[Dev] Fwd: Re: Article: Chromium's subtle freedom flaws

Isaac David isacdaavid at isacdaavid.info
Sun Mar 19 04:32:25 GMT 2017


I think _little_ or _much_ evidence aren't the right quantifiers to
approach this issue. a single piece of evidence would suffice, whether
for Chromium or any other software. also, we should be cautious not to
redefine things in order to spare their faults; that would simply beg
the question of whether software foo is guilty of bar or not. along
those lines, was the upcoming article even supposed to touch on
Qt-WebEngine?

I'm also increasingly convinced that future claims would make us an
enormous favor if they mentioned the scope of their charges. we have
been saying "Chromium" to mean a number of things: (a) the Chromium
project source code repository, (b) the idealization of a generic
Chromium binary, (c) the versions of Chromium shipped by different
distros, (d) some sort of library/dependency derived from (a) used by
projects like Qt-WebEngine and Electron. it's perfectly possible for
Debian's or Fedora's version of Chromium to be free and dandy while
the others are non-free, or any other such combination.

as far as I can tell from the couple times I have stared at Debian's
version of Chromium, **there are no non-free files there**, nor I could
find indication of confusingly-licensed files in the aforementioned
lintian report. the minified javascript seems to be free. also, it's
my understanding from [0] that the non-free plugins are nowhere to be
found in (a). ([1] suggests differently, but I'm suspicious of it).

so is it fair to say Chromium is free? I think so **for Debian's**,
even if it's just a rubber stamp. I also know Debian is pruning many
things from (a) but that doesn't prove anything.

should distros like Parabola start shipping Chromium right away?
no. As Nicolás said, there's more to it than mere files and their
licenses (I'm putting privacy concerns aside for a moment):
recommending non-free software (or silently downloading non-free
modules for that matter), missing source code for the minified
javascript. in my estimation, accepting any of these caveats would make
Parabola go against the Free System Distribution Guidelines.[2]
recommending non-free software is the very reason why Firefox isn't
shipped in Parabola either.

should Parabola remove Qt-WebEngine, Electron, etc? determining what
pieces are going into all the different projects isn't trivial for
someone who isn't remotely familiar with the Chromium project. I think
the next logical step for me is to learn what Debian is stripping away
from (a) plus their build flags, check against (a) itself, then try to
compare to projects like Qt-WebEngine and infer from there. For now
all I can do is go on a case-by-case basis. for instance, I found
instructions for installing Widevine in Electron[2]; which I think are
enough to warrant blacklisting. Were that issue addressed in a [libre]
package, I would try to look for minified javascript leaking into
Electron, or any other such problems. I haven't looked into Qt-WebEngine
but other devs have. they could add their own rationale to this thread.

[0]: 
http://lists.qt-project.org/pipermail/qtwebengine/2017-January/000408.html
[1]: 
https://raw.githubusercontent.com/electron/electron/787bc8570382e98c4f204abff05b2af122e5a422/docs/tutorial/using-widevine-cdm-plugin.md
[2]: 
https://www.gnu.org/distros/free-system-distribution-guidelines.html

-- 
Isaac David
GPG: 38D33EF29A7691134357648733466E12EC7BA943
Tox: 
0C730E0156E96E6193A1445D413557FF5F277BA969A4EA20AC9352889D3B390E77651E816F0C




More information about the Dev mailing list