[Dev] [GNU-linux-libre] QTWebengine is nonfree

philcantor philcantor at riseup.net
Sun Jan 8 14:48:02 GMT 2017 

Returning to the original topic, QT and KDE were previously using
QTWebkit. Webkit does remain fully free software, and Webkit2 is under
active development.

It is not just a port of the core HTML/CSS rendering engine, *it is the entire
Chromium platform.*"

Ohh fuck... first of all hi to everyone! I switched to Parabola in these 
days (good distro!).

But this is a terrible news for me, thank you very much for sharing this 
André Silva! But this means that also QT is in danger? I ask you this 
because, I programming in c++ and used QT in past...

P.S. = sorry for my terrible english eheh

Il 08/01/2017 06:50, Luke ha scritto:
> On 01/08/2017 05:01 AM, fauno wrote:
>> André Silva <emulatorman at riseup.net> writes:
>>
>>> Hi guys, since Chromium is blacklisted as nonfree software [0] we have a
>>> serious issue. KDE is migrating their apps to QTWebEngine which contains
>>> Chromium as the embed engine inside it. [1]
>>>
>>> Blacklisting it could be a solution, however since it's an engine, a lot
>>> of packages won't work without it and it will require a large task to
>>> remove the entire QT/KDE framework.
>>>
>>> What do you think is the best solution to this problem?
>>>
>>> I feel that Chromium is nonfree and presents privacy risks due to
>>> outstanding issues.
>>>
>>> [0]:https://www.libreplanet.org/wiki/List_of_software_that_does_not_respect_the_Free_System_Distribution_Guidelines#chromium-browser
>>> [1]:https://labs.parabola.nu/issues/1167
>> wasn't chromium considered non libre because of some source files'
>> licenses being proprietary?  that license review was made years ago,
>> maybe the situation changed?
>>
> Unfortunately, the situation hasn't improved much - I mentioned it
> recently on gnu-linux-libre mailing list along with current efforts to
> liberate it.
> http://www.mail-archive.com/gnu-linux-libre@nongnu.org/msg02199.html
>
> The original "Pass the Ubuntu license check script" Chromium bug report
> from 2009 is still open and has a blocker.
> https://bugs.chromium.org/p/chromium/issues/detail?id=28291
>
> Even if we manage to get the code fully free, it presents serious
> privacy concerns that need to be patched out.
> Chromium doesn't ship with an "about:config" like Mozilla does, so it
> makes the job more tedious for us. inox-patchsets are working on it
> little by little, but there is considerable work to do. The
> inox-patchset official github even mentions: "It is possible that some
> data is still transmitted [to Google] (but down to a minimum) this is
> because Chromium is a quite large and complex codebase which changes
> each day."
>
> ---
> Google Chrome (Unbranded = Chromium) has also had an unusual past:
>
> - Google Chrome Leaking Credit Card Data?
> "So it turns out that it’s Chrome’s sync feature that was saving my
> information, but why?
> It turns out that auto-fill data is synced with your Google account (if
> you’re signed in and have the feature enable, of course), and all of the
> computers you’re signed into – and by default, without the benefit of
> encryption. This file may contain any number of things, from mine I was
> able to extract the following:
>
>      Full name
>      Wife’s full name
>      Date of birth
>      Wife’s date of birth
>      Social Security Number
>      Multiple credit card numbers
>      Multiple CVVs
>      Bank account & routing number
>
> Not to mention quite a few websites I’ve been to, various addresses,
> employer’s name and other various useful tidbits. All would be quite
> useful for identity theft or highly targeted spear
> phishing."(https://adamcaudill.com/2012/01/15/google-chrome-leaking-credit-card-data/)
>
> - Google Dismisses Chrome Browser Microphone Snooping Exploit
> "Google has shot down a researcher's claims that an exploit he posted
> online showing how an attacker could snoop on phone calls or other
> conversations on a user's machine constitutes a security flaw,
> maintaining that Chrome's speech-recognition feature complies with the
> W3C's specification."
> (http://www.darkreading.com/vulnerabilities---threats/google-dismisses-chrome-browser-microphone-snooping-exploit/d/d-id/1141211)
>
> - Google's Chromium on Debian Is Listening In on Your Conversations
> "Apparently, the latest version of Chromium (version 43) on Debian,
> silently installs a binary file without the user's consent or without
> being pre-checked or pre-approved. This binary is, in fact, an extension
> responsible for the browser's voice search feature and adds the famous
> "OK Google" functionality found in the company's mobile apps to its
> Chromium project.
> (http://news.softpedia.com/news/google-s-chromium-on-debian-is-listening-in-on-your-conversations-484914.shtml)
>
> - https://en.wikipedia.org/wiki/Google_and_privacy_issues#Google_Chrome
>
> ----
>
>
> Returning to the original topic, QT and KDE were previously using
> QTWebkit. Webkit does remain fully free software, and Webkit2 is under
> active development.
> Unfortunately, QT is now moving strongly to Webengine, which states on
> it's project website: "QtWebEngine integrates chromium's fast moving web
> capabilities into Qt. Our goal is to bring the latest and best
> implementation of the web platform into the universe of Qt. It is not
> just a port of the core HTML/CSS rendering engine, *it is the entire
> Chromium platform.*"
>
>
>
>
>
> _______________________________________________
> Dev mailing list
> Dev at lists.parabola.nu
> https://lists.parabola.nu/mailman/listinfo/dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20170108/dec66085/attachment.htm>

More information about the Dev mailing list