From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jason Self Subject: bug#34565: ungoogled-chromium contains Widevine DRM Date: Tue, 19 Feb 2019 17:12:17 -0800 Message-ID: <1550625137.14138.3.camel@jxself.org> References: <1550547897.31222.1.camel@jxself.org> <20190219070601.GA8273@jasmine.lan> <1550582906.5431.7.camel@jxself.org> <20190219144342.GA2688@jasmine.lan> <1550623152.12316.5.camel@jxself.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-uOLl35LSDQMCsKmHFb2A" Return-path: Received: from eggs.gnu.org ([209.51.188.92]:41897) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gwGS3-0007Gf-85 for bug-guix@gnu.org; Tue, 19 Feb 2019 20:13:32 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gwGRk-0005KT-KP for bug-guix@gnu.org; Tue, 19 Feb 2019 20:13:16 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:56176) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1gwGRa-0005Hm-4c for bug-guix@gnu.org; Tue, 19 Feb 2019 20:13:03 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1gwGRZ-0006r3-Ox for bug-guix@gnu.org; Tue, 19 Feb 2019 20:13:01 -0500 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: <1550623152.12316.5.camel@jxself.org> List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: 34565@debbugs.gnu.org --=-uOLl35LSDQMCsKmHFb2A Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable A different but related matter is the build process itself. I understand this is not exactly related to the DRM matter but it does seem similiar. I can open another bug over this if needed. I have recently submitted upstream's Chromium 73.0.3683.45 into my FOSSology instance for analysis. Actually, less than a third of the total files were classified as "BSD-like". In total it found 162 unique licenses. Of course, automated licenses analysis is never perfect and I have not fully vetted any particular results but it does help to at least indicate that which is very clearly free software and that which needs further investigation. Even in the short time I was reviewing it I found a number of freedom problems. I don't mean that to be an exhaustive list of everything, merely an indicator of a symptom: * unrar (license denies freedom 0) * third_party/blink has some images under CC-BY-NC-SA-2.0 * Google Toolbar is in there, with a non-free EULA Taking this and considering Guix's build process: The method of building seems to involve downloading Chromium, then runnning ungoogled-chromium over it, and then building. I'm not sure if any other packages have their freedom problems fixed in this way but this, just like build flags, should not be sufficient. Freedom problems should not be hidden/removed after the fact by asking the user to run a clean-up program after downloading the source, even if that has been automated by the package manager. What is sent to the end user to compile should itself be 100% free software and FSDG compliant from the beginning. If not it still amounts to distributing non-free software to the user when they want to, for example, do guix build -S chromium. --=-uOLl35LSDQMCsKmHFb2A Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iQIcBAABCgAGBQJcbKlyAAoJEJ0NsxtUWjGYiNMQALC0+q6+B4fntdDAW8GLGdg3 NVD4OHfUVWce4bdinEdYLo8G44m6hUxyGAVHVi+VJWKUbFu9z1GZoOKDTCfW7qJl NO2w3wphY2vzu5DtWfBVzX20PnAvvOo1+C3t9QoJDBJQFfJ2zy8qtq8b28Mvz3em OagcbyQE3TAktpC3HFuqqlQV9Hdabm5knavdepYyncQbaXmr48epZtARpYsUu+nb D/ANT2kf6kGgAc/Pg/8TW5qDMYufXZQdfeys3jLHoxYiHi2pxDEPsWNnIoUbXiwY gRNQ4eRFWG7zFuE4BZboimjJFnWYnTI2MDrCZ+lECukQEWDIjCUd38Waa8RmJUFB g6p0tf9LwEBRcDr+JIWCZMlw8+Ph+0HQGetx2DtjQDb59cJYgo+C6L+Xl5JhgSx3 zykZPPpQpZRf8k5uY+HtTJK9/0xyaarEJhafGE7fK0KuwW62qbwj2Evnx0Tw+8jQ oeEjVouZb+SkpUvQUJazGtsCi3UPqD3yIBXfBik/zdSUGptpMrUzCOHBm7q/1BsB 2hegh1nVsvBVM0HLDrgwTqxBsYaD/c+ZP0YII2MJjl94F9eBiJ17FRy3mWNlgfg3 mtVnyjGwhA+EK0gn05YsnsPm2WXfJu92w+BF2vY5oSGiBIXxGrM8VMwkKkd7J3Fe RhzK3O7wtTW2/Bff/PUP =IL5v -----END PGP SIGNATURE----- --=-uOLl35LSDQMCsKmHFb2A--