bill-auger writes: > On Mon, 04 Feb 2019 23:34:45 +0100 Ludovic wrote: >> It’s not entirely clear to me what the problems are, to be honest. > > On Wed, 06 Feb 2019 22:04:59 +0100 Marius wrote: >> Indeed, the only real breakthrough is that we now have a script to >> create an Ungooglified source tarball with all unnecessary third_party >> components removed. >> I am of course happy to help other FSDG distributions liberate their >> Chromium too. > > it is not clear to *anyone* precisely what the licensing problems are - > not even the upstream developers have been able to confirm or deny them > with any certainty - that is the very reason why this ugly situation has > been standing all these years, as yet unresolved > > by your own admittance there, you have not "liberated" chromium - you > have "ungooglified" it, and discarded some non-essential third-party > code - the work of the "ungoogled" and "iridium" teams has been > discussed at length and was concluded to be insufficient as a liberation > procedure, because their work only addresses proivacy issues, but not > licensing - "liberation" would first require *something* that is not > FSDG compliant to be identified as such, and *then* for that something > to be removed or patched in order to be compliant - neither of those > events has occurred, and we all know it - that is the very reason this > situation has stood unresolved for so long > > so, this recent work done by guix is not a resolution to the problem - > it is merely sweeping the problem under the rug, rather than confronting > it at face value, as Adfeno has been suggesting For the benefit of everyone following this discussion, I'll summarize the problems with Chromium and how they are addressed by my patch. 1) Chromium is non-free. The raw Chromium tarball contains a lot of software that is non-free. Heck, it's not even possible to build it without the proprietary Unrar program unless you patch it! Luckily, these non-free components are in various "third_party" directories. Thus, it is possible to traverse the tarball and remove all such parts that are not already audited and whitelisted. Which is exactly what my patch does. Despite years of searching, I have not found any proprietary parts in first party code! I cannot prove this obviously; but proving the contrary should be trivial. Thus, I surmise that the code is indeed free --- I would not have submitted it for Guix if I had the slightest doubt to the contrary. 2) Chromium spies on the user. Just starting the browser in the default configuration will cause it to submit traffic to Google. The exact nature of this data is unclear, but such behaviour is clearly not something fit for a GNU distribution. Ungoogled-Chromium solves this by 1) patching out all non-essential functionality (such as "safe browsing" and web store integration); and 2) performing a tree-wide "domain substitution" such that all Google (and some more) domains are replaced with a bogus "9oo91e.qjz9zk" domain. I have verified that the browser sends no unsolicited network requests when launching or during usage after applying the Ungoogled patches, something I never managed with the "normal" free Chromium no matter how many flags or patches I tried. Thus, I surmise that this browser does indeed protect the users privacy. ------------------------------------------------------------------------ Since there have been no coherent arguments against this browser in the two weeks since it was submitted, I plan to push this patch *tomorrow*. Thanks for the feedback, Marius