Hello Bill, bill-auger writes: > regarding the recent proposal of introducing chromium into guix; i have > done a lot of research and participated in much discussion regarding > it's fitness regarding the FSDG; and i am quite surprised to see it so > much as suggest into guix > > for the benefit of anyone who does not not know, the controversy > regarding the allegedly improper licensing of chromium is nearly > 10 years old now and has been discussed ad-nauseam over the years - > many people want it to be resolved one way or the other; but as of > today, it is not resolved; and therefore guix, as a GNU project, and > guixsd, as an FSDG distro should not be so eager to package or > distribute it - someone from the FSF told me that RMS has expressed an > interest in resolving this; but it would be a huge task to scrutinize > that entire code-base, even with the assistance of tools such as > fossology - as of today, no one has done that, and no FSDG distro > carries chromium - that is not an oversight, because they have not > yet gotten around to packaging it, nor that the devs or users do not > want that program; but because the consensus among the community is > that this program has never been shown to be 100% freely distributable > - unless the FSF makes a definitive statement about this, it's > introduction (or re-introduction as the case may be) into any FSDG > distro should be considered to be premature at this time - seeing as > how the issue has not been resolved after 10 years, it is not even > clear, if such a time will ever arrive when it will be justified > > to be clear, it is assumed that the issue pertains to all > chromium-derived browsers such as iridium and "ungoogled" chromium, the > qt5-webengine library and browsers linking to it such as qupzilla and > falkon, and all electron "apps" such as riot, atom, and vscode - one > fedora developer has told me recently[1] that anything built on electron > is probably a hopeless cause; but a qt5-webengine dev has stated > that this issue bothers them too and they will fix any problems found > even if the upstream does not - that is encouraging because clients of > qt5-webengine account for the majority of programs that are on the > parabola blacklist for using chromium-derived code - a wiki page was > created recently the FSD especially for such programs that should be > scrutinized[2] Can you elaborate on what exactly the issue is? I am aware that Chromium bundles non-free sources, but the proposed Guix package purges these from the source tarball so that they don't show up when a user runs `guix build --source chromium`. All non-essential "third_party" directories are purged in the same manner. I have audited the remaining third_party files and AFAICT they are free software. That leaves "first party" source files. Admittedly I haven't audited all of those other than superficial grepping. Do you know whether parts of Chromium are considered non-free? I noticed a number of files are missing license information: in those cases I have assumed that the top-level "LICENSE" file (BSD-3) applies. > early this year, the FSF published an interview promoting qupzilla, > while that program, along with numerous other electron and > webengine-based programs were, and are still, blacklisted from FSDG > distros; which made matters worse - now there are mixed signals > floating about regarding what exactly is the FSF's opinion of this; and > distros have no answer for users to the question of why we are in this > predicament at all - shortly after that, i started a new thread on the > FSD mailing list[3] to entice the FSF to, once and for all, state > something definitive about this - that thread is something of an > anthology of chromium woes as related to the FSDG; including links to > the original chromium upstream bug report from 2009 (still open)[4], > the parabola mega-issue[5] (which attempts to consolidate all of the > packages that could be re-instated in parabola if ever chromium is > cleared of doubt and actually deemed to be free software by the > consensus of the FSDG distros), and many of the relevant discussions > on the FSDG mailing list over the years I've read [4] including the blocking issues. Currently the tickets seem to be about passing the 'checklicenses.py' script. I tried running it on the "sanitized" source in Guix and it complains about 379 files for which it fails to detect license. Output attached. > shortly after that, the community on the FSDG mailing list were > successful in convincing pureos to act on a long-standing freedom bug > report to remove chromium from their repos in solidarity with the other > FSDG distros - to their credit, they did so, albeit reluctantly; > expressing the sentiment that "this is a dis-service to our users" as an > explanation of why it took so long to remove it - that presumption is > perhaps understandable; but when you think about it, is it really a > dis-service for a freedom-respecting distro to remove a program that is > not known to be free software? - the fact that the users might *like* > that program is not the primary concern of the FSDG - parabola users > liked those blacklisted programs too; but parabola removed them on the > principle that their removal was in the best service to freedom-minded > users until they were determined to be 100% freely licensed; even if the > users wept - tough love, ya know - thats exactly what the FSDG are for > > it is not the objective of the FSDG to allow exceptions for certain > high-profile programs to pass scrutiny only because users may complain > of their absence - if those users would want to use those program even > though they are not known to be free; then those users may as well be > using a proprietary OS - short of that, those users can *easily* go to > www.krome.oogle.comm and grab the binary if they desire it so much; > but the FSDG does not cater to that desire - i would like to think > that all software is to be considered non-free until proven otherwise; > with no exceptions on the grounds that: *users want it anyways* > > regarding 'ungoogled' and 'iridium', the modifications they make are > aimed at privacy issues - as far as i know, hey have done nothing to > address the concerns of dubious licensing - i have been told that devs > for both of these have been asked and had no information whatsoever > regarding the alleged/phantom unlicensed files; so there is no grounds > to assume that these browser are any more or less freely distributable > as chromium - someone from qt-webengine mentioned on that thread that > they had no information either but were willing to fix anything found > > luke has written a much more thorough treatise about this that was > intended for the FSF to publish last year[6] - that describe several > issue with chromium beyond the allegedly dubious licensing It seems to me using "Ungoogled-Chromium" remediates Lukes concerns from [6]. DRM and pre-built binaries are already purged from the Guix source. [...] > [1]: https://lists.gnu.org/archive/html/directory-discuss/2017-12/msg00008.html > [2]: https://directory.fsf.org/wiki/Free_Software_Directory:Free_software_evaluation > [3]: https://lists.gnu.org/archive/html/directory-discuss/2017-11/msg00003.html > [4]: https://bugs.chromium.org/p/chromium/issues/detail?id=28291 > [5]: https://labs.parabola.nu/issues/1167 > [6]: https://lists.nongnu.org/archive/html/gnu-linux-libre/2018-03/msg00098.html > [7]: https://libreplanet.org/wiki/Template:FSDG_Checklist > [8]: https://libreplanet.org/wiki/List_of_software_that_does_not_respect_the_Free_System_Distribution_Guidelines#chromium-browser Here is the output from the checklicenses.py script: