Re: FSDG status of chromium

[Marius Bakke]

bill-auger <address@hidden> writes:

> On Tue, 25 Sep 2018 21:08:42 +0200 Marius wrote:
>> Can you elaborate on what exactly the issue is?  I am aware that
>> Chromium bundles non-free sources
>> That leaves "first party" source files.  Admittedly I haven't audited
>> all of those other than superficial grepping.  Do you know whether
>> parts of Chromium are considered non-free?
>
> no - and that is exactly the core problem - AFAIK no person on this
> planet knows the definitive answer to that question, including the
> upstream developers themselves, as demonstrated by the 10 year old bug
> report that was never closed

Can you point out which part of the upstream bug that is relevant?

 https://bugs.chromium.org/p/chromium/issues/detail?id=28291

AFAICT it's about bundled software, and in our case there are only 379
files that need auditing.  Am I missing something?

> On Tue, 25 Sep 2018 21:08:42 +0200 Marius wrote:
>> I noticed a number of
>> files are missing license information: in those cases I have assumed
>> that the top-level "LICENSE" file (BSD-3) applies.
>
> i dont think that is a reasonable assumption to make - by that logic,
> you could assemble any collection of unlicensed or conflictingly
> licensed source code projects, heap them all in a tarball with a
> single BSD-3 license at the root level, and that would somehow make
> everything adequately licensed, simply because none of the files within
> contradict that otherwise unfounded assumption - the unfortunately
> broad and brief wording of permissive licenses (no more precise
> than "this software") encourage that lazy assumption to be made as
> applying to "everything in this tarball", probably more often than
> people realize

All the software bundles (i.e. stuff living below "third_party"
directories) appear to be clearly licensed.  For first party code, I
don't think taking the LICENSE file at face value is unreasonable.

> On Tue, 25 Sep 2018 21:08:42 +0200 Marius wrote:
>> It seems to me using "Ungoogled-Chromium" remediates Lukes concerns
>
> yes most people agree that the ungoogled patches would be necessary
> but not sufficient for any FSDG compliant build of chromium

What else is remaining?

> On Tue, 25 Sep 2018 21:08:42 +0200 Marius wrote:
>> Andreas Enge <address@hidden> writes:
>> > So at least it is apparently possible to get a working binary with
>> > only free sources.  
>> 
>> To clarify: the few files flagged by 'checklicenses.py' are as far as
>> I can tell all free software.  The script just fails to classify them
>> 379 files for which it fails to detect license.
>
> to be clear here, what is truly meant there by: "only free sources" is
> "with only sources that have not yet been demonstrated to be non-free" -
> that is the key distinction - just because they have not yet been
> proven to be non-free, does not make them free - and i have yet to see
> anyone make that determination convincingly

I don't think there is any doubt on this list about the definition of
free software.

> On Tue, 25 Sep 2018 21:08:42 +0200 Marius wrote:
>> All non-essential "third_party" directories are purged in the same
>> manner.  I have audited the remaining third_party files and AFAICT
>> they are free software.
>
> adfeno recently did a some preliminary digging into this also[1] -
> maybe you and he could compare notes ad/or combine efforts
>
> [1]: https://directory.fsf.org/wiki/Talk:Chromium

Thanks for the link.  Adonays findings seem to confirm mine (note that
the listed third_party files are not present in the Guix source).

> On Tue, 25 Sep 2018 21:36:45 +0200 Clément wrote:
>> I hope we'll
>> make it free at some point, so that it can be integrated into Guix.
>
> to these i again want to underline the secondary point i hoped to make;
> that is if *anyone* can liberate this program, it would allow this
> browser and dozens of derivative programs that are currently
> blacklisted to be included in guix AND also *any* of the FSDG distros -
> what bothers me most about this situation here, is that no one from guix
> seems to be "on the same page" sharing information and effort with the
> other FSDG distros - i really do encourage you guys to join in on these
> conversations that pertain equally across all FSDG distros[2] - if you
> have some success liberating chromium, or have determined any of its
> dubious licensing concerns, please do make it known on that mailing
> list - it would be of great interest to many outside of guix - at the
> very least it could lead to the recommended fix for chromium on the
> "does not respect the FSDG" list to be changed from "use icecat
> instead" to "this browser can be used in freedom if you ...."
>
> [2]: https://lists.nongnu.org/mailman/listinfo/gnu-linux-libre

I have looked at QtWebEngine too and could not find anything
suspicious.  Their Chromium directory is 1,5 GiB uncompressed compared
to 2.2 GiB for the Guix package and 4.5 GiB for the upstream tarball.

As far as I can tell, both packages are eligible for free distributions,
assuming proper caretaking is in place (Chromium 66 introduced a
dependency on 'unrar', for example, but such shenanigans are easily
caught with third_party whitelisting).

signature.asc
Description: PGP signature