From nobody at parabola.nu Sun Jan 1 17:24:27 2017 From: nobody at parabola.nu (Parabola Website Notification) Date: Sun, 01 Jan 2017 17:24:27 -0000 Subject: [Dev] Orphan Libre package [icedove] marked out-of-date Message-ID: <20170101172427.13872.50576@parabola.nu> eliotime3000 at openmailbox.org wants to notify you that the following packages may be out-of-date: * icedove 1:45.5.1.deb1-2 [libre] (armv7h): https://parabolagnulinux.org/packages/libre/armv7h/icedove/ * icedove 1:45.5.1.deb1-2 [libre] (i686): https://parabolagnulinux.org/packages/libre/i686/icedove/ * icedove 1:45.5.1.deb1-2 [libre] (x86_64): https://parabolagnulinux.org/packages/libre/x86_64/icedove/ The user provided the following additional text: Please update Icedove to 45.6.0, according to the actual version of Thunderbird avariable on Mozilla website. From nobody at parabola.nu Sun Jan 1 17:25:08 2017 From: nobody at parabola.nu (Parabola Website Notification) Date: Sun, 01 Jan 2017 17:25:08 -0000 Subject: [Dev] Orphan Libre package [icedove-l10n-es-ar] marked out-of-date Message-ID: <20170101172508.13872.44039@parabola.nu> eliotime3000 at openmailbox.org wants to notify you that the following packages may be out-of-date: * icedove-l10n-ar 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-ar/ * icedove-l10n-ast 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-ast/ * icedove-l10n-be 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-be/ * icedove-l10n-bg 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-bg/ * icedove-l10n-bn-bd 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-bn-bd/ * icedove-l10n-br 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-br/ * icedove-l10n-ca 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-ca/ * icedove-l10n-cs 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-cs/ * icedove-l10n-cy 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-cy/ * icedove-l10n-da 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-da/ * icedove-l10n-de 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-de/ * icedove-l10n-dsb 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-dsb/ * icedove-l10n-el 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-el/ * icedove-l10n-en-gb 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-en-gb/ * icedove-l10n-en-us 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-en-us/ * icedove-l10n-es-ar 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-es-ar/ * icedove-l10n-es-es 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-es-es/ * icedove-l10n-et 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-et/ * icedove-l10n-eu 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-eu/ * icedove-l10n-fi 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-fi/ * icedove-l10n-fr 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-fr/ * icedove-l10n-fy-nl 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-fy-nl/ * icedove-l10n-ga-ie 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-ga-ie/ * icedove-l10n-gd 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-gd/ * icedove-l10n-gl 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-gl/ * icedove-l10n-he 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-he/ * icedove-l10n-hr 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-hr/ * icedove-l10n-hsb 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-hsb/ * icedove-l10n-hu 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-hu/ * icedove-l10n-hy-am 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-hy-am/ * icedove-l10n-id 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-id/ * icedove-l10n-is 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-is/ * icedove-l10n-it 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-it/ * icedove-l10n-ja 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-ja/ * icedove-l10n-ko 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-ko/ * icedove-l10n-lt 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-lt/ * icedove-l10n-nb-no 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-nb-no/ * icedove-l10n-nl 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-nl/ * icedove-l10n-nn-no 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-nn-no/ * icedove-l10n-pa-in 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-pa-in/ * icedove-l10n-pl 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-pl/ * icedove-l10n-pt-br 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-pt-br/ * icedove-l10n-pt-pt 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-pt-pt/ * icedove-l10n-rm 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-rm/ * icedove-l10n-ro 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-ro/ * icedove-l10n-ru 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-ru/ * icedove-l10n-si 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-si/ * icedove-l10n-sk 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-sk/ * icedove-l10n-sl 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-sl/ * icedove-l10n-sq 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-sq/ * icedove-l10n-sr 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-sr/ * icedove-l10n-sv-se 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-sv-se/ * icedove-l10n-ta-lk 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-ta-lk/ * icedove-l10n-tr 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-tr/ * icedove-l10n-uk 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-uk/ * icedove-l10n-vi 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-vi/ * icedove-l10n-zh-cn 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-zh-cn/ * icedove-l10n-zh-tw 1:45.5.1.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icedove-l10n-zh-tw/ The user provided the following additional text: Please update Icedove to 45.6.0 (including language packs), according to the actual version of Thunderbird avariable on Mozilla website. From nobody at parabola.nu Sun Jan 1 17:29:19 2017 From: nobody at parabola.nu (Parabola Website Notification) Date: Sun, 01 Jan 2017 17:29:19 -0000 Subject: [Dev] Orphan Nonprism package [icedove] marked out-of-date Message-ID: <20170101172919.13872.44033@parabola.nu> eliotime3000 at openmailbox.org wants to notify you that the following packages may be out-of-date: The user provided the following additional text: Please update Icedove to 45.6.0, according to the actual version of Thunderbird avariable on Mozilla website. From nobody at parabola.nu Wed Jan 4 14:09:59 2017 From: nobody at parabola.nu (Parabola Website Notification) Date: Wed, 04 Jan 2017 14:09:59 -0000 Subject: [Dev] Orphan Pcr package [zulucrypt] marked out-of-date Message-ID: <20170104140959.13872.22873@parabola.nu> raphael.melotte at gmail.com wants to notify you that the following packages may be out-of-date: * zulucrypt 4.7.2-1 [pcr] (i686): https://parabolagnulinux.org/packages/pcr/i686/zulucrypt/ * zulucrypt 4.7.5-1 [pcr] (x86_64): https://parabolagnulinux.org/packages/pcr/x86_64/zulucrypt/ The user provided the following additional text: new versions seems to be hosted here: https://github.com/mhogomchungu/zuluCrypt From emulatorman at riseup.net Sun Jan 8 02:15:44 2017 From: emulatorman at riseup.net (=?UTF-8?Q?Andr=c3=a9_Silva?=) Date: Sat, 7 Jan 2017 23:15:44 -0300 Subject: [Dev] QTWebengine is nonfree Message-ID: Hi guys, since Chromium is blacklisted as nonfree software [0] we have a serious issue. KDE is migrating their apps to QTWebEngine which contains Chromium as the embed engine inside it. [1] Blacklisting it could be a solution, however since it's an engine, a lot of packages won't work without it and it will require a large task to remove the entire QT/KDE framework. What do you think is the best solution to this problem? I feel that Chromium is nonfree and presents privacy risks due to outstanding issues. [0]:https://www.libreplanet.org/wiki/List_of_software_that_does_not_respect_the_Free_System_Distribution_Guidelines#chromium-browser [1]:https://labs.parabola.nu/issues/1167 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From alejandrohp at openmailbox.org Sun Jan 8 04:07:08 2017 From: alejandrohp at openmailbox.org (Alejandro) Date: Sun, 08 Jan 2017 05:07:08 +0100 Subject: [Dev] QTWebengine is nonfree In-Reply-To: References: Message-ID: <15ED7D1A-C38B-46A8-997B-70F65B3C7537@openmailbox.org> F......CK!!!!!! What the hell is thinking KDE? I like KDE, but their compromise with Libresoftware is repetedly insuficient. Grrrr.... El 8 de enero de 2017 3:15:44 CET, "Andr? Silva" escribi?: >Hi guys, since Chromium is blacklisted as nonfree software [0] we have >a >serious issue. KDE is migrating their apps to QTWebEngine which >contains >Chromium as the embed engine inside it. [1] > >Blacklisting it could be a solution, however since it's an engine, a >lot >of packages won't work without it and it will require a large task to >remove the entire QT/KDE framework. > >What do you think is the best solution to this problem? > >I feel that Chromium is nonfree and presents privacy risks due to >outstanding issues. > >[0]:https://www.libreplanet.org/wiki/List_of_software_that_does_not_respect_the_Free_System_Distribution_Guidelines#chromium-browser >[1]:https://labs.parabola.nu/issues/1167 -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -------------- next part -------------- An HTML attachment was scrubbed... URL: From fauno at endefensadelsl.org Sun Jan 8 05:01:37 2017 From: fauno at endefensadelsl.org (fauno) Date: Sun, 08 Jan 2017 02:01:37 -0300 Subject: [Dev] QTWebengine is nonfree In-Reply-To: References: Message-ID: <87shou5emm.fsf@endefensadelsl.org> Andr? Silva writes: > Hi guys, since Chromium is blacklisted as nonfree software [0] we have a > serious issue. KDE is migrating their apps to QTWebEngine which contains > Chromium as the embed engine inside it. [1] > > Blacklisting it could be a solution, however since it's an engine, a lot > of packages won't work without it and it will require a large task to > remove the entire QT/KDE framework. > > What do you think is the best solution to this problem? > > I feel that Chromium is nonfree and presents privacy risks due to > outstanding issues. > > [0]:https://www.libreplanet.org/wiki/List_of_software_that_does_not_respect_the_Free_System_Distribution_Guidelines#chromium-browser > [1]:https://labs.parabola.nu/issues/1167 wasn't chromium considered non libre because of some source files' licenses being proprietary? that license review was made years ago, maybe the situation changed? -- :> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 617 bytes Desc: not available URL: From g4jc at openmailbox.org Sun Jan 8 05:50:44 2017 From: g4jc at openmailbox.org (Luke) Date: Sun, 8 Jan 2017 05:50:44 +0000 Subject: [Dev] [GNU-linux-libre] QTWebengine is nonfree In-Reply-To: <87shou5emm.fsf@endefensadelsl.org> References: <87shou5emm.fsf@endefensadelsl.org> Message-ID: <73f618d1-d384-abe2-446c-ccb7b8ea7b5d@openmailbox.org> On 01/08/2017 05:01 AM, fauno wrote: > Andr? Silva writes: > >> Hi guys, since Chromium is blacklisted as nonfree software [0] we have a >> serious issue. KDE is migrating their apps to QTWebEngine which contains >> Chromium as the embed engine inside it. [1] >> >> Blacklisting it could be a solution, however since it's an engine, a lot >> of packages won't work without it and it will require a large task to >> remove the entire QT/KDE framework. >> >> What do you think is the best solution to this problem? >> >> I feel that Chromium is nonfree and presents privacy risks due to >> outstanding issues. >> >> [0]:https://www.libreplanet.org/wiki/List_of_software_that_does_not_respect_the_Free_System_Distribution_Guidelines#chromium-browser >> [1]:https://labs.parabola.nu/issues/1167 > wasn't chromium considered non libre because of some source files' > licenses being proprietary? that license review was made years ago, > maybe the situation changed? > Unfortunately, the situation hasn't improved much - I mentioned it recently on gnu-linux-libre mailing list along with current efforts to liberate it. http://www.mail-archive.com/gnu-linux-libre at nongnu.org/msg02199.html The original "Pass the Ubuntu license check script" Chromium bug report from 2009 is still open and has a blocker. https://bugs.chromium.org/p/chromium/issues/detail?id=28291 Even if we manage to get the code fully free, it presents serious privacy concerns that need to be patched out. Chromium doesn't ship with an "about:config" like Mozilla does, so it makes the job more tedious for us. inox-patchsets are working on it little by little, but there is considerable work to do. The inox-patchset official github even mentions: "It is possible that some data is still transmitted [to Google] (but down to a minimum) this is because Chromium is a quite large and complex codebase which changes each day." --- Google Chrome (Unbranded = Chromium) has also had an unusual past: - Google Chrome Leaking Credit Card Data? "So it turns out that it?s Chrome?s sync feature that was saving my information, but why? It turns out that auto-fill data is synced with your Google account (if you?re signed in and have the feature enable, of course), and all of the computers you?re signed into ? and by default, without the benefit of encryption. This file may contain any number of things, from mine I was able to extract the following: Full name Wife?s full name Date of birth Wife?s date of birth Social Security Number Multiple credit card numbers Multiple CVVs Bank account & routing number Not to mention quite a few websites I?ve been to, various addresses, employer?s name and other various useful tidbits. All would be quite useful for identity theft or highly targeted spear phishing."(https://adamcaudill.com/2012/01/15/google-chrome-leaking-credit-card-data/) - Google Dismisses Chrome Browser Microphone Snooping Exploit "Google has shot down a researcher's claims that an exploit he posted online showing how an attacker could snoop on phone calls or other conversations on a user's machine constitutes a security flaw, maintaining that Chrome's speech-recognition feature complies with the W3C's specification." (http://www.darkreading.com/vulnerabilities---threats/google-dismisses-chrome-browser-microphone-snooping-exploit/d/d-id/1141211) - Google's Chromium on Debian Is Listening In on Your Conversations "Apparently, the latest version of Chromium (version 43) on Debian, silently installs a binary file without the user's consent or without being pre-checked or pre-approved. This binary is, in fact, an extension responsible for the browser's voice search feature and adds the famous "OK Google" functionality found in the company's mobile apps to its Chromium project. (http://news.softpedia.com/news/google-s-chromium-on-debian-is-listening-in-on-your-conversations-484914.shtml) - https://en.wikipedia.org/wiki/Google_and_privacy_issues#Google_Chrome ---- Returning to the original topic, QT and KDE were previously using QTWebkit. Webkit does remain fully free software, and Webkit2 is under active development. Unfortunately, QT is now moving strongly to Webengine, which states on it's project website: "QtWebEngine integrates chromium's fast moving web capabilities into Qt. Our goal is to bring the latest and best implementation of the web platform into the universe of Qt. It is not just a port of the core HTML/CSS rendering engine, *it is the entire Chromium platform.*" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From philcantor at riseup.net Sun Jan 8 14:48:02 2017 From: philcantor at riseup.net (philcantor) Date: Sun, 8 Jan 2017 15:48:02 +0100 Subject: [Dev] [GNU-linux-libre] QTWebengine is nonfree In-Reply-To: <73f618d1-d384-abe2-446c-ccb7b8ea7b5d@openmailbox.org> References: <87shou5emm.fsf@endefensadelsl.org> <73f618d1-d384-abe2-446c-ccb7b8ea7b5d@openmailbox.org> Message-ID: Returning to the original topic, QT and KDE were previously using QTWebkit. Webkit does remain fully free software, and Webkit2 is under active development. It is not just a port of the core HTML/CSS rendering engine, *it is the entire Chromium platform.*" Ohh fuck... first of all hi to everyone! I switched to Parabola in these days (good distro!). But this is a terrible news for me, thank you very much for sharing this Andr? Silva! But this means that also QT is in danger? I ask you this because, I programming in c++ and used QT in past... P.S. = sorry for my terrible english eheh Il 08/01/2017 06:50, Luke ha scritto: > On 01/08/2017 05:01 AM, fauno wrote: >> Andr? Silva writes: >> >>> Hi guys, since Chromium is blacklisted as nonfree software [0] we have a >>> serious issue. KDE is migrating their apps to QTWebEngine which contains >>> Chromium as the embed engine inside it. [1] >>> >>> Blacklisting it could be a solution, however since it's an engine, a lot >>> of packages won't work without it and it will require a large task to >>> remove the entire QT/KDE framework. >>> >>> What do you think is the best solution to this problem? >>> >>> I feel that Chromium is nonfree and presents privacy risks due to >>> outstanding issues. >>> >>> [0]:https://www.libreplanet.org/wiki/List_of_software_that_does_not_respect_the_Free_System_Distribution_Guidelines#chromium-browser >>> [1]:https://labs.parabola.nu/issues/1167 >> wasn't chromium considered non libre because of some source files' >> licenses being proprietary? that license review was made years ago, >> maybe the situation changed? >> > Unfortunately, the situation hasn't improved much - I mentioned it > recently on gnu-linux-libre mailing list along with current efforts to > liberate it. > http://www.mail-archive.com/gnu-linux-libre at nongnu.org/msg02199.html > > The original "Pass the Ubuntu license check script" Chromium bug report > from 2009 is still open and has a blocker. > https://bugs.chromium.org/p/chromium/issues/detail?id=28291 > > Even if we manage to get the code fully free, it presents serious > privacy concerns that need to be patched out. > Chromium doesn't ship with an "about:config" like Mozilla does, so it > makes the job more tedious for us. inox-patchsets are working on it > little by little, but there is considerable work to do. The > inox-patchset official github even mentions: "It is possible that some > data is still transmitted [to Google] (but down to a minimum) this is > because Chromium is a quite large and complex codebase which changes > each day." > > --- > Google Chrome (Unbranded = Chromium) has also had an unusual past: > > - Google Chrome Leaking Credit Card Data? > "So it turns out that it?s Chrome?s sync feature that was saving my > information, but why? > It turns out that auto-fill data is synced with your Google account (if > you?re signed in and have the feature enable, of course), and all of the > computers you?re signed into ? and by default, without the benefit of > encryption. This file may contain any number of things, from mine I was > able to extract the following: > > Full name > Wife?s full name > Date of birth > Wife?s date of birth > Social Security Number > Multiple credit card numbers > Multiple CVVs > Bank account & routing number > > Not to mention quite a few websites I?ve been to, various addresses, > employer?s name and other various useful tidbits. All would be quite > useful for identity theft or highly targeted spear > phishing."(https://adamcaudill.com/2012/01/15/google-chrome-leaking-credit-card-data/) > > - Google Dismisses Chrome Browser Microphone Snooping Exploit > "Google has shot down a researcher's claims that an exploit he posted > online showing how an attacker could snoop on phone calls or other > conversations on a user's machine constitutes a security flaw, > maintaining that Chrome's speech-recognition feature complies with the > W3C's specification." > (http://www.darkreading.com/vulnerabilities---threats/google-dismisses-chrome-browser-microphone-snooping-exploit/d/d-id/1141211) > > - Google's Chromium on Debian Is Listening In on Your Conversations > "Apparently, the latest version of Chromium (version 43) on Debian, > silently installs a binary file without the user's consent or without > being pre-checked or pre-approved. This binary is, in fact, an extension > responsible for the browser's voice search feature and adds the famous > "OK Google" functionality found in the company's mobile apps to its > Chromium project. > (http://news.softpedia.com/news/google-s-chromium-on-debian-is-listening-in-on-your-conversations-484914.shtml) > > - https://en.wikipedia.org/wiki/Google_and_privacy_issues#Google_Chrome > > ---- > > > Returning to the original topic, QT and KDE were previously using > QTWebkit. Webkit does remain fully free software, and Webkit2 is under > active development. > Unfortunately, QT is now moving strongly to Webengine, which states on > it's project website: "QtWebEngine integrates chromium's fast moving web > capabilities into Qt. Our goal is to bring the latest and best > implementation of the web platform into the universe of Qt. It is not > just a port of the core HTML/CSS rendering engine, *it is the entire > Chromium platform.*" > > > > > > _______________________________________________ > Dev mailing list > Dev at lists.parabola.nu > https://lists.parabola.nu/mailman/listinfo/dev -------------- next part -------------- An HTML attachment was scrubbed... URL: From g4jc at openmailbox.org Sun Jan 8 15:09:01 2017 From: g4jc at openmailbox.org (Luke) Date: Sun, 8 Jan 2017 15:09:01 +0000 Subject: [Dev] Compiling our own core packages Message-ID: <81df8e88-6736-5c5c-22d8-90d4f7a01ee3@openmailbox.org> Hello everyone, Due to some serious disagreements with upstream Arch, we are going to start compiling our own core packages. This is involving upstream bug https://bugs.archlinux.org/task/49979 against binutils. It is currently built with HTTP, no GPG signature, and no hash check. They are unwilling to fix the issue and have made several concerning comments. Since the secured PKGBUILD is already made, upstream has little excuse not to package it. We can roll out this important security fix in [libre] after it has been tested. All core packages should have HTTPS/GPG/SHA512 whenever possible, so we will be updating a few other core PKGBUILDs as well and pushing these updates to libre-testing. Luke -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From fauno at endefensadelsl.org Sun Jan 8 15:21:49 2017 From: fauno at endefensadelsl.org (fauno) Date: Sun, 08 Jan 2017 12:21:49 -0300 Subject: [Dev] Compiling our own core packages In-Reply-To: <81df8e88-6736-5c5c-22d8-90d4f7a01ee3@openmailbox.org> References: <81df8e88-6736-5c5c-22d8-90d4f7a01ee3@openmailbox.org> Message-ID: <87o9zh60he.fsf@endefensadelsl.org> Luke writes: > Hello everyone, > > Due to some serious disagreements with upstream Arch, we are going to > start compiling our own core packages. > > This is involving upstream bug https://bugs.archlinux.org/task/49979 > against binutils. It is currently built with HTTP, no GPG signature, and > no hash check. They are unwilling to fix the issue and have made several > concerning comments. wouldn't this mean every package coming from arch would need to be rebuilt? -- :{ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 617 bytes Desc: not available URL: From emulatorman at riseup.net Sun Jan 8 15:31:58 2017 From: emulatorman at riseup.net (=?UTF-8?Q?Andr=c3=a9_Silva?=) Date: Sun, 8 Jan 2017 15:31:58 +0000 Subject: [Dev] [GNU-linux-libre] QTWebengine is nonfree In-Reply-To: References: <87shou5emm.fsf@endefensadelsl.org> <73f618d1-d384-abe2-446c-ccb7b8ea7b5d@openmailbox.org> Message-ID: On 01/08/2017 02:48 PM, philcantor wrote: > Returning to the original topic, QT and KDE were previously using > QTWebkit. Webkit does remain fully free software, and Webkit2 is under > active development. > > It is not just a port of the core HTML/CSS rendering engine, *it is the > entire > Chromium platform.*" > > Ohh fuck... first of all hi to everyone! I switched to Parabola in these > days (good distro!). > > But this is a terrible news for me, thank you very much for sharing this > Andr? Silva! But this means that also QT is in danger? I ask you this > because, I programming in c++ and used QT in past... Yes, it means that QT/KDE framework are in danger (freedom issue and privacy risks) because QTWebgine embeds **entire Chromium platform**. > P.S. = sorry for my terrible english eheh Don't worry, my english is bad too :) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From emulatorman at riseup.net Sun Jan 8 15:36:06 2017 From: emulatorman at riseup.net (=?UTF-8?Q?Andr=c3=a9_Silva?=) Date: Sun, 8 Jan 2017 15:36:06 +0000 Subject: [Dev] [libreplanet-discuss] QTWebengine is nonfree In-Reply-To: <874m197lbr.fsf@openmailbox.org> References: <874m197lbr.fsf@openmailbox.org> Message-ID: <1fd20b28-482e-cb27-13ca-9c0afe3ce26b@riseup.net> On 01/08/2017 01:06 PM, Adonay Felipe Nogueira wrote: > I guess that we could contact the KDE project and tell them the issue so > they can rethink about their move. Would you like report about it to them? it could be a good idea. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From g4jc at openmailbox.org Sun Jan 8 15:48:21 2017 From: g4jc at openmailbox.org (Luke) Date: Sun, 8 Jan 2017 15:48:21 +0000 Subject: [Dev] Compiling our own core packages In-Reply-To: <87o9zh60he.fsf@endefensadelsl.org> References: <81df8e88-6736-5c5c-22d8-90d4f7a01ee3@openmailbox.org> <87o9zh60he.fsf@endefensadelsl.org> Message-ID: <74ad5df5-49a6-430b-9b9a-9c16c5a5df57@openmailbox.org> On 01/08/2017 03:21 PM, fauno wrote: > Luke writes: > >> Hello everyone, >> >> Due to some serious disagreements with upstream Arch, we are going to >> start compiling our own core packages. >> >> This is involving upstream bug https://bugs.archlinux.org/task/49979 >> against binutils. It is currently built with HTTP, no GPG signature, and >> no hash check. They are unwilling to fix the issue and have made several >> concerning comments. > wouldn't this mean every package coming from arch would need to be > rebuilt? > The packages would still run, but yes in order to be secure they would have to be rebuilt. It is a serious problem if the toolchain is compromised. Maybe we could automate this with a build-server? Also your work on dapkg can help us: https://git.parabola.nu/packages/libretools.git/tree/src/dagpkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From philcantor at riseup.net Sun Jan 8 16:02:18 2017 From: philcantor at riseup.net (philcantor) Date: Sun, 8 Jan 2017 17:02:18 +0100 Subject: [Dev] [GNU-linux-libre] QTWebengine is nonfree In-Reply-To: References: <87shou5emm.fsf@endefensadelsl.org> <73f618d1-d384-abe2-446c-ccb7b8ea7b5d@openmailbox.org> Message-ID: <74bb0108-32ab-b84b-9997-1912528bf12c@riseup.net> Bad situation for free software and for people, over all... thank you for your explanation ;) Il 08/01/2017 16:31, Andr? Silva ha scritto: > On 01/08/2017 02:48 PM, philcantor wrote: >> Returning to the original topic, QT and KDE were previously using >> QTWebkit. Webkit does remain fully free software, and Webkit2 is under >> active development. >> >> It is not just a port of the core HTML/CSS rendering engine, *it is the >> entire >> Chromium platform.*" >> >> Ohh fuck... first of all hi to everyone! I switched to Parabola in these >> days (good distro!). >> >> But this is a terrible news for me, thank you very much for sharing this >> Andr? Silva! But this means that also QT is in danger? I ask you this >> because, I programming in c++ and used QT in past... > Yes, it means that QT/KDE framework are in danger (freedom issue and > privacy risks) because QTWebgine embeds **entire Chromium platform**. > >> P.S. = sorry for my terrible english eheh > Don't worry, my english is bad too :) > > From raphael.melotte at gmail.com Sun Jan 8 16:47:07 2017 From: raphael.melotte at gmail.com (=?iso-8859-1?Q?Rapha=EBl M=E9lotte?=) Date: Sun, 08 Jan 2017 17:47:07 +0100 Subject: [Dev] [GNU-linux-libre] QTWebengine is nonfree In-Reply-To: References: <87shou5emm.fsf@endefensadelsl.org> <73f618d1-d384-abe2-446c-ccb7b8ea7b5d@openmailbox.org> Message-ID: <20170108.164707.953.1@SEVENPC> > Yes, it means that QT/KDE framework are in danger (freedom issue and > privacy risks) because QTWebengine embeds **entire Chromium platform**. Are you sure it's a risk that QtWebengine engine is using the chromium platform ? Does that mean that every Qt based browser using QtWebengine is inevitably compiled with the whole chrom(ium) platform ? Maybe it depends on how each application is using QtWebengine. Sorry to ask, but I'm using a Qt-only environment, and trying to keep every application as lightweight as possible (while having as many features as I need and still being freedom/privacy friendly). That mean that I'm using Qupzilla as a web browser, and Qupzilla switched from QtWebkit to QtWebengine because QtWebkit is now considered insecure. If what you're saying is true, that means I will have to switch from a Qt-only to a GTK-only environment since there is no other Qt web browser that fits my needs. I never thought that chromium would be hiding behind QtWebengine and that it could be a problem. Thank you for bringing this to our attention ! From rms at gnu.org Sun Jan 8 19:05:48 2017 From: rms at gnu.org (Richard Stallman) Date: Sun, 08 Jan 2017 14:05:48 -0500 Subject: [Dev] QTWebengine is nonfree In-Reply-To: (message from =?utf-8?Q?Andr=C3=A9?= Silva on Sat, 7 Jan 2017 23:15:44 -0300) References: Message-ID: [[[ To any NSA and FBI agents reading my email: please consider ]]] [[[ whether defending the US Constitution against all enemies, ]]] [[[ foreign or domestic, requires you to follow Snowden's example. ]]] This sounds like a big problem, but it might not be hard to fix. Could someone give me additional information? > Hi guys, since Chromium is blacklisted as nonfree software [0] we have a > serious issue. KDE is migrating their apps to QTWebEngine which contains > Chromium as the embed engine inside it. [1] What does "embed engine" mean? What jobs does it need to do? Is it possible to use Iridium instead of Chromium? Can you tell me the names and addreses of a few people in KDE that it would be useful to discuss this with? -- Dr Richard Stallman President, Free Software Foundation (gnu.org, fsf.org) Internet Hall-of-Famer (internethalloffame.org) Skype: No way! See stallman.org/skype.html. From alejandrohp at openmailbox.org Sun Jan 8 19:48:50 2017 From: alejandrohp at openmailbox.org (=?UTF-8?Q?Alejandro_Hern=c3=a1ndez_Petermann?=) Date: Sun, 8 Jan 2017 20:48:50 +0100 Subject: [Dev] Compiling our own core packages In-Reply-To: <74ad5df5-49a6-430b-9b9a-9c16c5a5df57@openmailbox.org> References: <81df8e88-6736-5c5c-22d8-90d4f7a01ee3@openmailbox.org> <87o9zh60he.fsf@endefensadelsl.org> <74ad5df5-49a6-430b-9b9a-9c16c5a5df57@openmailbox.org> Message-ID: -----BEGIN PGP MESSAGE----- Charset: windows-1252 hQIMAyZCVi//0HRQAQ//U/b9XDBzDk6XA0kIXCpjf/lC4n8K9WzPgppB5rjFaA1C vfhKlOhIR2TMqslbrpT3D041f1WL6egtyIVaWbhMcpdzjfAIe28qypgRP0KdDpPP 6fE0E+4slZIxGDFvudP3X0kPpMYmkJnwiQCUBabJC0ufCOc41SMEuSjBqD3ITJdH MkMiqJhwzEno4NtjkIno9QFvAjaUJJMcLPyzLRtYt5ZxqbUwI5CkEVswtthLTA1a Ls+t7Mfgeq0LKcukG+GJ5X26BLTJmX5lAdjXpDWGeOlTTlzYnG9li0+fjk5HChu/ hPv7pW44xoIRHMpRouxyyRyQi8B9ia/ryV6+x8m1f6fodKotpNKy1uHc0l1CwFQs 4Ds7w68SpwKPIvo3n4nH5j10oMMbIe5PejKGOreeDgx9al/AF8Z2JehXqJ2/QXBQ Q0DfDbrFeOoBfTqfW9U/UrywHSk4pbq1cZUw5bhiWI69ovwFYlc5ftHZnb0NjfgA u4PAG4nwtkdIHrx6o8SKN/S4o4ZXqaS2kIYuugnfSVJ9aN64Nbuy+W+gOvaYMz6D bNNkwMCmf/mKDMaZSS/lNIdqObUNhey+Dlg3bz/oWfWq9JTzjop7u4UQa39QJfTO pXlv6uAJaApvGiXy8MDTNH06ny/DFN6Dl0j6zDk4b7H4kFoS0Mw9iCZ0bqaCCfTS 6QGJqwK1Vi7Sw/LOwmYHA6tQbPbTpZRyieeu8Dd9IUTDhbweI3ossrqL5vRk/e1y f/vuvDtRE3SgCvlkTfbdjEQI/NFCoxIrhPFVHl2F+xoU8uCOT+4Qa2/ScCxoOfDi GXoRkZmLVT/wPtToAyNO0rntLQN/MxPm11dAEuiES6Kt4/tTdZ8mjz6UH90gxQ5O ylMjTMUfYa6R/ijbM2ovfA1Fv5Kaiup/L4+lx5zTYNhK1iw+7V8LExmkErpwoQf9 fy00/SvFDnvuXDb34vVDbAqo842r+9kmRQGtSK27Vr81RmHik5kIndS/C02DFAkt Xe+bg5qNvG1WD6oSE2ewkB7GjHY3El4FiBKgH4RrsxLoGva9gxaaXbN5IcAVSHbJ 930WryCNFzEMg+RPZGoV4Kq/NXZ0bq1iwO9gLiHgq40qE0XnElrCt/2SxADPCYIG alpEaoE9JZ2FGbC5yirUmm9bMrq9vdt3TV4Mfp0qNjsf2Wh+nFhPOhL2vraic92U AS98wdS2nSghHsYyiV6qxoxNwqHNa3IGbw0aOSv4jeEV3h9ycuqGwCs37AhQNlsX TluFZWIOKC+Ym+JKhRvq9RPQfKM0L14bf12aJnwu2Y0HIuHAYBpl/YsU173szAUQ Ml9D3rccIp30nvclrcH4zOUAN6bA2MLijvzYjdKnUi9bqXE1W57tQYGwOGpBsQRo LWISbW3fbHj1jOqMA7F97v7Q+IT4s67/LNuAVOo4edEoh9guJBvgglH5+L8Ud7Yg BmxUAQHbjddqkAYkWgJnxnbRsUmAACj1wRRC5/qAraqwfjtX0BqO5I1JopQ/N01d cpOFMxUlf/D6/Cjyq4BUlR+RDmnvbv+eizNEHg93HfvUpf5i44h7pbPUvXb8Rzo3 3zOpRFGp/by1ET0= =11bB -----END PGP MESSAGE----- From g4jc at openmailbox.org Sun Jan 8 20:20:03 2017 From: g4jc at openmailbox.org (Luke) Date: Sun, 8 Jan 2017 20:20:03 +0000 Subject: [Dev] QTWebengine is nonfree In-Reply-To: References: Message-ID: <992ff647-07d1-314b-ca76-5593c4e30d5c@openmailbox.org> On 01/08/2017 07:05 PM, Richard Stallman wrote: > [[[ To any NSA and FBI agents reading my email: please consider ]]] > [[[ whether defending the US Constitution against all enemies, ]]] > [[[ foreign or domestic, requires you to follow Snowden's example. ]]] > > This sounds like a big problem, but it might not be hard to fix. > > Could someone give me additional information? > > > Hi guys, since Chromium is blacklisted as nonfree software [0] we have a > > serious issue. KDE is migrating their apps to QTWebEngine which contains > > Chromium as the embed engine inside it. [1] > > What does "embed engine" mean? > What jobs does it need to do? > > Is it possible to use Iridium instead of Chromium? > > Can you tell me the names and addreses of a few people in KDE that > it would be useful to discuss this with? > > > /> What does "embed engine" mean?/ To "embed the engine" in this context = running another program inside your own. The code to do it for QT is as simple as: --- import QtQuick 2.1 import QtWebEngine 1.0 WebEngineView { url: "htttp://www.ics.com" } ---- It allows developers to quickly create GUI programs that contain the entire Chromium platform (more than just a web-engine, since Chrome is also developing ChromeOS), without actually having to do any of the work usually required for a backend web engine. This makes for pretty programs with different layouts, all using the same web engine. To quote one of the QT development websites... "As the build includes Google Chromium, which has over 9,000 source files, it will take some time to complete. My build took about forty-five minutes to compile the software on a standard quad-core CPU laptop.... In summary, QtWebEngine is planned to replace QtWebKit as the web-rendering engine for Qt. It will likely be included as part of the Qt 5.4 release. While QtWebKit will continue to be available for binary compatibility, new development will focus on QtWebEngine. I encourage you to take a look at it and consider using it in your Qt applications." (http://www.ics.com/blog/building-qtwebengine) It's essentially the same as Internet Explorer was doing in times past for Visual C++. Users can drag and drop widgets to create "pseudo-browsers", all powered by the same embedded engine. That is why there were (and are) so many non-free browsers. There are in reality only a few free web-engines, and many re-branded "browsers" that mere put shiny new graphics on old engines. (https://en.wikipedia.org/wiki/Trident_%28layout_engine%29#Use_cases) (https://en.wikipedia.org/wiki/Comparison_of_web_browser_engines) /> What jobs does it need to do?/ What a web-engine/layout engine needs to do is quite complex. It is difficult to describe in one e-mail, but the best article I could find is from a Mozilla developer. I am including the highlight of the article below: "Let?s talk terminology. A browser engine is the portion of a web browser that works ?under the hood? to fetch a web page from the internet, and translate its contents into forms you can read, watch, hear, etc. Blink, Gecko, WebKit, and Trident are browser engines. In contrast, the the browser?s own UI?tabs, toolbar, menu and such?is called the chrome. Firefox and SeaMonkey are two browsers with different chrome but the same Gecko engine. A browser engine includes many sub-components: an HTTP client, an HTML parser, a CSS parser, a JavaScript engine (itself composed of parsers, interpreters, and compilers), and much more. Those components involved in parsing web formats like HTML and CSS and translating them into what you see on-screen are sometimes called the layout engine or rendering engine." (https://limpet.net/mbrubeck/2014/08/08/toy-layout-engine-1.html) The above complexity is also why no one wants to do it, they just depend on others to do that work for them and then "embed an engine" into their pseudo-browsers and other programs for rapid development. / //> Is it possible to use Iridium instead of Chromium? / Unfortunately, Iridium has merely used a few inox-patchsets and GUI branding to the Chromium engine. In addition to not blocking non-free addons, it does not solve the non-free license issues, per outstanding bug ticket: https://github.com/iridium-browser/iridium-browser/issues/93 Another project, ungoogled-chromium goes much further, and yet still admits defeat. Here is the state of Ungoogled-Chromium: ---- In addition to features from Debian , Inox patchset , and Iridium Browser : * Replace many web domains in the source code with non-existent alternatives ending in |qjz9zk| (known as domain substitution) * Strip binaries from the source code (known as source cleaning) o This includes all pre-built executables, shared libraries, and other forms of machine code. They are substituted with system or user-provided equivalents, or built from source. o However a few data files (e.g. |*_page_model.bin| that define page models for the DOM Distiller) are left in as they do not contain machine code and are needed for building. * Disable functionality specific to Google domains (e.g. Google Host Detector, Google URL Tracker, Google Cloud Messaging, Google Hotwording, etc.) * Add Omnibox search provider "No Search" to allow disabling of searching * Disable automatic formatting of URLs in Omnibox (e.g. stripping |http://|, hiding certain parameters) * Disable JavaScript dialog boxes from showing when a page closes (onbeforeunload events) o Bypasses the annoying dialog boxes that spawn when a page is being closed * Added menu item under "More tools" to clear the HTTP authentication cache on-demand * Force all pop-ups into tabs * Disable Safe Browsing o See the FAQ * Disable WebRTC o This will be configurable in the future. * Disable intranet redirect detector o Prevents unnecessary invalid DNS requests to the DNS server. o This breaks captive portal detection, but captive portals still work. * Add more URL schemes allowed for saving o Note that this generally works only for the MHTML option, since an MHTML page is generated from the rendered page and not the original cached page like the HTML option. * (Iridium Browser feature change) Prevent URLs with the |trk:| scheme from connecting to the Internet o Also prevents any URLs with the top-level domain |qjz9zk| (as used in domain substitution) from attempting a connection. * (Iridium and Inox feature change) Prevent pinging of IPv6 address when detecting the availability of IPv6 * Support for building Debian and Ubuntu packages o Creates a separate package |chrome-sandbox| for the SUID sandbox + Not necessary to install if the kernel option |unprivileged_userns_clone| is enabled * Windows support with these changes: o Build |wow_helper.exe| from source instead of using the pre-built version o Build |swapimport.exe| from source instead of downloading it from Google (requires customized syzygy source code ) o Build |yasm.exe| from source instead of using the pre-built version o Use user-provided building utilities instead of the ones bundled with Chromium (currently |gperf| and |bison|) o Do not set the Zone Identifier on downloaded files (which is a hassle to unset) DISCLAIMER: Although it is the top priority to eliminate bugs and privacy-invading code, there will be those that slip by due to the fast-paced growth and evolution of the Chromium project. ---- Per Ungoogled-Chromium bug ticket #117: / "/I don't know if any fork of Chromium complies with the free software guidelines. If you are using Debian or Ubuntu, I adapt all of Debian's changes to ungoogled-chromium. I've also stripped almost all of the binary blobs through source cleaner (all of the machine code is gone; some data in binary form for page distillation and international components for unicode)." /"/Closing as wontfix since this is impractical to accomplish without rewriting larger portions of source code to use free software. There simply isn't enough manpower." (https://github.com/Eloston/ungoogled-chromium/issues/117)/ / /> Can you tell me the names and addreses of a few people in KDE that,it would be useful to discuss this with?/ Unfortunately, I don't know of anyone in KDE or QT, but they should definitely be made aware of this issue if they are not already. It present serious freedom concerns. Perhaps some one else can help with this information and reaching out to them/?// /Luke Parabola GNU/Linux-libre Packager https://parabola.nu/ / -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From hanno at hboeck.de Mon Jan 9 21:24:47 2017 From: hanno at hboeck.de (Hanno =?UTF-8?B?QsO2Y2s=?=) Date: Mon, 9 Jan 2017 22:24:47 +0100 Subject: [Dev] [libreplanet-discuss] QTWebengine is nonfree In-Reply-To: References: Message-ID: <20170109222447.39d23b4f@pc1> Hi, On Sat, 7 Jan 2017 23:15:44 -0300 Andr? Silva wrote: > Hi guys, since Chromium is blacklisted as nonfree software [0] we > have a serious issue. KDE is migrating their apps to QTWebEngine > which contains Chromium as the embed engine inside it. [1] I've read through the entire thread now and tried to follow the links, yet I can't find any evidence for the claim that chromium is nonfree. From what I'm aware there was a single incident where chromium automatically downloaded a nonfree plugin called hotword [1], but that was in 2015 and after some complains google changed chromium's behavior and it is no longer downloaded without user's consent. The linked bugreport talks about a script that tries to identify the free-ness of a software, and it seems unable to identify all licenses. That's hardly evidence for chromium being nonfree, it's more likely that the script is incomplete. Debian ships a chromium package in their main repository, and they're generally very sensitive to nonfree code in their packages. I think if there are concerns about the free'ness of chromium they should be substantiated. If there is code within chromium that is nonfree then this should be discussed with the google developers. From my impression the chromium devs have in the past mostly shown an interest in using free licenses, so I'd see a high chance of resolving any issues. Issues regarding to privacy are imho orthogonal to the free software state of an application, but they shouldn't pose any blocker to using the rendering engine. I'd also want to note that there are good reasons why people want to move from webkit to the chrome rendering engine. Many applications using webkit have been stuck with unfixed security vulnerabilities in the past. The chromium engine is well maintained and generally at the forefront when it comes to both security and features in the web. While software freedom is important, it's by far not the only issue that is important when it comes to software ethics. [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786909 -- Hanno B?ck https://hboeck.de/ mail/jabber: hanno at hboeck.de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From fauno at endefensadelsl.org Tue Jan 10 00:12:59 2017 From: fauno at endefensadelsl.org (fauno) Date: Mon, 09 Jan 2017 21:12:59 -0300 Subject: [Dev] [libreplanet-discuss] QTWebengine is nonfree In-Reply-To: <20170109222447.39d23b4f@pc1> References: <20170109222447.39d23b4f@pc1> Message-ID: <87wpe34vsk.fsf@endefensadelsl.org> Hanno B?ck writes: > I'd also want to note that there are good reasons why people want to > move from webkit to the chrome rendering engine. Many applications > using webkit have been stuck with unfixed security vulnerabilities in > the past. The chromium engine is well maintained and generally at the > forefront when it comes to both security and features in the web. > While software freedom is important, it's by far not the only issue > that is important when it comes to software ethics. hopefully people migrating to the chromium engine are sympathetic with the concerns expressed here and are able to replace the non free files found in the source code soon ;) take a look at this thread from 2012: https://lists.nongnu.org/archive/html/gnu-linux-libre/2012-03/msg00028.html -- https://endefensadelsl.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 617 bytes Desc: not available URL: From g4jc at openmailbox.org Tue Jan 10 02:47:00 2017 From: g4jc at openmailbox.org (Luke) Date: Tue, 10 Jan 2017 02:47:00 +0000 Subject: [Dev] [GNU-linux-libre] [libreplanet-discuss] QTWebengine is nonfree In-Reply-To: References: <20170109222447.39d23b4f@pc1> Message-ID: <4b1a80b2-efcf-faea-349f-b2eabb137b34@openmailbox.org> On 01/10/2017 01:17 AM, Julie Marchant wrote: > On 01/09/2017 04:24 PM, Hanno B?ck wrote: >> I think if there are concerns about the free'ness of chromium they >> should be substantiated. > I would like to echo this sentiment. It's been something of a meme for > years that Chromium has proprietary components, but the actual > components that are supposedly proprietary are never pointed to. I see > no indication in Debian's copyright file that any part of Chromium is > proprietary. > > Even the Iridium issue that has been linked to does not indicate that > any part of Iridium is proprietary. It's just someone asking if there > are any proprietary components, and the question hasn't been answered. > > If no one can point to the actual files that are supposedly not properly > licensed, then I think it is fair to assume that the claim is incorrect. > After all, it's not reasonable to wade through every single one of the > files that are a part of the Chromium distribution to make absolutely > sure that every file is properly licensed. We should take people (such > as the Debian package maintainer) at their word when they say that all > the files are under a libre license, unless someone finds evidence to > the contrary. > _Copyright: UNKNOWN - 286 occurrences __License: BSD *(guessed)* - 1017 occurrences License: *No copyright* UNKNOWN - 71 occurrences _ File list available here: http://metadata.ftp-master.debian.org/changelogs/main/c/chromium-browser/chromium-browser_55.0.2883.75-1~deb8u1_copyright I've reached out to ungoogled-chromium as well since the project spends a considerable amount of time patching, to ask what they considered to be "large portions of code". -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From g4jc at openmailbox.org Tue Jan 10 12:48:18 2017 From: g4jc at openmailbox.org (Luke) Date: Tue, 10 Jan 2017 12:48:18 +0000 Subject: [Dev] [GNU-linux-libre] [libreplanet-discuss] QTWebengine is nonfree In-Reply-To: <3dc5119f-f127-e641-be1e-6a818a12b744@riseup.net> References: <20170109222447.39d23b4f@pc1> <4b1a80b2-efcf-faea-349f-b2eabb137b34@openmailbox.org> <3dc5119f-f127-e641-be1e-6a818a12b744@riseup.net> Message-ID: On 01/10/2017 03:27 AM, Julie Marchant wrote: > On 01/09/2017 09:47 PM, Luke wrote: >> _Copyright: UNKNOWN - 286 occurrences >> __License: BSD *(guessed)* - 1017 occurrences >> License: *No copyright* UNKNOWN - 71 occurrences >> _ >> File list available here: >> http://metadata.ftp-master.debian.org/changelogs/main/c/chromium-browser/chromium-browser_55.0.2883.75-1~deb8u1_copyright >> >> I've reached out to ungoogled-chromium as well since the project spends >> a considerable amount of time patching, to ask what they considered to >> be "large portions of code". > That's only in the Jessie package. None of the licenses are indicated to > be "guessed" in the current chromium package for Sid and Stretch: > > http://metadata.ftp-master.debian.org/changelogs/main/c/chromium-browser/chromium-browser_55.0.2883.75-3_copyright > > The only things that are stated to be unknown is "copyright", i.e. who > holds the copyright to the work. But not knowing who holds the copyright > doesn't necessarily imply that the license is unknown. > Thanks for the link. I'm glad to see the situation is improving, ungoogled-chromium also agrees that the situation has changed for the better over the last few months. However, there still seems to be around 57 'source-is-missing' flags in sid that should be fixed: https://lintian.debian.org/maintainer/pkg-chromium-maint at lists.alioth.debian.org.html#chromium-browser Using ungoogled-chromium's patches would also remove pre-built binaries, making it considerably more free than it is by default. In regards to QTWebengine, we would need that they remove pre-built binaries as well - the optional privacy patches would also be a big help for nonprism. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From nobody at parabola.nu Tue Jan 10 14:08:34 2017 From: nobody at parabola.nu (Parabola Website Notification) Date: Tue, 10 Jan 2017 14:08:34 -0000 Subject: [Dev] Orphan Libre package [linux-libre] marked out-of-date Message-ID: <20170110140834.13872.38208@parabola.nu> jm.100best at gmail.com wants to notify you that the following packages may be out-of-date: * linux-libre 4.9.1_gnu-1 [libre] (armv7h): https://parabolagnulinux.org/packages/libre/armv7h/linux-libre/ * linux-libre 4.9.1_gnu-1 [libre] (i686): https://parabolagnulinux.org/packages/libre/i686/linux-libre/ * linux-libre 4.9.1_gnu-1 [libre] (x86_64): https://parabolagnulinux.org/packages/libre/x86_64/linux-libre/ * linux-libre-docs 4.9.1_gnu-1 [libre] (armv7h): https://parabolagnulinux.org/packages/libre/armv7h/linux-libre-docs/ * linux-libre-docs 4.9.1_gnu-1 [libre] (i686): https://parabolagnulinux.org/packages/libre/i686/linux-libre-docs/ * linux-libre-docs 4.9.1_gnu-1 [libre] (x86_64): https://parabolagnulinux.org/packages/libre/x86_64/linux-libre-docs/ * linux-libre-headers 4.9.1_gnu-1 [libre] (armv7h): https://parabolagnulinux.org/packages/libre/armv7h/linux-libre-headers/ * linux-libre-headers 4.9.1_gnu-1 [libre] (i686): https://parabolagnulinux.org/packages/libre/i686/linux-libre-headers/ * linux-libre-headers 4.9.1_gnu-1 [libre] (x86_64): https://parabolagnulinux.org/packages/libre/x86_64/linux-libre-headers/ The user provided the following additional text: Version: "4.9.2". From lovell.joshyyy at gmail.com Thu Jan 12 10:10:58 2017 From: lovell.joshyyy at gmail.com (Josh Branning) Date: Thu, 12 Jan 2017 10:10:58 +0000 Subject: [Dev] Compiling our own core packages In-Reply-To: <81df8e88-6736-5c5c-22d8-90d4f7a01ee3@openmailbox.org> References: <81df8e88-6736-5c5c-22d8-90d4f7a01ee3@openmailbox.org> Message-ID: <58775632.2010302@gmail.com> On 08/01/17 15:09, Luke wrote: > Hello everyone, > > Due to some serious disagreements with upstream Arch, we are going to > start compiling our own core packages. > > This is involving upstream bug https://bugs.archlinux.org/task/49979 > against binutils. It is currently built with HTTP, no GPG signature, and > no hash check. They are unwilling to fix the issue and have made several > concerning comments. > > Since the secured PKGBUILD is already made, upstream has little excuse > not to package it. We can roll out this important security fix in > [libre] after it has been tested. > > All core packages should have HTTPS/GPG/SHA512 whenever possible, so we > will be updating a few other core PKGBUILDs as well and pushing these > updates to libre-testing. > > Luke Regardless of the disagreements with Arch GNU/Linux, I think compiling the core packages is a good idea, it will also be useful for porting to new architectures, indeed, dagpkg could help. I was thinking of compiling pacman on a different system (debian). Then using pacman; get libretools and crosstool-ng; then using libretools and dagpkg; cross compile the base packages using a cross compiler. That way, parabola could be compiled from a different system or, as mentioned, to a new architecture. As it stands, dagpkg is pretty much entirely written in bash, and though libretools has some dependencies, dagpkg alone could probably run on a different system without installing many, or any, other dependencies. Of course, the user wishing to compile parabola on a different system could just install these dependencies ... but this is extra work, and I feel that the fewer dependencies needed to compile a working system, the better. So, let me reiterate: From my perspective, a build server/system would be best if it does not introduce additional (or too many additional) dependencies, other than what's in dagpkg already, but I know that's really up to whoever does the work and puts the effort in. For the packages that can't be cross-compiled (hopefully only the ones that aren't base packages, if at all), qemu would be needed to do the rest, without switching to the host machine. I notice that qemu-static and binfmt-qemu-static both have python2 as a dependency, which is somewhat problematic, as python is difficult to cross-compile without patching. Linux from scratch lists it as a dependency, but the qemu site does not [1], so it makes me wonder if python2 is really needed in these packages too. All in all, I'm glad you have decided to take this route (compiling the base packages from source), as I'm hoping it'll mean less work for me in future. Parabola is an excellent system, and I am very much grateful for the time people have contributed to make it happen. :) Josh. [1] http://wiki.qemu.org/Hosts/Linux From nobody at parabola.nu Sat Jan 14 10:36:24 2017 From: nobody at parabola.nu (Parabola Website Notification) Date: Sat, 14 Jan 2017 10:36:24 -0000 Subject: [Dev] Orphan Pcr package [icedove-enigmail] marked out-of-date Message-ID: <20170114103624.24706.41753@parabola.nu> jc_gargma at iserlohn-fortress.net wants to notify you that the following packages may be out-of-date: * icedove-enigmail 1.8.2-1 [pcr] (i686): https://parabolagnulinux.org/packages/pcr/i686/icedove-enigmail/ * icedove-enigmail 1.8.2-1 [pcr] (x86_64): https://parabolagnulinux.org/packages/pcr/x86_64/icedove-enigmail/ The user provided the following additional text: The current Enigmail stable is 1.9.6.1 From g4jc at openmailbox.org Sat Jan 14 19:20:59 2017 From: g4jc at openmailbox.org (Luke) Date: Sat, 14 Jan 2017 19:20:59 +0000 Subject: [Dev] Website Maintenance Message-ID: <2b759be8-1be7-a6fd-3931-be1cc0cc6baf@openmailbox.org> Just a notification that scheduled website maintenance is underway 1/14/17 to fix security issues and migrate parts of our services to another server. Expect temporary downtime while maintenance while this is underway. Join #parabola IRC on freenode to keep up with the latest events. Luke -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From nobody at parabola.nu Sat Jan 14 23:51:15 2017 From: nobody at parabola.nu (Parabola Website Notification) Date: Sat, 14 Jan 2017 23:51:15 -0000 Subject: [Dev] Orphan Libre package [openmw] marked out-of-date Message-ID: <20170114235115.24706.37895@parabola.nu> jkremer952 at gmail.com wants to notify you that the following packages may be out-of-date: * openmw 0.41.0-1.parabola1 [libre] (i686): https://parabolagnulinux.org/packages/libre/i686/openmw/ * openmw 0.41.0-1.parabola1 [libre] (x86_64): https://parabolagnulinux.org/packages/libre/x86_64/openmw/ The user provided the following additional text: Package requires a version of boost-libs older than what exists in the repositories. Specifically, it requires boost-libs 1.62.0, whereas the version in the repos is 1.63.0. As a result, openmw is not able to find the needed libraries. From isacdaavid at isacdaavid.info Sun Jan 15 02:05:52 2017 From: isacdaavid at isacdaavid.info (Isaac David) Date: Sat, 14 Jan 2017 20:05:52 -0600 Subject: [Dev] [libreplanet-discuss] QTWebengine is nonfree In-Reply-To: <20170109222447.39d23b4f@pc1> References: <20170109222447.39d23b4f@pc1> Message-ID: <1484445952.4822.0@plebeian.isacdaavid.info> Le lun. 9 janv. 2017 ? 15:24, Hanno B?ck a ?crit : > > I've read through the entire thread now and tried to follow the links, > yet I can't find any evidence for the claim that chromium is nonfree. It could very well be free by now, but only if you are willing to overlook the fact that it's not actually being built from sources. The chromium repository still distributes and uses some object code, instead of the original free libraries. We learned that from the aforementioned ungoogled-chromium patchset. Following [1] I also found otherwise-free javascript that only seems to exist in minified form in the Chromium "source" tree.[2] (Ironically, that page requires nonfree javascript to load, but you could clone the repo and follow the same directory structure). I must say most files reported on [1] are false positives; so it's not indicative of how bad the situation really is. > Issues regarding to privacy are imho orthogonal to the free software > state of an application, but they shouldn't pose any blocker to using > the rendering engine. Orthogonal yet absolutely important, because QtWebEngine is said to contain *all* of Chromium, not just the Blink engine. Even if the freedom problems were fixed soon (they could be), we would still need to worry about Qt (and therefore KDE) possibly subjecting their users to the well-documented Google tracking. Chromium would become one of those rare cases of free software that is also spyware. > I'd also want to note that there are good reasons why people want to > move from webkit to the chrome rendering engine. Many applications > using webkit have been stuck with unfixed security vulnerabilities in > the past. The chromium engine is well maintained and generally at the > forefront when it comes to security and features in the web. > While software freedom is important, it's by far not the only issue > that is important when it comes to software ethics. I buy into the unfixed vulnerabilities argument, but the rest is what I would actually deem not only orthogonal, but also irrelevant to the ethical discussion. [1]: https://lintian.debian.org/maintainer/pkg-chromium-maint at lists.alioth.debian.org.html#chromium-browser[2]: https://cs.chromium.org/chromium/src/third_party/catapult/tracing/third_party/d3/d3.min.js -- Isaac David GPG: 38D33EF29A7691134357648733466E12EC7BA943 Tox: 0C730E0156E96E6193A1445D413557FF5F277BA969A4EA20AC9352889D3B390E77651E816F0C -------------- next part -------------- An HTML attachment was scrubbed... URL: From nobody at parabola.nu Sun Jan 15 12:31:04 2017 From: nobody at parabola.nu (Parabola Website Notification) Date: Sun, 15 Jan 2017 12:31:04 -0000 Subject: [Dev] Orphan Pcr package [xf86-video-qxl] marked out-of-date Message-ID: <20170115123104.24706.64326@parabola.nu> woroof at gmail.com wants to notify you that the following packages may be out-of-date: * xf86-video-qxl 0.1.4-6 [pcr] (i686): https://parabolagnulinux.org/packages/pcr/i686/xf86-video-qxl/ * xf86-video-qxl 0.1.4-6 [pcr] (x86_64): https://parabolagnulinux.org/packages/pcr/x86_64/xf86-video-qxl/ The user provided the following additional text: https://www.x.org/releases/individual/driver/ From hanno at hboeck.de Sun Jan 15 21:50:16 2017 From: hanno at hboeck.de (Hanno =?UTF-8?B?QsO2Y2s=?=) Date: Sun, 15 Jan 2017 22:50:16 +0100 Subject: [Dev] [libreplanet-discuss] QTWebengine is nonfree In-Reply-To: <1484445952.4822.0@plebeian.isacdaavid.info> References: <20170109222447.39d23b4f@pc1> <1484445952.4822.0@plebeian.isacdaavid.info> Message-ID: <20170115225016.440b3663@pc1> On Sat, 14 Jan 2017 20:05:52 -0600 Isaac David wrote: > It could very well be free by now, but only if you are willing to > overlook the fact that it's not actually being built from sources. > The chromium repository still distributes and uses some object > code, instead of the original free libraries. Can you point to specific examples with file paths and names? If I search for .o or .so files in the chromium source I don't find anything that looks problematic. There are a couple, but they all seem to be test files as part of test suites, not something that will end up being used and executed. > We learned that from > the aforementioned ungoogled-chromium patchset. Following > [1] I also found otherwise-free javascript that only seems to exist > in minified form in the Chromium "source" tree.[2] The example file you link seems to be a thirdpary code shipped as part of a tool called "catapult", which itself as far as I understand it is a tool for performance analysis. I don't see that file or anything related to catapult in my chromium installation, so my best bet is it's only used for development and again not part of chromium as a software. The Chromium codebase is large and confusing and bundles a whole lot of stuff where it's often hard for outsiders to understand what it's doing. I'm not saying this is ideal. But I don't see any evidence yet that it's deviating from free software principles. > > Issues regarding to privacy are imho orthogonal to the free software > > state of an application, but they shouldn't pose any blocker to > > using the rendering engine. > > Orthogonal yet absolutely important, because QtWebEngine is > said to contain *all* of Chromium, not just the Blink engine. Even > if the freedom problems were fixed soon (they could be), we would > still need to worry about Qt (and therefore KDE) possibly subjecting > their users to the well-documented Google tracking. Sorry, but I don't see that as a logical conclusion. Can you be more specific what kind of google tracking you mean here? How does QT plan to use chromium? I guess the idea is that inside a QT application you can open some html renderer. I don't see why such an application would be exposed to google tracking. Chrome does connect to Google for a whole bunch of reasons, but I'd assume a lot of them are irrelevant in such a case. E.g. it wouldn't want to sync bookmarks or anything alike. -- Hanno B?ck https://hboeck.de/ mail/jabber: hanno at hboeck.de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42 From rms at gnu.org Tue Jan 17 14:57:54 2017 From: rms at gnu.org (Richard Stallman) Date: Tue, 17 Jan 2017 09:57:54 -0500 Subject: [Dev] [GNU-linux-libre] [libreplanet-discuss] QTWebengine is nonfree In-Reply-To: <4b1a80b2-efcf-faea-349f-b2eabb137b34@openmailbox.org> (message from Luke on Tue, 10 Jan 2017 02:47:00 +0000) References: <20170109222447.39d23b4f@pc1> <4b1a80b2-efcf-faea-349f-b2eabb137b34@openmailbox.org> Message-ID: [[[ To any NSA and FBI agents reading my email: please consider ]]] [[[ whether defending the US Constitution against all enemies, ]]] [[[ foreign or domestic, requires you to follow Snowden's example. ]]] > I've reached out to ungoogled-chromium as well since the project spends > a considerable amount of time patching, to ask what they considered to > be "large portions of code". Any response? -- Dr Richard Stallman President, Free Software Foundation (gnu.org, fsf.org) Internet Hall-of-Famer (internethalloffame.org) Skype: No way! See stallman.org/skype.html. From lukeshu at sbcglobal.net Tue Jan 17 20:22:05 2017 From: lukeshu at sbcglobal.net (Luke Shumaker) Date: Tue, 17 Jan 2017 15:22:05 -0500 Subject: [Dev] Website Maintenance In-Reply-To: <2b759be8-1be7-a6fd-3931-be1cc0cc6baf@openmailbox.org> References: <2b759be8-1be7-a6fd-3931-be1cc0cc6baf@openmailbox.org> Message-ID: <87mvep309e.wl-lukeshu@sbcglobal.net> On Sat, 14 Jan 2017 14:20:59 -0500, Luke wrote: > Just a notification that scheduled website maintenance is underway > 1/14/17 to fix security issues and migrate parts of our services to > another server. > > Expect temporary downtime while maintenance while this is underway. > > Join #parabola IRC on freenode to keep up with the latest events. > > > Luke The scheduled maintenance/migration is completed. Notes about maintenance: - Proton rebooted and had downtime, but not due to the maintenance. Ask n1m4d for details. - There was still a logging hiccup around the reboot because of collectd starting before the timesync. It seems that timesyncd is sending READY=1 before it has actually synced, which is wrong. Notes about migration: - repo and repomirror have moved from Proton to Winston. Some users may continue to hit Proton for these; the DNS records have 24hour TTLs. Proton will continue to function in this capacity (although outdated) for as long as necessary (until at least Friday). - www.parabola.nu/packages is not updating since migrating. The solution is to either move www to Winston, or to expose Proton's PostgreSQL to the network (either the Internet, or lvpn (Proton is on lvpn, Winston is currently not) and have reporead run on Winston, talking over the network to Proton's PostgreSQL. - The libretools' libretools.conf default for REPODEST= will no longer work; the authority-part needs to be changed to repo at repo.parabola.nu; though packagers might prefer to use repo at winston.parabola.nu if they do not yet see the DNS changes from their DNS server. A libretools release with updated defaults is blocked by a systemd bug, but should be coming soon. Ongoing work: - The above reporead and libretools issues. - I'm hereby scheduling another maintenance for Friday (2017-10-20) to: * Update parabola-hackers(-nshd) on Winston * Deploy parabola-hackers(-nshd) on Proton * Generally -Syu Winston. * Possibly deploy holo-files on both. -- Happy hacking ~ Other Luke From nobody at parabola.nu Tue Jan 17 20:56:51 2017 From: nobody at parabola.nu (Parabola Website Notification) Date: Tue, 17 Jan 2017 20:56:51 -0000 Subject: [Dev] Orphan Libre package [iceweasel] marked out-of-date Message-ID: <20170117205651.3162.62260@parabola.nu> etfaker at bestmail.ws wants to notify you that the following packages may be out-of-date: * iceweasel 1:50.1.0.deb1-1 [libre] (armv7h): https://parabolagnulinux.org/packages/libre/armv7h/iceweasel/ * iceweasel 1:50.1.0.deb1-1 [libre] (i686): https://parabolagnulinux.org/packages/libre/i686/iceweasel/ * iceweasel 1:50.1.0.deb1-1 [libre] (x86_64): https://parabolagnulinux.org/packages/libre/x86_64/iceweasel/ * iceweasel-debug 1:50.1.0.deb1-1 [libre] (armv7h): https://parabolagnulinux.org/packages/libre/armv7h/iceweasel-debug/ * iceweasel-debug 1:50.1.0.deb1-1 [libre] (i686): https://parabolagnulinux.org/packages/libre/i686/iceweasel-debug/ * iceweasel-debug 1:50.1.0.deb1-1 [libre] (x86_64): https://parabolagnulinux.org/packages/libre/x86_64/iceweasel-debug/ The user provided the following additional text: iceweasel: installing libvpx (1.6.1-1) breaks dependency 'libvpx=1.6.0' From isacdaavid at isacdaavid.info Tue Jan 17 21:58:55 2017 From: isacdaavid at isacdaavid.info (Isaac David) Date: Tue, 17 Jan 2017 15:58:55 -0600 Subject: [Dev] Website Maintenance In-Reply-To: <87mvep309e.wl-lukeshu@sbcglobal.net> References: <2b759be8-1be7-a6fd-3931-be1cc0cc6baf@openmailbox.org> <87mvep309e.wl-lukeshu@sbcglobal.net> Message-ID: <1484690335.4844.0@plebeian.isacdaavid.info> Le mar. 17 janv. 2017 ? 14:22, Luke Shumaker a ?crit : > > - www.parabola.nu/packages is not updating since migrating. The > solution is to either move www to Winston, or to expose Proton's > PostgreSQL to the network (either the Internet, or lvpn (Proton is > on lvpn, Winston is currently not) and have reporead run on > Winston, > talking over the network to Proton's PostgreSQL. There are plans to turn Proton into a proper mirror. No change is necessary if we don't mind waiting between rsync runs to see changes reflected on the web. I vest my support towards this idea in anticipation to a hypothetical discussion. -- Isaac David GPG: 38D33EF29A7691134357648733466E12EC7BA943 Tox: 0C730E0156E96E6193A1445D413557FF5F277BA969A4EA20AC9352889D3B390E77651E816F0C From g4jc at openmailbox.org Tue Jan 17 23:23:43 2017 From: g4jc at openmailbox.org (Luke) Date: Tue, 17 Jan 2017 23:23:43 +0000 Subject: [Dev] [GNU-linux-libre] [libreplanet-discuss] QTWebengine is nonfree In-Reply-To: References: <20170109222447.39d23b4f@pc1> <4b1a80b2-efcf-faea-349f-b2eabb137b34@openmailbox.org> Message-ID: On 01/17/2017 02:57 PM, Richard Stallman wrote: > [[[ To any NSA and FBI agents reading my email: please consider ]]] > [[[ whether defending the US Constitution against all enemies, ]]] > [[[ foreign or domestic, requires you to follow Snowden's example. ]]] > > > I've reached out to ungoogled-chromium as well since the project spends > > a considerable amount of time patching, to ask what they considered to > > be "large portions of code". > > Any response? > I was able to get a response, the developer wrote: --- "Eloston:@g4jc After looking into this issue in greater depth, what I said in #117 may be incorrect. Here is Debian's |copyright| file for Chromium 55 , and here is the Lintian report for the latest Chromium (currently 55) . I'm not seeing anything there that's violating the free software definition, but I could be mistaken." ---- The situation has definitely improved since the last Debian Lintian report. In the first report there were several thousand files missing license information. That is now down to <100 files. Using ungoogled-chromium's combined patches to strip pre-built binaries and apply privacy fixes would be a minimum requirement in my opinion. Even if we (Parabola) can patch it, it would be much better if KDE and QT did this upstream. As it has the potential to affect millions of GNU/Linux users - well outside of just Parabola. However, my sentiments also echo what Isacc wrote on this thread, and are especially important for Parabola's nonprism (privacy) repo: --- "Orthogonal yet absolutely important, because QtWebEngine is said to contain *all* of Chromium, not just the Blink engine. Even if the freedom problems were fixed soon (they could be), we would still need to worry about Qt (and therefore KDE) possibly subjecting their users to the well-documented Google tracking. Chromium would become one of those rare cases of free software that is also spyware." --- We have no reliable way of controlling fingerprinting API's in an embedded Chromium. As previously mentioned liberating this requires: - No non-free source code - No pre-built binaries or libraries (e.g. compile and use system ones instead), no use of "use_prebuilt" in makefile. - Access to chrome://flags[1] - Ability to solve well-known privacy issues[2] For those on the mailing list who still believe Google is not tracking users, and is a "Do no evil" corporation at heart - I deplore you to "google it". (or preferably duckduckgo/searx/yacy it since that is much safer). The many connections to Google that are outbound from Chromium, even if good by intention, create very invasive meta data and fingerprinting opportunities. These opportunities can be exploited against users, many of which may have no idea that Chromium is running on their computer if it is embedded. We may never be able to block them all due to Chromium's design, but limiting it's reach is essential. To demonstrate the seriousness of this issue on Parabola: - Try installing KDE's GnuPG frontend "kgpg" --> depends on --> akonadi-contacts --> currently requires --> qt5-webengine (Chromium) Luke Parabola GNU/Linux-libre Packager https://parabola.nu 1. http://stackoverflow.com/questions/17060363/google-chrome-how-can-i-programmatically-enable-chrome-flags-some-of-the-mod 2. https://trac.torproject.org/projects/tor/wiki/doc/ImportantGoogleChromeBugs -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From alejandrohp at openmailbox.org Wed Jan 18 00:33:03 2017 From: alejandrohp at openmailbox.org (=?UTF-8?Q?Alejandro_Hern=c3=a1ndez_Petermann?=) Date: Wed, 18 Jan 2017 01:33:03 +0100 Subject: [Dev] Website Maintenance In-Reply-To: <87mvep309e.wl-lukeshu@sbcglobal.net> References: <2b759be8-1be7-a6fd-3931-be1cc0cc6baf@openmailbox.org> <87mvep309e.wl-lukeshu@sbcglobal.net> Message-ID: " for Friday (2017-10-20) " October?? It's January, right? xD On 17/01/17 21:22, Luke Shumaker wrote: > On Sat, 14 Jan 2017 14:20:59 -0500, > Luke wrote: >> Just a notification that scheduled website maintenance is underway >> 1/14/17 to fix security issues and migrate parts of our services to >> another server. >> >> Expect temporary downtime while maintenance while this is underway. >> >> Join #parabola IRC on freenode to keep up with the latest events. >> >> >> Luke > > The scheduled maintenance/migration is completed. > > Notes about maintenance: > > - Proton rebooted and had downtime, but not due to the maintenance. > Ask n1m4d for details. > > - There was still a logging hiccup around the reboot because of > collectd starting before the timesync. It seems that timesyncd is > sending READY=1 before it has actually synced, which is wrong. > > Notes about migration: > > - repo and repomirror have moved from Proton to Winston. Some users > may continue to hit Proton for these; the DNS records have 24hour > TTLs. Proton will continue to function in this capacity (although > outdated) for as long as necessary (until at least Friday). > > - www.parabola.nu/packages is not updating since migrating. The > solution is to either move www to Winston, or to expose Proton's > PostgreSQL to the network (either the Internet, or lvpn (Proton is > on lvpn, Winston is currently not) and have reporead run on Winston, > talking over the network to Proton's PostgreSQL. > > - The libretools' libretools.conf default for REPODEST= will no > longer work; the authority-part needs to be changed to > repo at repo.parabola.nu; though packagers might prefer to use > repo at winston.parabola.nu if they do not yet see the DNS changes > from their DNS server. A libretools release with updated defaults > is blocked by a systemd bug, but should be coming soon. > > Ongoing work: > > - The above reporead and libretools issues. > > - I'm hereby scheduling another maintenance for Friday (2017-10-20) > to: > * Update parabola-hackers(-nshd) on Winston > * Deploy parabola-hackers(-nshd) on Proton > * Generally -Syu Winston. > * Possibly deploy holo-files on both. > > -- > Happy hacking > ~ Other Luke > _______________________________________________ > Dev mailing list > Dev at lists.parabola.nu > https://lists.parabola.nu/mailman/listinfo/dev > From lukeshu at sbcglobal.net Wed Jan 18 02:32:56 2017 From: lukeshu at sbcglobal.net (Luke Shumaker) Date: Tue, 17 Jan 2017 21:32:56 -0500 Subject: [Dev] libretools 20170117 release announcement Message-ID: <87h94x9jxj.wl-lukeshu@sbcglobal.net> I just released libretools 20170117 to [libre], and pushed the source tarball to . This is mostly a bugfix release to version 20160609, most importantly that it works with the updated servers. Fixes from 20160609 to 20170117: * libretools.conf defaults: - Push packages to "repo.parabola.nu" instead of "parabola.nu", as they are no longer the same host. * librerelease: - Instead of hardcoding the path to `db-update` on the server, use PATH to find it. Minor changes from 20160609 to 20170117: * libretools.conf defaults: - Change projects.parabola.nu URLs to git.parabola.nu. This should avoid the round-trip delay of a redirect, but not really affect anything. * librefetch - Fix a typo in the man-page. - Change what the output of the post-install script looks like. As a supplementary note, some users were reporting issues from librechroot when the output is piped (which affects libremakepkg). This is being caused by a bug in Linux 4.9. Because of this and other bugs in 4.9, I have downgraded the linux-libre package to 4.8.14-gnu (with pkgver=4.9.4_4.8.14_gnu, so that users will get it without any special intervention). This reflects Arch Linux's decision to also avoid 4.9 (they are still on 4.8.13). -- Happy hacking, ~ Luke Shumaker From lukeshu at sbcglobal.net Wed Jan 18 02:33:56 2017 From: lukeshu at sbcglobal.net (Luke Shumaker) Date: Tue, 17 Jan 2017 21:33:56 -0500 Subject: [Dev] Website Maintenance In-Reply-To: References: <2b759be8-1be7-a6fd-3931-be1cc0cc6baf@openmailbox.org> <87mvep309e.wl-lukeshu@sbcglobal.net> Message-ID: <87fukh9jvv.wl-lukeshu@sbcglobal.net> On Tue, 17 Jan 2017 19:33:03 -0500, Alejandro Hern?ndez Petermann wrote: > " for Friday (2017-10-20) " October?? It's January, right? xD Whoops! :) I meant 2017-10-20 -- Happy hacking, ~ Luke Shumaker From lovell.joshyyy at gmail.com Wed Jan 18 05:59:16 2017 From: lovell.joshyyy at gmail.com (Josh Branning) Date: Wed, 18 Jan 2017 05:59:16 +0000 Subject: [Dev] Raspberry Pi Message-ID: <587F0434.1080408@gmail.com> FYI http://crna.cc/ From emulatorman at riseup.net Wed Jan 18 09:22:22 2017 From: emulatorman at riseup.net (=?UTF-8?Q?Andr=c3=a9_Silva?=) Date: Wed, 18 Jan 2017 06:22:22 -0300 Subject: [Dev] [News] Linux-libre downgrade - Manual intervention required Message-ID: <97f28776-ee71-caba-894b-f48689da0643@riseup.net> For userspace-breaking bugs in 4.9.3-gnu, the linux-libre package has been downgraded to 4.8.17-gnu. Even, another kernel packages which are using this version will be downgraded too. For this reason, all users are required to allow downgrades on their next update: # pacman -Suu -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From raphael.melotte at gmail.com Wed Jan 18 10:33:38 2017 From: raphael.melotte at gmail.com (=?UTF-8?B?UmFwaGHDq2wgTcOpbG90dGU=?=) Date: Wed, 18 Jan 2017 11:33:38 +0100 Subject: [Dev] Raspberry Pi In-Reply-To: <587F0434.1080408@gmail.com> References: <587F0434.1080408@gmail.com> Message-ID: Thanks ! Awesome news 2017-01-18 6:59 GMT+01:00 Josh Branning : > FYI > > http://crna.cc/ > _______________________________________________ > Dev mailing list > Dev at lists.parabola.nu > https://lists.parabola.nu/mailman/listinfo/dev > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nobody at parabola.nu Wed Jan 18 13:53:50 2017 From: nobody at parabola.nu (Parabola Website Notification) Date: Wed, 18 Jan 2017 13:53:50 -0000 Subject: [Dev] Orphan Libre package [acpi_call] marked out-of-date Message-ID: <20170118135350.3162.31183@parabola.nu> alessi at robertalessi.net wants to notify you that the following packages may be out-of-date: * acpi_call 1.1.0-53.parabola1.basekernel4.9 [libre] (armv7h): https://parabolagnulinux.org/packages/libre/armv7h/acpi_call/ * acpi_call 1.1.0-54.parabola1.basekernel4.9 [libre] (i686): https://parabolagnulinux.org/packages/libre/i686/acpi_call/ * acpi_call 1.1.0-54.parabola1.basekernel4.9 [libre] (x86_64): https://parabolagnulinux.org/packages/libre/x86_64/acpi_call/ The user provided the following additional text: This version prevents the downgrade of linux-libre that is currently recommended on the front page of parabola.nu. Many thanks, --robert From g4jc at openmailbox.org Thu Jan 19 02:09:06 2017 From: g4jc at openmailbox.org (Luke) Date: Thu, 19 Jan 2017 02:09:06 +0000 Subject: [Dev] Website Maintenance In-Reply-To: <87fukh9jvv.wl-lukeshu@sbcglobal.net> References: <2b759be8-1be7-a6fd-3931-be1cc0cc6baf@openmailbox.org> <87mvep309e.wl-lukeshu@sbcglobal.net> <87fukh9jvv.wl-lukeshu@sbcglobal.net> Message-ID: <98abc913-caff-d802-7a41-ac82633b840c@openmailbox.org> On 01/18/2017 02:33 AM, Luke Shumaker wrote: > On Tue, 17 Jan 2017 19:33:03 -0500, > Alejandro Hern?ndez Petermann wrote: >> " for Friday (2017-10-20) " October?? It's January, right? xD > Whoops! :) > > I meant 2017-10-20 > Well, by the time October comes we should do routine maintenance anyway. Extra-early notice. :P -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From alejandrohp at openmailbox.org Thu Jan 19 07:58:21 2017 From: alejandrohp at openmailbox.org (=?UTF-8?Q?Alejandro_Hern=c3=a1ndez_Petermann?=) Date: Thu, 19 Jan 2017 08:58:21 +0100 Subject: [Dev] Website Maintenance In-Reply-To: <98abc913-caff-d802-7a41-ac82633b840c@openmailbox.org> References: <2b759be8-1be7-a6fd-3931-be1cc0cc6baf@openmailbox.org> <87mvep309e.wl-lukeshu@sbcglobal.net> <87fukh9jvv.wl-lukeshu@sbcglobal.net> <98abc913-caff-d802-7a41-ac82633b840c@openmailbox.org> Message-ID: :) On 19/01/17 03:09, Luke wrote: > On 01/18/2017 02:33 AM, Luke Shumaker wrote: >> On Tue, 17 Jan 2017 19:33:03 -0500, >> Alejandro Hern?ndez Petermann wrote: >>> " for Friday (2017-10-20) " October?? It's January, right? xD >> Whoops! :) >> >> I meant 2017-10-20 >> > Well, by the time October comes we should do routine maintenance anyway. > Extra-early notice. :P > > > > > _______________________________________________ > Dev mailing list > Dev at lists.parabola.nu > https://lists.parabola.nu/mailman/listinfo/dev > From nobody at parabola.nu Thu Jan 19 09:56:35 2017 From: nobody at parabola.nu (Parabola Website Notification) Date: Thu, 19 Jan 2017 09:56:35 -0000 Subject: [Dev] Orphan Nonprism package [icedove] marked out-of-date Message-ID: <20170119095635.3162.99079@parabola.nu> alessi at robertalessi.net wants to notify you that the following packages may be out-of-date: The user provided the following additional text: This needs to be recompiled with the latest libvpx (1.6.1-1). Currently the dependency libvpx=1.6.0 prevents icedove-nonprism from being upgraded. Many thanks, Robert From emulatorman at riseup.net Thu Jan 19 12:48:50 2017 From: emulatorman at riseup.net (=?UTF-8?Q?Andr=c3=a9_Silva?=) Date: Thu, 19 Jan 2017 09:48:50 -0300 Subject: [Dev] Orphan Nonprism package [icedove] marked out-of-date In-Reply-To: <20170119095635.3162.99079@parabola.nu> References: <20170119095635.3162.99079@parabola.nu> Message-ID: <58950455-78b2-3fea-769a-401820ff9c5b@riseup.net> On 01/19/2017 06:56 AM, Parabola Website Notification wrote: > alessi at robertalessi.net wants to notify you that the following packages may be out-of-date: > > > > > The user provided the following additional text: > > This needs to be recompiled with the latest libvpx (1.6.1-1). Currently the dependency libvpx=1.6.0 prevents icedove-nonprism from being upgraded. > Many thanks, Robert I pushed a new version of Icedove, check if it works well and let me know. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From alejandrohp at openmailbox.org Thu Jan 19 14:28:05 2017 From: alejandrohp at openmailbox.org (=?UTF-8?Q?Alejandro_Hern=c3=a1ndez_Petermann?=) Date: Thu, 19 Jan 2017 15:28:05 +0100 Subject: [Dev] Orphan Nonprism package [icedove] marked out-of-date In-Reply-To: <58950455-78b2-3fea-769a-401820ff9c5b@riseup.net> References: <20170119095635.3162.99079@parabola.nu> <58950455-78b2-3fea-769a-401820ff9c5b@riseup.net> Message-ID: -----BEGIN PGP MESSAGE----- Charset: windows-1252 hQIMA2tsproQ6JDIAQ//dGEz587nhyij1LiTSNio8ZZlwLqARraUharLSdtBeNhC hf+42cSAdhbMJWxaRBmNZY0EA3/K5fwYuwBJMv9/wKlgJDTVhzS6qgybKVNRFRPc kDv6eOwohZX0oTjsNOlmyTpighwVTLn6efmCDKliXCTvLgJHaOFKpa7piHqb28jy McgWbLl/HEUt8R1R6AuyKjm3QXjWKiSPP1oz27KxAupFgv6MplVfoFEhPQ9hyxfy wpyueHohx9C4+YIznAPsSMuVyVatwlFBWhL9EhBuXx3swo9MkD1AjYKtuC8wF4cg S8KyuEk91HjsvdDLomeLsBC7VkTdKYK/itVgvBfQDEzlqBLxfkhTjWRXmoqOD4jS 6N9U8SrOaniPtXmXcam8ySqcZNDsFrGyt9uuYmJ+QTvUamehfUbPx88XNmKq7vk5 m+sHs4gULCJ1mVCU1KbhAoWPG+FIGfaigbhLGeJatJHvC1Iq0IS7acfsc266mAzI towNXY6X9qMtZXak1Hc7sbxngzxZDefkyNnqCSzFoaox3aF3RgxTVDolXendo+o3 QSwiunsW1emTsaOm4e6LsLD0DKfj91LG5qbMmg9US9cx9BP4VeD2S5Tk+6P9ObN9 vvr51i99zO7Nlpk/EEXqHD+8dSq6PLVqsGexTzky8o3JCEd98cW+mSXvwNyuZBOF AgwDJkJWL//QdFABD/9oPCpQMD6VYbOPWePJ7MOaYcSu2r2r0Gyxsizdnk7MMfYw 14IQIh5OgbpN/sWzK72G8tdRsQ5/avMxSb16MR5zICyZnnVpuLIrpzG8DAtJjq0G LPJdqa41Cu44dAYl5MHFk/kcYsB1sa+gR9rITI+vAvafOXiUkuTMXkBBTr+NUqU1 GHJTF1TN45cdbgRu63VYnMNvEazCr/b6PbXFJw8BbkpLDy7CFH374aLrh56mPZ0s IyUAQyBHrtznC2wugvV5fKg4DBd/ueszYPn9g0uvv21L+EttlEYJzR0cXKO8IlQ0 fr5Y17+s7k60vP1i8cewUwXjEuv+VE1JJ/BgsFnQ0c2r4U/AhKuylSKzYqJzwQUk nsGGKcpeMl593mMcaa6LCZsdnJ0VS71BBnc94GJHP13e/2un4QHJUAk2BgGf0gRO /MWzABH5YlyfsS5A7ng2tGBJ+nMuRzu6cNmyIX/9SrwnSgo+wI5n9Rij3Zh9TKWh obJMoFhbVgtvpku2Rlma46OpRK9nMcT9R4d+pa6h4+0sC259E2XmcaMCX5Iqn+zj e9nNsUXgButTHyaUL8l30IF+KkGT94XZsVfqXtMA3TVnr8y8YGH0Tg+1UZb3vV/1 9nrpkaoG7wIFoSV80JM2bzupX58NMGTYPasA2mTFztJTzWpHDYPfdz1SqysUedLB MgHPGkkOu+zy8gqr52vjo+/KwV8FChb6LEoIIpOb6ijrETvz6O+FWM4JAgrL+5cd qz9hCq3PDErcxgsr/bX0x8myq9o9vMgkts0mKYJvxBgmHdwgwVRiD+PU676AmlvH VPqEuR0ug7H3kChrJq3w8AVQ4+HunpBo4sfm2PnE1VUdSTSvbdhHCv/GOQRRc2xH vebpze70XTBvIBK6lWitBEOo7eNDDiSgAKA7G0lSe7tvvleDFM3b2t+bbvHxi5S3 a0XOY4GE0uObTPejGYFFvuO/n0IM6SIdU0xaTnYTkZSboLPcmP9syZs2dyAb5yNl AnMofefPlRFCJYWriIhcKjYZmBheCfmJeXhfWgr7vrNdEelWAzYk4f6GFF9goJ1X 0nByOQJy9il4Na3UBjAN6giINlaetZgE6I9CT5AP6pmeksOH0q2OxedGNEX80jey 1n/v8f8IoQ41xkb8gv+71fIAt/mHo28Xt8qTfrkEAuusZZBpLdjLTz3xwd3erxkf j5HTObvYPOu/1csrGZt4qGw+0PA/2Gd4bD12YZD2dB6dzncDWKAU1xEUC13Dp4jT Ngb59/vwFRsHS7GZIKY9+naPQIwgJreu9EXt1MgSGLe9cPORWmNyeydbr1IDC5iG oUfZ1abwOeJ5iNYuacGhKnEdmA== =FULe -----END PGP MESSAGE----- From nobody at parabola.nu Thu Jan 19 14:54:50 2017 From: nobody at parabola.nu (Parabola Website Notification) Date: Thu, 19 Jan 2017 14:54:50 -0000 Subject: [Dev] Orphan Libre package [blender] marked out-of-date Message-ID: <20170119145450.866.31709@parabola.nu> Yolanta9944 at gmail.com wants to notify you that the following packages may be out-of-date: * blender 17:2.78.a-5.parabola1 [libre] (armv7h): https://parabolagnulinux.org/packages/libre/armv7h/blender/ * blender 17:2.78.a-5.parabola1 [libre] (i686): https://parabolagnulinux.org/packages/libre/i686/blender/ * blender 17:2.78.a-5.parabola1 [libre] (x86_64): https://parabolagnulinux.org/packages/libre/x86_64/blender/ * blender-addon-gimp 17:2.78.a-5.parabola1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/blender-addon-gimp/ * blender-addon-povray 17:2.78.a-5.parabola1 [libre] (armv7h): https://parabolagnulinux.org/packages/libre/armv7h/blender-addon-povray/ * blender-addon-povray 17:2.78.a-5.parabola1 [libre] (i686): https://parabolagnulinux.org/packages/libre/i686/blender-addon-povray/ * blender-addon-povray 17:2.78.a-5.parabola1 [libre] (x86_64): https://parabolagnulinux.org/packages/libre/x86_64/blender-addon-povray/ The user provided the following additional text: Bug 592729 ? [abrt] crash in calf-0.0.18.5-3.fc12: pa ... From rms at gnu.org Sun Jan 22 23:58:51 2017 From: rms at gnu.org (Richard Stallman) Date: Sun, 22 Jan 2017 18:58:51 -0500 Subject: [Dev] [libreplanet-discuss] QTWebengine is nonfree In-Reply-To: <87wpe34vsk.fsf@endefensadelsl.org> (message from fauno on Mon, 09 Jan 2017 21:12:59 -0300) References: <20170109222447.39d23b4f@pc1> <87wpe34vsk.fsf@endefensadelsl.org> Message-ID: [[[ To any NSA and FBI agents reading my email: please consider ]]] [[[ whether defending the US Constitution against all enemies, ]]] [[[ foreign or domestic, requires you to follow Snowden's example. ]]] > hopefully people migrating to the chromium engine are sympathetic with > the concerns expressed here and are able to replace the non free files > found in the source code soon ;) Can you tell me their names and email addresses? -- Dr Richard Stallman President, Free Software Foundation (gnu.org, fsf.org) Internet Hall-of-Famer (internethalloffame.org) Skype: No way! See stallman.org/skype.html. From rms at gnu.org Mon Jan 23 00:00:03 2017 From: rms at gnu.org (Richard Stallman) Date: Sun, 22 Jan 2017 19:00:03 -0500 Subject: [Dev] [GNU-linux-libre] [libreplanet-discuss] QTWebengine is nonfree In-Reply-To: (message from Luke on Tue, 17 Jan 2017 23:23:43 +0000) References: <20170109222447.39d23b4f@pc1> <4b1a80b2-efcf-faea-349f-b2eabb137b34@openmailbox.org> Message-ID: [[[ To any NSA and FBI agents reading my email: please consider ]]] [[[ whether defending the US Constitution against all enemies, ]]] [[[ foreign or domestic, requires you to follow Snowden's example. ]]] > We have no reliable way of controlling fingerprinting API's in an > embedded Chromium. > As previously mentioned liberating this requires: > - No non-free source code > - No pre-built binaries or libraries (e.g. compile and use system ones > instead), no use of "use_prebuilt" in makefile. > - Access to chrome://flags[1] > - Ability to solve well-known privacy issues[2] I agree. The question is, how can we organize efforts to do this. I would like to try to persuade the KDE project to pay attention to this. Can you find out who I should talk with? -- Dr Richard Stallman President, Free Software Foundation (gnu.org, fsf.org) Internet Hall-of-Famer (internethalloffame.org) Skype: No way! See stallman.org/skype.html. From rms at gnu.org Mon Jan 23 00:00:13 2017 From: rms at gnu.org (Richard Stallman) Date: Sun, 22 Jan 2017 19:00:13 -0500 Subject: [Dev] [GNU-linux-libre] [libreplanet-discuss] QTWebengine is nonfree In-Reply-To: (message from Luke on Tue, 17 Jan 2017 23:23:43 +0000) References: <20170109222447.39d23b4f@pc1> <4b1a80b2-efcf-faea-349f-b2eabb137b34@openmailbox.org> Message-ID: [[[ To any NSA and FBI agents reading my email: please consider ]]] [[[ whether defending the US Constitution against all enemies, ]]] [[[ foreign or domestic, requires you to follow Snowden's example. ]]] Would someone here like to make a web page _addressed to non-wizards_ explaining all the flaws in Chromium? We could host it on gnu.org or fsf.org, but someone needs to write it. -- Dr Richard Stallman President, Free Software Foundation (gnu.org, fsf.org) Internet Hall-of-Famer (internethalloffame.org) Skype: No way! See stallman.org/skype.html. From rms at gnu.org Mon Jan 23 00:00:47 2017 From: rms at gnu.org (Richard Stallman) Date: Sun, 22 Jan 2017 19:00:47 -0500 Subject: [Dev] [GNU-linux-libre] [libreplanet-discuss] QTWebengine is nonfree In-Reply-To: (message from Luke on Tue, 17 Jan 2017 23:23:43 +0000) References: <20170109222447.39d23b4f@pc1> <4b1a80b2-efcf-faea-349f-b2eabb137b34@openmailbox.org> Message-ID: [[[ To any NSA and FBI agents reading my email: please consider ]]] [[[ whether defending the US Constitution against all enemies, ]]] [[[ foreign or domestic, requires you to follow Snowden's example. ]]] > The situation has definitely improved since the last Debian Lintian > report. In the first report there were several thousand files missing > license information. > That is now down to <100 files. > Using ungoogled-chromium's combined patches to strip pre-built binaries > and apply privacy fixes would be a minimum requirement in my opinion. How close is ungoogled-chromium coming to doing what we need? What concrete changes remain necessary, to bring it to a point where we could use it? -- Dr Richard Stallman President, Free Software Foundation (gnu.org, fsf.org) Internet Hall-of-Famer (internethalloffame.org) Skype: No way! See stallman.org/skype.html. From elyzabethvonreuenthal at iserlohn-fortress.net Mon Jan 23 12:22:33 2017 From: elyzabethvonreuenthal at iserlohn-fortress.net (Elyzabeth von Reuenthal) Date: Mon, 23 Jan 2017 13:22:33 +0100 Subject: [Dev] [libreplanet-discuss] QTWebengine is nonfree Message-ID: <3607381.xQReYz2B4a@kongou> QtWebEngine doesn't contain *all* of chromium. It contains Blink; uses the Skia rendering library over the Qt rendering system; the Chromium networking stack and cookie management. A more extensive list of features can be found here: https://doc.qt.io/qt-5/qtwebengine-features.html Apart from the features listed, others such as the Google account integration and download scanning do not exist in QtWebEngine. More information on how Chromium is modified by Qt can be found here: https:// wiki.qt.io/QtWebEngine_Rebase_on_New_Chromium > How does QT plan to use chromium? I guess the idea is that inside a QT > application you can open some html renderer. That is exactly the purpose of QtWebEngine. I think the best way to resolve whether or not the use of Chromium in QtWebEngine is a privacy concern is to raise the question to the developers. Contact details can be found at https://wiki.qt.io/QtWebEngineContribute -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: This is a digitally signed message part. URL: From g4jc at openmailbox.org Mon Jan 23 23:45:41 2017 From: g4jc at openmailbox.org (Luke) Date: Mon, 23 Jan 2017 23:45:41 +0000 Subject: [Dev] QTWebengine compliance with FSDG Message-ID: Hello, I am currently a packager for Parabola GNU/Linux-libre. While investigating the change from Webkit to Webengine, I discovered several concerning issues that affect our compliance with the Free Software Foundation's Free System Distribution Guidelines (FSDG).[1] I am hopeful that some developers will be able to clarify these issues for us as it affects hundreds of projects downstream including nearly all of KDE, as well as many QT programs. In particular, your website claims it is not just a rendering engine, "it is the entire Chromium platform."[2] If this is true, there are many outstanding issues with Chromium which we would need to be addressed. 1) Was any attempt made to remove Google specific code from Chromium prior to preparing QTWebengine? - If not, could ungoogled-chromium patches be applied to your code?[3] By default, Chromium has many lines of code that make internet queries to Google. Building it using the default settings essentially puts your browser into the cloud. As mentioned in the GNU.org article "Who does that server really serve?"[4], free software is only free when you are in control. Any use of Google API, Google Sync, Google Hangouts, and Google OK, does not classify as free software. 2) Is any form of proprietary code such as Adobe pepperflash, webvine DRM[5], or proprietary codecs included? If so, can they be removed or disabled with a compile time option? 3) Is it possible to compile QTWebengine with specific chrome://flags?[6] Due to privacy and security concerns of Geolocation API, and GamePad API, among others, we would like to have the ability to disable these settings for our distribution. 4) Was any work done to fix outstanding proxy leaks in Chromium, which ignore system proxy settings?[7] Once these issues are resolved we will able to include QTWebengine in our distribution without issue, otherwise we may have to remove it. Due to this being a core package we are hesitant to remove it due to the hundreds of packages now depending upon it. Thank you for your time and concern regarding this important matter. Sincerely, Luke Parabola GNU/Linux-libre Packager https://parabola.nu 1. https://www.gnu.org/distros/free-system-distribution-guidelines.html 2. https://wiki.qt.io/QtWebEngine 3. https://github.com/Eloston/ungoogled-chromium 4. https://www.gnu.org/philosophy/who-does-that-server-really-serve.html 5. http://defectivebydesign.org/ 6. http://stackoverflow.com/questions/17060363/google-chrome-how-can-i-programmatically-enable-chrome-flags-some-of-the-mod 7. https://bugs.chromium.org/p/chromium/issues/detail?id=80722#c33 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From nobody at parabola.nu Tue Jan 24 16:06:15 2017 From: nobody at parabola.nu (Parabola Website Notification) Date: Tue, 24 Jan 2017 16:06:15 -0000 Subject: [Dev] Orphan Libre package [iceweasel-l10n-es-ar] marked out-of-date Message-ID: <20170124160615.866.32874@parabola.nu> eliotime3000 at openmailbox.org wants to notify you that the following packages may be out-of-date: * iceweasel-l10n-ach 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-ach/ * iceweasel-l10n-af 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-af/ * iceweasel-l10n-an 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-an/ * iceweasel-l10n-ar 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-ar/ * iceweasel-l10n-as 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-as/ * iceweasel-l10n-ast 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-ast/ * iceweasel-l10n-az 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-az/ * iceweasel-l10n-be 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-be/ * iceweasel-l10n-bg 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-bg/ * iceweasel-l10n-bn-bd 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-bn-bd/ * iceweasel-l10n-bn-in 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-bn-in/ * iceweasel-l10n-br 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-br/ * iceweasel-l10n-bs 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-bs/ * iceweasel-l10n-ca 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-ca/ * iceweasel-l10n-cak 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-cak/ * iceweasel-l10n-cs 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-cs/ * iceweasel-l10n-cy 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-cy/ * iceweasel-l10n-da 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-da/ * iceweasel-l10n-de 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-de/ * iceweasel-l10n-dsb 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-dsb/ * iceweasel-l10n-el 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-el/ * iceweasel-l10n-en-gb 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-en-gb/ * iceweasel-l10n-en-za 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-en-za/ * iceweasel-l10n-eo 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-eo/ * iceweasel-l10n-es-ar 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-es-ar/ * iceweasel-l10n-es-cl 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-es-cl/ * iceweasel-l10n-es-es 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-es-es/ * iceweasel-l10n-es-mx 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-es-mx/ * iceweasel-l10n-et 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-et/ * iceweasel-l10n-eu 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-eu/ * iceweasel-l10n-fa 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-fa/ * iceweasel-l10n-ff 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-ff/ * iceweasel-l10n-fi 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-fi/ * iceweasel-l10n-fr 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-fr/ * iceweasel-l10n-fy-nl 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-fy-nl/ * iceweasel-l10n-ga-ie 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-ga-ie/ * iceweasel-l10n-gd 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-gd/ * iceweasel-l10n-gl 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-gl/ * iceweasel-l10n-gn 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-gn/ * iceweasel-l10n-gu-in 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-gu-in/ * iceweasel-l10n-he 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-he/ * iceweasel-l10n-hi-in 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-hi-in/ * iceweasel-l10n-hr 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-hr/ * iceweasel-l10n-hsb 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-hsb/ * iceweasel-l10n-hu 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-hu/ * iceweasel-l10n-hy-am 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-hy-am/ * iceweasel-l10n-id 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-id/ * iceweasel-l10n-is 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-is/ * iceweasel-l10n-it 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-it/ * iceweasel-l10n-ja 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-ja/ * iceweasel-l10n-kk 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-kk/ * iceweasel-l10n-km 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-km/ * iceweasel-l10n-kn 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-kn/ * iceweasel-l10n-ko 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-ko/ * iceweasel-l10n-lij 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-lij/ * iceweasel-l10n-lt 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-lt/ * iceweasel-l10n-lv 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-lv/ * iceweasel-l10n-mai 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-mai/ * iceweasel-l10n-mk 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-mk/ * iceweasel-l10n-ml 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-ml/ * iceweasel-l10n-mr 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-mr/ * iceweasel-l10n-ms 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-ms/ * iceweasel-l10n-nb-no 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-nb-no/ * iceweasel-l10n-nl 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-nl/ * iceweasel-l10n-nn-no 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-nn-no/ * iceweasel-l10n-or 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-or/ * iceweasel-l10n-pa-in 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-pa-in/ * iceweasel-l10n-pl 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-pl/ * iceweasel-l10n-pt-br 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-pt-br/ * iceweasel-l10n-pt-pt 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-pt-pt/ * iceweasel-l10n-rm 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-rm/ * iceweasel-l10n-ro 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-ro/ * iceweasel-l10n-ru 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-ru/ * iceweasel-l10n-si 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-si/ * iceweasel-l10n-sk 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-sk/ * iceweasel-l10n-sl 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-sl/ * iceweasel-l10n-son 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-son/ * iceweasel-l10n-sq 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-sq/ * iceweasel-l10n-sr 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-sr/ * iceweasel-l10n-sv-se 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-sv-se/ * iceweasel-l10n-ta 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-ta/ * iceweasel-l10n-te 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-te/ * iceweasel-l10n-th 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-th/ * iceweasel-l10n-tr 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-tr/ * iceweasel-l10n-uk 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-uk/ * iceweasel-l10n-uz 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-uz/ * iceweasel-l10n-vi 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-vi/ * iceweasel-l10n-xh 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-xh/ * iceweasel-l10n-zh-cn 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-zh-cn/ * iceweasel-l10n-zh-tw 1:50.1.0.deb1-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/iceweasel-l10n-zh-tw/ The user provided the following additional text: Please update the Iceweasel to the 51.0 release according to the release branch of Mozilla Firefox. The source code and the binaries are avariable at: https://ftp.mozilla.org/pub/firefox/releases/51.0/ From me at herrie.org Tue Jan 24 08:35:40 2017 From: me at herrie.org (Herman van Hazendonk) Date: Tue, 24 Jan 2017 09:35:40 +0100 Subject: [Dev] [Qtwebengine] QTWebengine compliance with FSDG In-Reply-To: References: Message-ID: Hi Luke, For our little OS distribution LuneOS (based on HP/Palm's open sourced webOS) with various added bits we did the migration to QtWebEngine a while ago (we've went through a number of updates and are at 5.6.x now), so I can share something about our experience: 1. As far as I know this doesn't happen since it's a very stripped down Chromium, but I'm unable to double check & confirm this. You could have a look at https://github.com/qt/qtwebengine-chromium/ to see if there are any clues. Sync, Hangouts etc are for sure not there. 2. a. You need to specifically enable these during the build. See https://github.com/webOS-ports/meta-webos-ports/blob/krogoth/meta-luneui/recipes-qt/qt5/qtwebengine_git.bbappend#L6 what we do in our recipe for this. We use the meta-qt5 layer for this. b. You need to enable this again in your WebEngineView as well like we did here: https://github.com/webOS-ports/luneos-components/blob/master/modules/LuneOS/Components/LunaWebEngineView.qml#L56 3. Not sure what flags you're referring to specifically, but we use the following to enable proprietary (MP3) plugins, use PulseAudio and enable plugins: https://github.com/webOS-ports/meta-webos-ports/blob/krogoth/meta-luneui/recipes-qt/qt5/qtwebengine_git.bbappend#L4 meta-qt5 does something similar for other options: https://github.com/meta-qt5/meta-qt5/blob/master/recipes-qt/qt5/qtwebengine_git.bb#L32 For Geolocation API: This is denied by default: You'd need to implement a dialog to allow the user to accept these requests, similar to what we've done here: https://github.com/webOS-ports/luneos-components/blob/master/modules/LuneOS/Components/LunaWebEngineView.qml#L45 4. Not sure, we haven't tested this. meta-qt5 would be a good layer to start with for qtwebengine, a lot of work has been done to get this working properly already on embedded systems, qemux86 etc, so it should save you a lot of work for reinventing the wheel. Best regards, Herrie On 2017-01-24 00:45, Luke wrote: > Hello, > I am currently a packager for Parabola GNU/Linux-libre. While > investigating the change from Webkit to Webengine, I discovered several > concerning issues that affect our compliance with the Free Software > Foundation's Free System Distribution Guidelines (FSDG).[1] I am > hopeful > that some developers will be able to clarify these issues for us as it > affects hundreds of projects downstream including nearly all of KDE, as > well as many QT programs. > > In particular, your website claims it is not just a rendering engine, > "it is the entire Chromium platform."[2] > > If this is true, there are many outstanding issues with Chromium which > we would need to be addressed. > > 1) Was any attempt made to remove Google specific code from Chromium > prior to preparing QTWebengine? > - If not, could ungoogled-chromium patches be applied to your code?[3] > > By default, Chromium has many lines of code that make internet queries > to Google. Building it using the default settings essentially puts your > browser into the cloud. As mentioned in the GNU.org article "Who does > that server really serve?"[4], free software is only free when you are > in control. Any use of Google API, Google Sync, Google Hangouts, and > Google OK, does not classify as free software. > > 2) Is any form of proprietary code such as Adobe pepperflash, webvine > DRM[5], or proprietary codecs included? If so, can they be removed or > disabled with a compile time option? > > 3) Is it possible to compile QTWebengine with specific > chrome://flags?[6] > > Due to privacy and security concerns of Geolocation API, and GamePad > API, among others, we would like to have the ability to disable these > settings for our distribution. > > 4) Was any work done to fix outstanding proxy leaks in Chromium, which > ignore system proxy settings?[7] > > Once these issues are resolved we will able to include QTWebengine in > our distribution without issue, otherwise we may have to remove it. Due > to this being a core package we are hesitant to remove it due to the > hundreds of packages now depending upon it. > > Thank you for your time and concern regarding this important matter. > > > Sincerely, > Luke > Parabola GNU/Linux-libre Packager > https://parabola.nu > > 1. https://www.gnu.org/distros/free-system-distribution-guidelines.html > 2. https://wiki.qt.io/QtWebEngine > 3. https://github.com/Eloston/ungoogled-chromium > 4. > https://www.gnu.org/philosophy/who-does-that-server-really-serve.html > 5. http://defectivebydesign.org/ > 6. > http://stackoverflow.com/questions/17060363/google-chrome-how-can-i-programmatically-enable-chrome-flags-some-of-the-mod > 7. https://bugs.chromium.org/p/chromium/issues/detail?id=80722#c33 > > > > _______________________________________________ > QtWebEngine mailing list > QtWebEngine at qt-project.org > http://lists.qt-project.org/mailman/listinfo/qtwebengine From allan.jensen at qt.io Tue Jan 24 13:48:24 2017 From: allan.jensen at qt.io (Allan Sandfeld Jensen) Date: Tue, 24 Jan 2017 14:48:24 +0100 Subject: [Dev] [Qtwebengine] QTWebengine compliance with FSDG In-Reply-To: References: Message-ID: <201701241448.24637.allan.jensen@qt.io> On Tuesday 24 January 2017, Luke wrote: > > 1) Was any attempt made to remove Google specific code from Chromium > prior to preparing QTWebengine? > - If not, could ungoogled-chromium patches be applied to your code?[3] > Yes, we remove a large amount of code from Chromium. Note in particular we are using the Chromium content API, not the Chromium browser implementation, which means we are a step lower that most Chromium forks. > By default, Chromium has many lines of code that make internet queries > to Google. Building it using the default settings essentially puts your > browser into the cloud. As mentioned in the GNU.org article "Who does > that server really serve?"[4], free software is only free when you are > in control. Any use of Google API, Google Sync, Google Hangouts, and > Google OK, does not classify as free software. None of that code is included or works at the moment, we might want to enable some of it optionally at some point, but at the moment everything that relies on Google or reports back to Google has not only been disabled, but have been striped from sources. > > 2) Is any form of proprietary code such as Adobe pepperflash, webvine > DRM[5], or proprietary codecs included? If so, can they be removed or > disabled with a compile time option? They are not part of the opensource Chromium project, we support the plugins if they are found on the system or you ship them with your QtWebEngine using application, but we do not ship them. > > 3) Is it possible to compile QTWebengine with specific chrome://flags?[6] > > Due to privacy and security concerns of Geolocation API, and GamePad > API, among others, we would like to have the ability to disable these > settings for our distribution. Many of those are exported through our QWebEngineSettings, and others are not yet implemented. Geolocation and camera sharing is implemented but requires the QtWebEngine using application to approve access (we assume it will ask the user when appropriate). > 4) Was any work done to fix outstanding proxy leaks in Chromium, which > ignore system proxy settings?[7] > We use Qt proxy settings if set, otherwise fall back to the Chromium proxy implementation which should follow system settings. If I read the bug correct you linked, it is about ignoring system settings, and was rejected. Do I read that correct? Best Regards `Allan Jensen -- The Qt Company Rudower Chausse 13, 12489 D-Berlin From Kai.Koehne at qt.io Tue Jan 24 14:14:46 2017 From: Kai.Koehne at qt.io (Kai Koehne) Date: Tue, 24 Jan 2017 14:14:46 +0000 Subject: [Dev] [Qtwebengine] QTWebengine compliance with FSDG In-Reply-To: References: Message-ID: > -----Original Message----- > From: QtWebEngine [mailto:qtwebengine-bounces+kai.koehne=qt.io at qt- > project.org] On Behalf Of Luke > Sent: Tuesday, January 24, 2017 12:46 AM > To: qtwebengine at qt-project.org > Cc: Parabola Mail List > Subject: [Qtwebengine] QTWebengine compliance with FSDG > > Hello, > I am currently a packager for Parabola GNU/Linux-libre. While investigating > the change from Webkit to Webengine, I discovered several concerning > issues that affect our compliance with the Free Software Foundation's Free > System Distribution Guidelines (FSDG).[1] I am hopeful that some > developers will be able to clarify these issues for us as it affects hundreds of > projects downstream including nearly all of KDE, as well as many QT > programs. > > In particular, your website claims it is not just a rendering engine, "it is the > entire Chromium platform."[2] This means that Qt WebEngine not only use the rendering engine of Chromium, but also the networking stack, plugin architecture etc. It doesn't mean though that we support every single feature of Chrome. > If this is true, there are many outstanding issues with Chromium which we > would need to be addressed. > > 1) Was any attempt made to remove Google specific code from Chromium > prior to preparing QTWebengine? > - If not, could ungoogled-chromium patches be applied to your code?[3] > > By default, Chromium has many lines of code that make internet queries to > Google. Building it using the default settings essentially puts your browser > into the cloud. As mentioned in the GNU.org article "Who does that server > really serve?"[4], free software is only free when you are in control. Any use > of Google API, Google Sync, Google Hangouts, and Google OK, does not > classify as free software. Not sure what you mean by "Google API", but we do not ship code for Google Sync, and Google OK, and do not compile in hangout services. Qt WebEngine should never 'call home' to Google servers. > 2) Is any form of proprietary code such as Adobe pepperflash, webvine > DRM[5], or proprietary codecs included? If so, can they be removed or > disabled with a compile time option? We do not include Adobe Flash, or Widevine (but support finding them at runtime). We ship some proprietary codecs in the sources, these need to be enabled explicitly during build though (default is off). > 3) Is it possible to compile QTWebengine with specific chrome://flags?[6] > > Due to privacy and security concerns of Geolocation API, and GamePad API, > among others, we would like to have the ability to disable these settings for > our distribution. There's no general mechanism, we're open to add compile time flags though for cases where it makes sense. Please file feature requests for these at https://bugreports.qt.io/ . That said, most flags also have matching command line arguments, which you can use with Qt WebEngine, too. > 4) Was any work done to fix outstanding proxy leaks in Chromium, which > ignore system proxy settings?[7] To my knowledge we didn't do any specific patches in this area. Anyhow, the bug you linked is pretty convoluted, so it's hard for me to say in what way it applies to Qt WebEngine. > Once these issues are resolved we will able to include QTWebengine in our > distribution without issue, otherwise we may have to remove it. Due to this > being a core package we are hesitant to remove it due to the hundreds of > packages now depending upon it. Alright, I hope I could clarify some things :) Feel free to ask if you need further information. Regards Kai Koehne > Thank you for your time and concern regarding this important matter. > > > Sincerely, > Luke > Parabola GNU/Linux-libre Packager > https://parabola.nu > > 1. https://www.gnu.org/distros/free-system-distribution-guidelines.html > 2. https://wiki.qt.io/QtWebEngine > 3. https://github.com/Eloston/ungoogled-chromium > 4. https://www.gnu.org/philosophy/who-does-that-server-really-serve.html > 5. http://defectivebydesign.org/ > 6. http://stackoverflow.com/questions/17060363/google-chrome-how-can-i- > programmatically-enable-chrome-flags-some-of-the-mod > 7. https://bugs.chromium.org/p/chromium/issues/detail?id=80722#c33 > From fauno at endefensadelsl.org Tue Jan 24 22:06:58 2017 From: fauno at endefensadelsl.org (fauno) Date: Tue, 24 Jan 2017 19:06:58 -0300 Subject: [Dev] QTWebengine compliance with FSDG In-Reply-To: References: Message-ID: <87y3y02jul.fsf@endefensadelsl.org> Luke writes: > Hello, nice guys over at qtengine, uh? :) i'm not clear if the question of unclear or missing licenses in source files is already answered or not... -- -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 617 bytes Desc: not available URL: From g4jc at openmailbox.org Tue Jan 24 22:41:39 2017 From: g4jc at openmailbox.org (Luke) Date: Tue, 24 Jan 2017 22:41:39 +0000 Subject: [Dev] QTWebengine compliance with FSDG In-Reply-To: <87y3y02jul.fsf@endefensadelsl.org> References: <87y3y02jul.fsf@endefensadelsl.org> Message-ID: <8aa7f3e4-e4ee-0f10-0409-2d912c0d6ad1@openmailbox.org> On 01/24/2017 10:06 PM, fauno wrote: > Luke writes: > >> Hello, > nice guys over at qtengine, uh? :) > > i'm not clear if the question of unclear or missing licenses in source > files is already answered or not... > I believe that is only an upstream issue, per Isaac who actually went through the report and found false positives: https://lists.parabola.nu/pipermail/dev/2017-January/004697.html However, that doesn't exclude the fact were are shipping proprietary codecs right now: https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/qt5-webengine#n44 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From g4jc at openmailbox.org Wed Jan 25 00:22:05 2017 From: g4jc at openmailbox.org (Luke) Date: Wed, 25 Jan 2017 00:22:05 +0000 Subject: [Dev] [libreplanet-discuss] QTWebengine is nonfree In-Reply-To: References: <20170109222447.39d23b4f@pc1> <87wpe34vsk.fsf@endefensadelsl.org> Message-ID: <08c9053d-34ab-df4c-1e3f-26565e98f6fa@openmailbox.org> On 01/22/2017 11:58 PM, Richard Stallman wrote: > [[[ To any NSA and FBI agents reading my email: please consider ]]] > [[[ whether defending the US Constitution against all enemies, ]]] > [[[ foreign or domestic, requires you to follow Snowden's example. ]]] > > > hopefully people migrating to the chromium engine are sympathetic with > > the concerns expressed here and are able to replace the non free files > > found in the source code soon ;) > > Can you tell me their names and email addresses? > I have only been able to find their mailing lists. QTWebengine is what KDE uses now, so I reached out to their dev-list: qtwebengine at qt-project.org Konqueror (KDE's browser, which is now using QTWebengine) has their dev-list at: kfm-devel at kde.org No one has contacted KDE yet as far as I know. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From g4jc at openmailbox.org Wed Jan 25 03:44:55 2017 From: g4jc at openmailbox.org (Luke) Date: Wed, 25 Jan 2017 03:44:55 +0000 Subject: [Dev] [GNU-linux-libre] [libreplanet-discuss] QTWebengine is nonfree In-Reply-To: References: <20170109222447.39d23b4f@pc1> <4b1a80b2-efcf-faea-349f-b2eabb137b34@openmailbox.org> Message-ID: On 01/23/2017 12:00 AM, Richard Stallman wrote: > [[[ To any NSA and FBI agents reading my email: please consider ]]] > [[[ whether defending the US Constitution against all enemies, ]]] > [[[ foreign or domestic, requires you to follow Snowden's example. ]]] > > Would someone here like to make a web page > _addressed to non-wizards_ > explaining all the flaws in Chromium? > > We could host it on gnu.org or fsf.org, but someone needs to write it. > > I wrote the following article/summary in the most non-technical way I could think of. Perhaps it can be of use: ------------------------------------------------------------------------ Chromium's subtle freedom flaws As free software activists, we all enjoy using the latest and greatest in free software. Many users have expressed to us their desire to run Chromium web browser since it appears to be fully free software. In our research, we discovered that the situation is improving. Just a few years ago, there were over one thousand unlicensed files which were considered to be non-free. Thanks to Debian's Lintian Reports and efforts, this number has come down to under 100 files as of this writing. Licensing the remaining code with GPL-compatible licensing is fairly trivial and is expected to be completed soon - the majority of it being minified javascript.[1] However, Chromium by default has a number of issues that are still a concern free software users - even if all the source code is licensed properly. -What are the issues?- Queries to Google --- By default, Chromium still has many lines of hard-coded internet queries to Google. Building it unpatched essentially puts your browser into the cloud. As mentioned in our article "Who does that server really serve?"[2], free software is only free when you are in control and should not be dependant on third-party web services. Some work has already been done to free Chromium from this enslavement, including the removal of "Google OK" after user outcry.[3] Pre-built Binaries --- By default, Chromium still includes some pre-built binaries to aid in faster compiling. In order to have fully free software, we require all software to be built from source. Packagers should not use "use_prebuilt" as a compile option. DRM and Proprietary Codecs --- Chromium supports the use of Widevine DRM, Adobe Pepper Flash, and third-party codecs which are non-free. Packagers must ensure that these are removed and disabled in the makefile options prior to compiling in order to be free software compliant. Privacy problems --- While not specific to free software, we would like for users to have control over their private information. Chromium has a number of reported privacy concerns which made it ineligible for use with Tor. Free software users should be aware of these issues and work to patch them upstream and in their packages as needed.[4] A work in progress --- There is work being done to remove queries to google and pre-built binaries, as well as strengthen user-privacy. The patch-set called ungoogled-chromium, which itself is a combination of inox, iridium, and Debian patches is one such effort.[5] Free software advocates are advised to use these patchsets and help contribute to their maintenance. With each consecutive Chromium release a new patchset must be created to remove Google specific code and binaries which affect your freedom. - The Bigger Picture Chromium is also being used as an embedded framework in various projects. Users should be aware that QTWebengine is based on Chromium and therefore contains many of the same flaws. Proprietary codecs and other anti-features must be disabled at compile time to ensure user's freedom is respected.[6] Due to QT being a primary component of KDE and many applications, ensuring it is compiled correctly and removing non-free software is of even greater importance to the free software movement. We are hopeful that the various projects currently working with Chromium will continue their efforts to liberate the code, making the internet safer, as well as more freedom respecting, for everyone. 1. https://lintian.debian.org/maintainer/pkg-chromium-maint at lists.alioth.debian.org.html#chromium-browser 2. https://www.gnu.org/philosophy/who-does-that-server-really-serve.html 3. http://www.pcworld.com/article/2940499/ok-google-hotword-detection-yanked-from-chromium-after-user-revolt.html 4. https://trac.torproject.org/projects/tor/wiki/doc/ImportantGoogleChromeBugs 5. https://github.com/Eloston/ungoogled-chromium 6. http://doc.qt.io/qt-5/qtwebengine-features.html#audio-and-video-codecs This is Free work, you can redistribute it and/or modify it under the terms of either: The Creative Commons Attribution-ShareAlike 4.0 International License as published by Creative Commons; either version 4.0, or (at your option) any later version, or The GNU Free Documentation License as published by the Free Software Foundation; either version 1.3, or (at your option) any later version; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts ------------------------------------------------------------------------ -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From g4jc at openmailbox.org Wed Jan 25 03:52:04 2017 From: g4jc at openmailbox.org (Luke) Date: Wed, 25 Jan 2017 03:52:04 +0000 Subject: [Dev] [GNU-linux-libre] [libreplanet-discuss] QTWebengine is nonfree In-Reply-To: References: <20170109222447.39d23b4f@pc1> <4b1a80b2-efcf-faea-349f-b2eabb137b34@openmailbox.org> Message-ID: On 01/23/2017 12:00 AM, Richard Stallman wrote: > [[[ To any NSA and FBI agents reading my email: please consider ]]] > [[[ whether defending the US Constitution against all enemies, ]]] > [[[ foreign or domestic, requires you to follow Snowden's example. ]]] > > > The situation has definitely improved since the last Debian Lintian > > report. In the first report there were several thousand files missing > > license information. > > That is now down to <100 files. > > > Using ungoogled-chromium's combined patches to strip pre-built binaries > > and apply privacy fixes would be a minimum requirement in my opinion. > > How close is ungoogled-chromium coming to doing what we need? > What concrete changes remain necessary, to bring it to a point where > we could use it? > ungoogled-chromium is close, and there is no reason why we shouldn't start using it right now. It would be nice to see Debian and others officially adapt this patch-set as well. I am still unsure whether or not we will be able to apply the patches to embedded Chromium (such as QTWebengine), but that would be optimal as well. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From nobody at parabola.nu Wed Jan 25 14:19:27 2017 From: nobody at parabola.nu (Parabola Website Notification) Date: Wed, 25 Jan 2017 14:19:27 -0000 Subject: [Dev] Orphan Libre package [icecat-ublock-origin] marked out-of-date Message-ID: <20170125141927.865.14201@parabola.nu> jc_gargma at iserlohn-fortress.net wants to notify you that the following packages may be out-of-date: * icecat-ublock-origin 1.10.0-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icecat-ublock-origin/ The user provided the following additional text: Current uBlock Origin Stable is 1.10.6 From nobody at parabola.nu Wed Jan 25 14:23:30 2017 From: nobody at parabola.nu (Parabola Website Notification) Date: Wed, 25 Jan 2017 14:23:30 -0000 Subject: [Dev] Orphan Libre package [icecat-noscript] marked out-of-date Message-ID: <20170125142330.865.62342@parabola.nu> jc_gargma at iserlohn-fortress.net wants to notify you that the following packages may be out-of-date: * icecat-noscript 2.9.5.2-1 [libre] (any): https://parabolagnulinux.org/packages/libre/any/icecat-noscript/ The user provided the following additional text: Current noscript stable is 2.9.5.3 From lukeshu at sbcglobal.net Thu Jan 26 02:13:35 2017 From: lukeshu at sbcglobal.net (Luke Shumaker) Date: Wed, 25 Jan 2017 21:13:35 -0500 Subject: [Dev] Future of i686 Message-ID: <8760l2601c.wl-lukeshu@sbcglobal.net> Arch just announced that they are phasing out i686 support, and expect to have it totally dropped in November. https://www.archlinux.org/news/phasing-out-i686-support/ Do we want to keep i686 alive past that in Parabola? On one hand, i686 is increasingly obscure. On the other hand, I'd hate to have to stop using my X60 tablet. With recent discussions of recompiling packages from Arch, and not using their binaries, perhaps keeping i686 alive will be less effort in November than it might be today. -- Happy hacking, ~ Luke Shumaker From emulatorman at riseup.net Thu Jan 26 02:50:08 2017 From: emulatorman at riseup.net (=?UTF-8?Q?Andr=c3=a9_Silva?=) Date: Wed, 25 Jan 2017 23:50:08 -0300 Subject: [Dev] Future of i686 In-Reply-To: <8760l2601c.wl-lukeshu@sbcglobal.net> References: <8760l2601c.wl-lukeshu@sbcglobal.net> Message-ID: <4199f2cc-2092-83c7-624a-61d5a30b9d5d@riseup.net> On 01/25/2017 11:13 PM, Luke Shumaker wrote: > Arch just announced that they are phasing out i686 support, and expect > to have it totally dropped in November. > > https://www.archlinux.org/news/phasing-out-i686-support/ > > Do we want to keep i686 alive past that in Parabola? > > On one hand, i686 is increasingly obscure. On the other hand, I'd > hate to have to stop using my X60 tablet. > It's a problem for me since my server is a i686 machine too :S > With recent discussions of recompiling packages from Arch, and not > using their binaries, perhaps keeping i686 alive will be less effort > in November than it might be today. > +1 With recent discussions about security issues from Arch [0], i think is the time to begin build our distro from scratch with autobuilder or/and a build server (Arch ARM does it to maintain their packages). Could we use winston for it? How's the builder server going [1]? [0]:https://lists.parabola.nu/pipermail/dev/2017-January/004678.html [1]:https://lists.parabola.nu/pipermail/dev/2016-November/004594.html -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From emulatorman at riseup.net Thu Jan 26 02:51:50 2017 From: emulatorman at riseup.net (=?UTF-8?Q?Andr=c3=a9_Silva?=) Date: Wed, 25 Jan 2017 23:51:50 -0300 Subject: [Dev] Future of i686 In-Reply-To: <4199f2cc-2092-83c7-624a-61d5a30b9d5d@riseup.net> References: <8760l2601c.wl-lukeshu@sbcglobal.net> <4199f2cc-2092-83c7-624a-61d5a30b9d5d@riseup.net> Message-ID: <9a1689c4-2bb6-d53f-545f-80bb41507b88@riseup.net> On 01/25/2017 11:50 PM, Andr? Silva wrote: > +1 With recent discussions about security issues from Arch [0], i think > is the time to begin build our distro from scratch with autobuilder > or/and a build server (Arch ARM does it to maintain their packages). > Could we use winston for it? How's the builder server going [1]? > > [0]:https://lists.parabola.nu/pipermail/dev/2017-January/004678.html > [1]:https://lists.parabola.nu/pipermail/dev/2016-November/004594.html > s|build server|builder server| -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From emulatorman at riseup.net Thu Jan 26 02:57:10 2017 From: emulatorman at riseup.net (=?UTF-8?Q?Andr=c3=a9_Silva?=) Date: Wed, 25 Jan 2017 23:57:10 -0300 Subject: [Dev] Future of i686 In-Reply-To: <9a1689c4-2bb6-d53f-545f-80bb41507b88@riseup.net> References: <8760l2601c.wl-lukeshu@sbcglobal.net> <4199f2cc-2092-83c7-624a-61d5a30b9d5d@riseup.net> <9a1689c4-2bb6-d53f-545f-80bb41507b88@riseup.net> Message-ID: On 01/25/2017 11:51 PM, Andr? Silva wrote: > On 01/25/2017 11:50 PM, Andr? Silva wrote: >> +1 With recent discussions about security issues from Arch [0], i think >> is the time to begin build our distro from scratch with autobuilder >> or/and a build server (Arch ARM does it to maintain their packages). >> Could we use winston for it? How's the builder server going [1]? >> >> [0]:https://lists.parabola.nu/pipermail/dev/2017-January/004678.html >> [1]:https://lists.parabola.nu/pipermail/dev/2016-November/004594.html >> > > s|build server|builder server| I think it is called "build server", not "builder server", sorry for the mistake. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From nathan at relapsus.com Thu Jan 26 03:42:38 2017 From: nathan at relapsus.com (Nathan Edson) Date: Wed, 25 Jan 2017 19:42:38 -0800 Subject: [Dev] Future of i686 In-Reply-To: <8760l2601c.wl-lukeshu@sbcglobal.net> References: <8760l2601c.wl-lukeshu@sbcglobal.net> Message-ID: <20170126034238.GA21355@librex60.localdomain> On 01/25/17 - 09:13pm, Luke Shumaker wrote: > On one hand, i686 is increasingly obscure. On the other hand, I'd > hate to have to stop using my X60 tablet. I also have an X60 that I'd like to keep going. Since this is one of the few libre laptops available, it would seem to make sense to continue i686 support. From lovell.joshyyy at gmail.com Thu Jan 26 04:20:10 2017 From: lovell.joshyyy at gmail.com (Josh Branning) Date: Thu, 26 Jan 2017 04:20:10 +0000 Subject: [Dev] Future of i686 In-Reply-To: <20170126034238.GA21355@librex60.localdomain> References: <8760l2601c.wl-lukeshu@sbcglobal.net> <20170126034238.GA21355@librex60.localdomain> Message-ID: <588978FA.2080909@gmail.com> On 26/01/17 03:42, Nathan Edson wrote: > On 01/25/17 - 09:13pm, Luke Shumaker wrote: >> On one hand, i686 is increasingly obscure. On the other hand, I'd >> hate to have to stop using my X60 tablet. > > I also have an X60 that I'd like to keep going. Since this is one of the > few libre laptops available, it would seem to make sense to continue > i686 support. > _______________________________________________ > Dev mailing list > Dev at lists.parabola.nu > https://lists.parabola.nu/mailman/listinfo/dev > +1 From isacdaavid at isacdaavid.info Thu Jan 26 14:52:09 2017 From: isacdaavid at isacdaavid.info (Isaac David) Date: Thu, 26 Jan 2017 14:52:09 +0000 Subject: [Dev] Future of i686 In-Reply-To: <4199f2cc-2092-83c7-624a-61d5a30b9d5d@riseup.net> References: <8760l2601c.wl-lukeshu@sbcglobal.net> <4199f2cc-2092-83c7-624a-61d5a30b9d5d@riseup.net> Message-ID: <1485442329.990.0@plebeian.isacdaavid.info> Le jeu. 26 janv. 2017 ? 2:50, Andr? Silva a ?crit : > On 01/25/2017 11:13 PM, Luke Shumaker wrote: >> Arch just announced that they are phasing out i686 support, and >> expect >> to have it totally dropped in November. >> >> https://www.archlinux.org/news/phasing-out-i686-support/ >> >> Do we want to keep i686 alive past that in Parabola? >> >> On one hand, i686 is increasingly obscure. On the other hand, I'd >> hate to have to stop using my X60 tablet. >> > > It's a problem for me since my server is a i686 machine too :S I echo your sentiments. somebody on irc correctly pointed out that some of the i945 thinkpads were sold with core 2 duo, as opposed to core duo, cpus. those are 64-bit, and it should be possible to buy a used chipset and upgrade for cheap. that said, I wouldn't like to turn the back on the wealth of Libreboot-capable i686 machines out there. i686 is kinda mainstream in our circles. > >> With recent discussions of recompiling packages from Arch, and not >> using their binaries, perhaps keeping i686 alive will be less effort >> in November than it might be today. >> > > +1 With recent discussions about security issues from Arch [0], i > think > is the time to begin build our distro from scratch with autobuilder > or/and a build server (Arch ARM does it to maintain their packages). > Could we use winston for it? How's the builder server going [1]? > > [0]:https://lists.parabola.nu/pipermail/dev/2017-January/004678.html > [1]:https://lists.parabola.nu/pipermail/dev/2016-November/004594.html judging from [here] it looks as though some Arch devs really want to see a community effort happen to keep i686 alive beyond November: [here]: https://lists.archlinux.org/pipermail/arch-dev-public/2017-January/thread.html#28666 I have joined the channels Arch has dedicated to the continuation of an unofficial i686 port; they were given in the announcement. irc is rather hollow, but some comments of regret already sparked on the mailing list. No tangible plans so far, though. it would also be nice to patrol the Arch forums. the idea is that we could latch on to, or even join this port; and that would keep Parabola i686 alive with minimal effort. I find building all packages from scratch and automated builds very attractive in the long run, for a number of reasons; not the least of which is not running into broken applications after Arch upgrades a library. I think Winston is a bit overpowered for what it's trusted with right now, but also underpowered so as to build *all* packages with whatever is left from 4 GiB of ram. regarding the build servers that were offered to us, I'm afraid we might have let M.E.W. go away. On the other hand, I brought the topic to Dezponia a couple times after that, and (s)he expects to flesh the last details out soon after FOSDEM. that machine is gonna be a freedom-loving monster; this is the way to go. (s)he has had trouble sourcing the SSDs. maybe we could destine some funds towards completing that server if necessary? -- Isaac David GPG: 38D33EF29A7691134357648733466E12EC7BA943 Tox: 0C730E0156E96E6193A1445D413557FF5F277BA969A4EA20AC9352889D3B390E77651E816F0C From g4jc at openmailbox.org Fri Jan 27 00:07:26 2017 From: g4jc at openmailbox.org (Luke) Date: Fri, 27 Jan 2017 00:07:26 +0000 Subject: [Dev] Future of i686 In-Reply-To: <1485442329.990.0@plebeian.isacdaavid.info> References: <8760l2601c.wl-lukeshu@sbcglobal.net> <4199f2cc-2092-83c7-624a-61d5a30b9d5d@riseup.net> <1485442329.990.0@plebeian.isacdaavid.info> Message-ID: On 01/26/2017 02:52 PM, Isaac David wrote: > Le jeu. 26 janv. 2017 ? 2:50, Andr? Silva a > ?crit : >> On 01/25/2017 11:13 PM, Luke Shumaker wrote: >>> Arch just announced that they are phasing out i686 support, and expect >>> to have it totally dropped in November. >>> >>> https://www.archlinux.org/news/phasing-out-i686-support/ >>> >>> Do we want to keep i686 alive past that in Parabola? >>> >>> On one hand, i686 is increasingly obscure. On the other hand, I'd >>> hate to have to stop using my X60 tablet. >>> >> >> It's a problem for me since my server is a i686 machine too :S > > I echo your sentiments. > I agree that we should try and support i686, I still have a computer here which uses it as well. However, we need more volunteers to help manage and bug fix for this platform. If anyone reading is passionate about this platform please consider helping in development/packaging. Helping Arch will also help us here. We do not have a build server yet, and it would not be conceivable to build all of these without one. We are already nearly at building and patching capacity thanks to all the other issues Arch has thrown downstream. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From dikasetyaprayogi at gmail.com Fri Jan 27 02:52:03 2017 From: dikasetyaprayogi at gmail.com (Dika Setya Prayogi) Date: Fri, 27 Jan 2017 09:52:03 +0700 Subject: [Dev] Future of i686 In-Reply-To: References: <8760l2601c.wl-lukeshu@sbcglobal.net> <4199f2cc-2092-83c7-624a-61d5a30b9d5d@riseup.net> <1485442329.990.0@plebeian.isacdaavid.info> Message-ID: if parabola continue support of i686 maybe it can gain interest of retired i686 arch user :) From lukeshu at sbcglobal.net Sat Jan 28 07:26:05 2017 From: lukeshu at sbcglobal.net (Luke Shumaker) Date: Sat, 28 Jan 2017 02:26:05 -0500 Subject: [Dev] Future of i686 In-Reply-To: <1485442329.990.0@plebeian.isacdaavid.info> References: <8760l2601c.wl-lukeshu@sbcglobal.net> <4199f2cc-2092-83c7-624a-61d5a30b9d5d@riseup.net> <1485442329.990.0@plebeian.isacdaavid.info> Message-ID: <8737g363xu.wl-lukeshu@sbcglobal.net> On Thu, 26 Jan 2017 09:52:09 -0500, Isaac David wrote: > somebody on irc correctly pointed out that some of the i945 > thinkpads were sold with core 2 duo, as opposed to core duo, > cpus. those are 64-bit, and it should be possible to buy a used > chipset and upgrade for cheap. That's the T60 and X60 (maybe others too). The T60 can be upgraded easy, but the X60's CPU is soldered on. Source: bought an X60 thinking I could upgrade it for cheap like I did my T60. -- Happy hacking, ~ Luke Shumaker From david.pizarro at openmailbox.org Sat Jan 28 23:36:59 2017 From: david.pizarro at openmailbox.org (David Pizarro) Date: Sat, 28 Jan 2017 20:36:59 -0300 Subject: [Dev] Future of i686 Message-ID: <20170129141958.E0C3051DBAE@lb1.openmailbox.org> And what about other popular Arch-based distros? Are they also leaving i686? There are many Manjaro's packages in Parabolas' repository, and if maybe one of these distros continue giving support for i686 we could use its packages. We need to do some investigation only. In the other hand, [multilib] packages should be difficult to move to i686 repos.El 26 ene. 2017 11:52 PM, Dika Setya Prayogi escribi?: > > if parabola continue support of i686 maybe it can gain interest of > retired i686 arch user :) > _______________________________________________ > Dev mailing list > Dev at lists.parabola.nu > https://lists.parabola.nu/mailman/listinfo/dev