Re: [GNU-linux-libre] Chromium, ungoogled or otherwise, and Guix

[Marius Bakke]

Adonay Felipe Nogueira  writes:

> Also, for those following this discussion, take note of the recent
> contributions made to the still incomplete review in the FSD[1],
> particularly the "Known issues" section that is already a blocker
> regardless if the review is finished or not.
>
> [1] https://directory.fsf.org/wiki/Review:Chromium-REV-ID-1 .

FYI the toolbar and CC-BY-NC images are not present in the release
tarballs found at
,
which is what distributions use.
 
UnRAR is still there, though.


signature.asc
Description: PGP signature

Re: [GNU-linux-libre] Chromium, ungoogled or otherwise, and Guix

[Adonay Felipe Nogueira]

Hi there,


Em 19/02/2019 01:42, Jason Self escreveu:
> I decided to spend some time looking into Chromium, ungoogled-chromium, 
> and Guix's methods, and the GNU FSDG.

Thank you for taking the time to review this software along with me
(despite the fact that I mistakenly started doing the review on a
development release/commit).

> My proposal would be to mention these items in the chromium-browser
> entry on the libreplanet wiki either in addition to or in place of the
> current references of licensing problems that the wiki page has.

I agree.

Also, for those following this discussion, take note of the recent
contributions made to the still incomplete review in the FSD[1],
particularly the "Known issues" section that is already a blocker
regardless if the review is finished or not.

[1] https://directory.fsf.org/wiki/Review:Chromium-REV-ID-1 .



signature.asc
Description: OpenPGP digital signature

Re: [GNU-linux-libre] Chromium, ungoogled or otherwise, and Guix

[Giovanni Biscuolo]

Hello Jason,

Jason Self  writes:

> On Tue, 2019-02-19 at 17:18 +0100, Giovanni Biscuolo wrote:
>> do you have the bug number now?
>
> 34565
>
> https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34565

thank you for the reference!

for all Guix ungoogled-chromium package DRM I'll continue on that bug
report thread

[...]

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature

Re: [GNU-linux-libre] Chromium, ungoogled or otherwise, and Guix

[Jason Self]

On Tue, 2019-02-19 at 17:18 +0100, Giovanni Biscuolo wrote:
> do you have the bug number now?

34565

https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34565

It seems to be disabled at build time only.

signature.asc
Description: This is a digitally signed message part

Re: [GNU-linux-libre] Chromium, ungoogled or otherwise, and Guix

[bill-auger]

On Tue, 19 Feb 2019 17:18:19 +0100 Giovanni wrote:
> I agree: please someone involved
> https://libreplanet.org/wiki/Group:FreedSoftware could complete the
> info for chromium on
> https://libreplanet.org/wiki/List_of_software_that_does_not_respect_the_Free_System_Distribution_Guidelines#chromium-browser
> ?

i think that for all intents and purposes, this mailing list is exactly
that "Group:FreedSoftware"

the essential issue here (and it is THE central issue), is that there
is not yet anything "complete" to change it too - "un-google it" is
not complete - we need a proper recipe, declaring both the problems and
the solutions, for all known problems and solutions - once that
information exists, we would want to discuss it; then upon a consensus
that it is a satisfiable solution, someone can make that edit

i dont think we are anywhere near "complete" yet - we have scantly more
information today than a year ago, when it was concluded that the
"ungoogled" treatment would be necessary but not sufficient


> do you have the bug number now?

i could not find it - the "newest bugs" filter seems to be broken

https://debbugs.gnu.org/cgi/pkgreport.cgi?newest=guix


On Tue, 19 Feb 2019 17:18:19 +0100 Giovanni wrote:
> in order to distribute the Linux-libre kernel developers have to
> download a non-FSDG Linux kernel... or they have to download a
> stripped-source-version?

we discussed this on IRC today

firstly, the FSF does make a distinction between the software
developers and technicians may use for the sole purpose of liberating
software and hardware, and the software get re-distributed to users

but the key difference with that anology, practically speaking, is that
is linux-libre is not a distro - this rule we are discussing is from the
FSDG which applies to distros

now for the sake of this argument, guix is a project, but guixsd is a
distro - so that analogy could perhaps be pertinent to the guix package
manager as a distinct project; but guixsd, the distro, has promised to
follow the FSDG

Re: [GNU-linux-libre] Chromium, ungoogled or otherwise, and Guix

[Giovanni Biscuolo]

Hello Jason,

Jason Self  writes:

[...]

> My proposal would be to mention these items in the chromium-browser
> entry on the libreplanet wiki either in addition to or in place of the
> current references of licensing problems that the wiki page has.

I agree: please someone involved
https://libreplanet.org/wiki/Group:FreedSoftware could complete the info
for chromium on
https://libreplanet.org/wiki/List_of_software_that_does_not_respect_the_Free_System_Distribution_Guidelines#chromium-browser
?

I find https://directory.fsf.org/wiki/Review:Chromium-REV-ID-1 also very useful

[...]

> problem, but they don't appear to remove the Widevine DRM.
> As long as that remains the case it would seem that ungoogled-chromium
> is also not suitable for inclusion in FSF-endorsed distros, at least
> not out of the box. Since Guix has added ungoogled-chromium, without
> seemingly have changed it to also tackle the DRM portion,

in Guix ungoogled-chromium, Widevine is disabled at build time:
http://issues.guix.info/issue/28004#2
http://issues.guix.info/issue/28004#87

> I have reported this to their bug tracker. I'm waiting to receive the
> bug number.

do you have the bug number now?

> The last item seems specific to Guix: Their method of building seems to
> involve downloading Chromium, then runnning ungoogled-chromium over it,
> and then building.
>
> That would mean, if someone wanted to build it on Guix themselves, that
> they'd also be going through those same steps. I don't know that FSF-
> endorsed distros should be having their users download non-FSDG
> compliant software in order to build them, even if its patched and
> modified during the build process.

in order to distribute the Linux-libre kernel developers have to
download a non-FSDG Linux kernel... or they have to download a
stripped-source-version?... and who is entitled to download a
non-stripped version so he can distribute a stripped-version?

> When LibreWRT was founded in 2010 (before it later merged into
> libreCMC) we submitted a similiar question to the FSF, as to if it was
> sufficient for the LibreWRT build scripts (which would be run by the
> person building the firmware image from source, just like how someone
> might instruct Guix to build from source) to download Linux and then
> run the Linux-libre deblobbing scripts on it vs having the build
> scripts instead download tarballs that were already cleaned up. I can't
> seem to find the email from back then but the response was that we
> needed to use already cleaned-up tarballs. Guix should do something
> similar.

please find that reference, this should be clarified once and for all
(if it's not already documented on some FSF or libreplanet page)

Thanks!
Giovanni

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature

[GNU-linux-libre] Chromium, ungoogled or otherwise, and Guix

[Jason Self]

I decided to spend some time looking into Chromium, ungoogled-chromium, 
and Guix's methods, and the GNU FSDG.

Even if vanilla Chromium does check out to be 100% free software it's
already pretty easy to tell that it wouldn't be FSFG compliant, at
least not out of the box.

One is because of add-ons. It has a similiar problem to Firefox where
people get sent to a place with both free and proprietary add-ons.

Another is the support Widevine DRM, which seems to go against "the
distro must contain no DRM..." in the FSDG.

Thirdly, Chromium appears to ship with binaries in the source tree (the
ungoogled-chromium README mentions that they "strip binaries from the
source tree, and use those provided by the system or build them from
source".) This seems the appropriate thing to do for FSDG compliance,
since "all information for practical use in a free distribution must be
available in source form." The source tree of a program shouldn't
itself come with binaries, IMO, only source code.

My proposal would be to mention these items in the chromium-browser
entry on the libreplanet wiki either in addition to or in place of the
current references of licensing problems that the wiki page has.

Since some issues need fixing in Chromium regardless before an FSF-
endorsed distro could ship it I then turned my attention to ungoogled-
chromium to see if it could be a potential fix for those things. They
do seem to disable the webstore URLs so the add-on problem seems fixed
and stripping out binaries from the source tree seems to fix the third
problem, but they don't appear to remove the Widevine DRM.

As long as that remains the case it would seem that ungoogled-chromium
is also not suitable for inclusion in FSF-endorsed distros, at least
not out of the box. Since Guix has added ungoogled-chromium, without
seemingly have changed it to also tackle the DRM portion, I have
reported this to their bug tracker. I'm waiting to receive the bug
number.

The last item seems specific to Guix: Their method of building seems to
involve downloading Chromium, then runnning ungoogled-chromium over it,
and then building.

That would mean, if someone wanted to build it on Guix themselves, that
they'd also be going through those same steps. I don't know that FSF-
endorsed distros should be having their users download non-FSDG
compliant software in order to build them, even if its patched and
modified during the build process.

When LibreWRT was founded in 2010 (before it later merged into
libreCMC) we submitted a similiar question to the FSF, as to if it was
sufficient for the LibreWRT build scripts (which would be run by the
person building the firmware image from source, just like how someone
might instruct Guix to build from source) to download Linux and then
run the Linux-libre deblobbing scripts on it vs having the build
scripts instead download tarballs that were already cleaned up. I can't
seem to find the email from back then but the response was that we
needed to use already cleaned-up tarballs. Guix should do something
similar.

signature.asc
Description: This is a digitally signed message part