Re: [GNU-linux-libre] [PATCH] gnu: Add ungoogled-chromium.

[Luke]

On 02/20/2019 05:10 PM, Marius Bakke wrote:
> bill-auger <address@hidden> writes:
>
>> On Wed, 20 Feb 2019 15:50:02 +0100 Marius wrote:
>>> That message says we are no longer using a _fork_ of
>>> Ungoogled-Chromium. Earlier revisions of the patch was pulling from
>>> my repository[0], now we use the canonical upstream repository
>>> directly:
>> but then what do you do to the upstream sources? - we all agree the
>> upstream sources are not FSDG-free - arent the ungoogled patches the
>> keystone of your liberation procedure?
> The liberation procedure is right there in the package definition:
>
> <https://git.sv.gnu.org/cgit/guix.git/tree/gnu/packages/chromium.scm#n229>.
>
> This script is what creates the FSDG-free source tarball presented to
> users when they run `guix build --source ungoogled-chromium`.
>
>> that is entirely why i am confused now - it would help tremendously if
>> you could tell us what you did to the upstream sources that you believe
>> makes the FSDG-free - like a liberation recipe in plain english would
>> be awseome
> There are comments in the script.  Please ask if any of the steps are
> unclear!  Improvements welcome.
>

Correct me if I'm wrong, but Widevine DRM and the ability to run
proprietary codecs is still being built according to the provided
package source?
That's definitely a blocker.

While completely removing the DRM ability and creating a clean source
tarball is optimal, it should at minimum be disabled at compile time to
protect users.

Some GN prefs missing from chromium.scm:
---
;; Disable non-free codecs
"proprietary_codecs=false"

;; Disable DRM https://www.defectivebydesign.org
"enable_widevine=false"

;; Not XMPP compliant, walled-garden SaaSS:
https://www.zdnet.com/article/google-moves-away-from-the-xmpp-open-messaging-standard/
"enable_hangout_services_extension=false"

;; Note: https://www.fsf.org/licensing/h264-patent-license:
"use_openh264=false"
"rtc_use_h264=false"
---

Cleaning these modules properly would involve patching them out
completely and providing the cleaned tarball for end-users to compile.
Ungoogled-Chromium does remove the majority of Google SaaSS during the
patch process, but does not currently try to reach FSF compliance by
removing any of these proprietary anti-features or providing a cleaned
tree.

Additionally, the patches are expected to be ran against specific
Chromium releases. Future releases of Chromium are not patched/audited
yet by the ungoogled-chromium project and may leak to Google.
See: https://github.com/Eloston/ungoogled-chromium/releases

The Guix package is building against Chromium 72.0.3626.109 whereas the
latest release of Ungoogled-Chromium as of this moment is for
72.0.3626.96-1.

signature.asc
Description: OpenPGP digital signature