[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Firefox 52's end of life, packaging Chromium

From: Marius Bakke
Subject: Re: Firefox 52's end of life, packaging Chromium
Date: Sun, 02 Sep 2018 15:29:18 +0200
User-agent: Notmuch/0.27 ( Emacs/26.1 (x86_64-pc-linux-gnu)

Ricardo Wurmus <address@hidden> writes:

> Hi Mark,
>> Mark H Weaver <address@hidden> writes:
>>> Ricardo Wurmus <address@hidden> writes:
>>>> The TODO list for convenience:
>>>> * There is still some data transmitted when starting the browser for the
>>>>   first time.  It seems related to the "domain_reliability" component.
>>>> * Remove remaining "Web Store" links.  Currently I've only found it in
>>>>   settings, under "accessibility" and "fonts".
>>>> * Opening settings transmits a bunch of data, the next version will
>>>>   include the 'disable-translation-lang-fetch' patch from Inox.
>>>> * PDFium is built, but does not seem to work (the 'install' phase
>>>>   probably needs tweaking).  Might just disable it instead.
>>>> It would be *very* nice if the first and third items could be solved
>>>> before merging, but I don’t consider them blockers.
>>> The GNU FSDG says "The distro must contain no DRM, no back doors, and no
>>> spyware."  Since GNU Guix has committed to follow the FSDG, that means
>>> that we must not include programs that include spyware.  We have
>>> committed ourselves to "removing such programs if any are discovered."
>>> Guix _is_ committed to the GNU FSDG, right?
> Of course it is.
>>> Do you agree that #1 and #3 look like spyware?  If so, wouldn't that
>>> make them blockers?
> #3 looks like it’s fetching translation information, which seems
> legitimate.  #1 is unclear to me, honestly, as it seems to be a bug.
> AIUI the “domain_reliability” component is not enabled by default.
> For context I read a little about this “domain_reliability” thing and
> found this Google document (I don’t know if this is an official
> publication by the Chromium developers):
> From what I understand, the “Domain Reliability Monitoring” feature in
> Chromium is sending connection successes / failures for resources on a
> participating domain to a collection point determined by the operators
> of that domain, i.e. not necessarily to Google.

Woah, good find!  Apparently this is being submitted as a W3C standard:

I'll try to find a toggle.  If this package gets into Guix, I think we
should add system tests (or similar) to catch regressions in the
unsolicited network traffic area.

Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]