From: Marius Bakke <mbakke@fastmail.com>
To: Jason Self <j@jxself.org>, 34565@debbugs.gnu.org
Subject: bug#34565: ungoogled-chromium contains Widevine DRM
Date: Wed, 20 Feb 2019 15:37:15 +0100 [thread overview]
Message-ID: <87wolumspw.fsf@fastmail.com> (raw)
In-Reply-To: <1550625137.14138.3.camel@jxself.org>
[-- Attachment #1: Type: text/plain, Size: 2516 bytes --]
Jason Self <j@jxself.org> writes:
> A different but related matter is the build process itself. I
> understand this is not exactly related to the DRM matter but it does
> seem similiar. I can open another bug over this if needed. I have
> recently submitted upstream's Chromium 73.0.3683.45 into my FOSSology
> instance for analysis. Actually, less than a third of the total files
> were classified as "BSD-like". In total it found 162 unique licenses.
> Of course, automated licenses analysis is never perfect and I have not
> fully vetted any particular results but it does help to at least
> indicate that which is very clearly free software and that which needs
> further investigation.
To avoid duplicate work, it would be useful if you ran this analysis on
the tarball produced by `guix build --source ungoogled-chromium`.
> Even in the short time I was reviewing it I found a number of freedom
> problems. I don't mean that to be an exhaustive list of everything,
> merely an indicator of a symptom:
>
> * unrar (license denies freedom 0)
UnRAR is not present in the Guix source.
> * third_party/blink has some images under CC-BY-NC-SA-2.0
I cannot find these images: grepping for CC-BY-NC-SA or 'Creative
Commons' did not aid. Did you record the absolute paths to these files?
> * Google Toolbar is in there, with a non-free EULA
My grep-fu is really failing me today. Where is this located?
> Taking this and considering Guix's build process: The method of
> building seems to involve downloading Chromium, then runnning
> ungoogled-chromium over it, and then building. I'm not sure if any
> other packages have their freedom problems fixed in this way but this,
> just like build flags, should not be sufficient. Freedom problems
> should not be hidden/removed after the fact by asking the user to run a
> clean-up program after downloading the source, even if that has been
> automated by the package manager. What is sent to the end user to
> compile should itself be 100% free software and FSDG compliant from the
> beginning. If not it still amounts to distributing non-free software to
> the user when they want to, for example, do guix build -S chromium.
As Leo says, `guix build --source` should never return nonfree software
as a matter of policy. Ungoogled-Chromium is no different: running
`guix build --source ungoogled-chromium` will run the pruning scripts
and generate a sanitized tarball, or (more likely) transparently
download an already-processed source from the build farm.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]
next prev parent reply other threads:[~2019-02-20 15:28 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-19 3:44 bug#34565: ungoogled-chromium contains Widevine DRM Jason Self
2019-02-19 7:06 ` Leo Famulari
2019-02-19 13:28 ` Jason Self
2019-02-19 13:42 ` Julien Lepiller
2019-02-19 14:44 ` Julien Lepiller
2019-02-20 5:42 ` Leo Famulari
2019-02-20 9:22 ` Giovanni Biscuolo
2019-02-20 14:48 ` Marius Bakke
2019-10-12 11:14 ` ng0
2019-10-12 11:32 ` bug#34565: ungoogled-chromium may contain " Marius Bakke
2019-02-19 14:43 ` bug#34565: ungoogled-chromium contains " Leo Famulari
2019-02-20 0:39 ` Jason Self
2019-02-20 1:12 ` Jason Self
2019-02-20 1:19 ` Jason Self
2019-02-20 13:03 ` Jason Self
2019-02-20 16:18 ` Julien Lepiller
2019-02-20 20:15 ` Adonay Felipe Nogueira
2019-02-20 21:49 ` Ricardo Wurmus
2019-02-21 2:19 ` Jason Self
2019-02-20 5:15 ` Leo Famulari
2019-02-20 5:35 ` Jason Self
2019-02-20 7:59 ` bug#34565: ungoogled-chromium might contain remnants of " Ricardo Wurmus
2019-02-20 10:09 ` bug#34565: ungoogled-chromium contains " Jelle Licht
2019-02-20 14:37 ` Marius Bakke [this message]
2019-02-21 2:43 ` Jason Self
2019-02-21 7:51 ` Marius Bakke
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87wolumspw.fsf@fastmail.com \
--to=mbakke@fastmail.com \
--cc=34565@debbugs.gnu.org \
--cc=j@jxself.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).