# voxpupuli
- v
VoxBot
11/07/2024, 3:20 PMso this announcement only concerns binary builds, not source access? - d
David Sandilands
11/07/2024, 3:20 PMcorrect only binary builds - v
VoxBot
11/07/2024, 3:20 PMbecause that's not clear to me at all, reading the announcement - v
VoxBot
11/07/2024, 3:21 PMbastelfreak: when you say "repos" there, are you refering to the binary package repos (APT/.deb, RPMs, etc) or git repos? - d
David Sandilands
11/07/2024, 3:21 PMbut for transparency to highlight changes would be made in the downstream private forked repos first before going to the public upstream repos - v
VoxBot
11/07/2024, 3:22 PMthat's a hell of a footnote - v
VoxBot
11/07/2024, 3:22 PManarcat: I meant the git repos - v
VoxBot
11/07/2024, 3:22 PMi think there's a contradiction here between "only binary packages are affected" and "oh, we're also forking to private repos now" - v
VoxBot
11/07/2024, 3:22 PMDavid: but then the private forks aren't downstream anymore - v
VoxBot
11/07/2024, 3:23 PMso what's going to happen in those private git repositories? - v
VoxBot
11/07/2024, 3:24 PMhow is that not close-sourcing puppet? that's effectively a closed source puppet repository - v
VoxBot
11/07/2024, 3:24 PMi mean you can do that, legally, of course, Puppet is Apache, not GPL - d
David Sandilands
11/07/2024, 3:24 PMhttps://www.redhat.com/en/blog/what-open-source-upstream#:~:text=Within%20information%20technology%2C[…]erm,flow%20from%20upstream%20to%20downstream was where I was trying to take my terminology from after getting very confused about upstream and downstream - v
VoxBot
11/07/2024, 3:24 PMbut it still means, in my book, we don't get access to the actual real repositories used to build Puppet - v
VoxBot
11/07/2024, 3:25 PMhttps://www.redhat.com/en/blog/what-open-source-upstream seems to be the canonical URL for that page https://www.redhat.com/en/blog/what-open-source-upstream - v
VoxBot
11/07/2024, 3:25 PManarcat: that's my undetstanding as well - v
VoxBot
11/07/2024, 3:25 PMnot sure what the rest of the stuff does - v
VoxBot
11/07/2024, 3:25 PMwhat's an "EAB" ? - v
VoxBot
11/07/2024, 3:25 PMheh - v
VoxBot
11/07/2024, 3:26 PMi mean that's effectively what we're talking about here - v
VoxBot
11/07/2024, 3:26 PMwe (Debian developers) need a reliable upstream from which we can pull new releases and security patches when they come out - v
VoxBot
11/07/2024, 3:26 PMif we can't have that anymore, we can't have puppet anymore, and it either needs to be removed from debian, or forked to provide a proper upstream - v
VoxBot
11/07/2024, 3:27 PMif those patches are locked behind a private repository hidden behind a EULA that is not a free software license, then puppet is effectively not free software anymore - v
VoxBot
11/07/2024, 3:27 PMSame for Arch Linux - v
VoxBot
11/07/2024, 3:27 PMsame for everything - v
VoxBot
11/07/2024, 3:27 PManarcat, but isn't (for Debian) the upstream puppet.git? which I would assume still will exist? - v
VoxBot
11/07/2024, 3:27 PMi just speak for debian though, and not voxpupuli - v
VoxBot
11/07/2024, 3:27 PMZhenech: from what i gathered, that still exists, but is lagging behind the real upstream - v
VoxBot
11/07/2024, 3:27 PMah, so android.git! - v
VoxBot
11/07/2024, 3:27 PMhaha