On 02/20/2019 05:10 PM, Marius Bakke wrote: > bill-auger <bill-auger@peers.community> writes: > >> On Wed, 20 Feb 2019 15:50:02 +0100 Marius wrote: >>> That message says we are no longer using a _fork_ of >>> Ungoogled-Chromium. Earlier revisions of the patch was pulling from >>> my repository[0], now we use the canonical upstream repository >>> directly: >> but then what do you do to the upstream sources? - we all agree the >> upstream sources are not FSDG-free - arent the ungoogled patches the >> keystone of your liberation procedure? > The liberation procedure is right there in the package definition: > > <https://git.sv.gnu.org/cgit/guix.git/tree/gnu/packages/chromium.scm#n229>. > > This script is what creates the FSDG-free source tarball presented to > users when they run `guix build --source ungoogled-chromium`. > >> that is entirely why i am confused now - it would help tremendously if >> you could tell us what you did to the upstream sources that you believe >> makes the FSDG-free - like a liberation recipe in plain english would >> be awseome > There are comments in the script. Please ask if any of the steps are > unclear! Improvements welcome. >
Correct me if I'm wrong, but Widevine DRM and the ability to run proprietary codecs is still being built according to the provided package source? That's definitely a blocker. While completely removing the DRM ability and creating a clean source tarball is optimal, it should at minimum be disabled at compile time to protect users. Some GN prefs missing from chromium.scm: --- ;; Disable non-free codecs "proprietary_codecs=false" ;; Disable DRM https://www.defectivebydesign.org "enable_widevine=false" ;; Not XMPP compliant, walled-garden SaaSS: https://www.zdnet.com/article/google-moves-away-from-the-xmpp-open-messaging-standard/ "enable_hangout_services_extension=false" ;; Note: https://www.fsf.org/licensing/h264-patent-license: "use_openh264=false" "rtc_use_h264=false" --- Cleaning these modules properly would involve patching them out completely and providing the cleaned tarball for end-users to compile. Ungoogled-Chromium does remove the majority of Google SaaSS during the patch process, but does not currently try to reach FSF compliance by removing any of these proprietary anti-features or providing a cleaned tree. Additionally, the patches are expected to be ran against specific Chromium releases. Future releases of Chromium are not patched/audited yet by the ungoogled-chromium project and may leak to Google. See: https://github.com/Eloston/ungoogled-chromium/releases The Guix package is building against Chromium 72.0.3626.109 whereas the latest release of Ungoogled-Chromium as of this moment is for 72.0.3626.96-1.
signature.asc
Description: OpenPGP digital signature