold in this state.|
|librsvg||SVG rendering library||Project is enforcing the usage of Rust from versions newer than 2.40.21.|
|hexchat||A popular and easy to use graphical IRC (chat) client||Since higher versions than 2.14.3 the project is using different parameters for compilations and no longer offers the possibility to disable the notification-interfaces which is causing unneeded warnings for not existing dbus-interfaces.|
Packages and projects in the state on hold are not able to get any further update as they enforce dependencies being not possible to be added or integrated as otherwise being a direct violation of the principles and values of Hyperbola. If there are possible problems for security those would be needed to be removed. When needed Hyperbola will also backport security-fixes!
It sounds harsh when we need to mark a package being set on hold, but we would have nevertheless otherwise need to integrate packages and dependencies we have before marked as incompatible with our own perspective of software-freedom. This has nothing to with any kind more fanatic perspective as it is just following a simple and also direct logic. When a project concludes to have incompatible dependencies marked mandatory for running, we have only the choice to ask upstream for alternatives or leave the resulting software / package complete out. And many of our questions for having alternative options upstream were rejected in the past, as we wanted to keep problematic frameworks and dependencies optional instead of defining them as mandatory. Surely we don't and won't interfere within the decisions of the project-maintainers so we decide most to put the packages included then in this state. The communication to upstream can help and bring insights, but it can be also mistaken as the opposite. Our decision is therefore having working versions of packages put on hold whenever their dependency-tree is changing to more complex frameworks and libraries in usage putting the users at risk to loose the insights in their installed system. It is just the clear idea of software-freedom, which we are following. Also to add: It is surely not always the newest version of a software-package needed or the safe spot for security afterwards. When a package always needs the newest version for being “safe” it should be more questioned in its quality of code and design.
As HyperbolaBSD is a complete operating-system we are not longer in the need to follow the routine to update always every package and can follow our own perspective instead.
The bigger picture and conclusion
While many other systems and system-distributions include those above listed packages in one form or another (other names and descriptions) Hyperbola is oriented fully on the freedom for the users. To keep the packages named is mostly done with the reasoning of convinience, set above freedom and technical emancipation in general.
This list is not meant to be used as false argument against Hyperbola as project, likewise stating it would be ideological misleaded. Everyone and every user is free in the own decision. So what is furthermore done local stays upon that. But to keep up the freedom and especially the free decision software-projects named are excluded. Learning how to build and package software is part of our main purpose for the users.
So is it about “isolation” for Hyperbola? No, for sure not. But the project is setting up a clear statement with all those packages listed not compatible and / or on hold. A clear statement in regards for the principles and values being important for Hyperbola and as every project those matters for us. If this is to be seen different? That's absolutely working, but for sure not in our perspective. And perhaps this drop of information and principles likewise values keeps on growing as to oppose the misusage of free, libre culture in its roots. Perhaps others may say that politics do not matter for software, we see it different. Everything is part of and political, otherwise this project and the whole sphere of free and libre software, licensing and culture would not exist! There is also a right not to use a package and choose a different one as part of a diverse approach building the own system for the own usage.