On 01/08/2017 05:01 AM, fauno wrote: > André Silva <[email protected]> writes: > >> Hi guys, since Chromium is blacklisted as nonfree software [0] we have a >> serious issue. KDE is migrating their apps to QTWebEngine which contains >> Chromium as the embed engine inside it. [1] >> >> Blacklisting it could be a solution, however since it's an engine, a lot >> of packages won't work without it and it will require a large task to >> remove the entire QT/KDE framework. >> >> What do you think is the best solution to this problem? >> >> I feel that Chromium is nonfree and presents privacy risks due to >> outstanding issues. >> >> [0]:https://www.libreplanet.org/wiki/List_of_software_that_does_not_respect_the_Free_System_Distribution_Guidelines#chromium-browser >> [1]:https://labs.parabola.nu/issues/1167 > wasn't chromium considered non libre because of some source files' > licenses being proprietary? that license review was made years ago, > maybe the situation changed? > Unfortunately, the situation hasn't improved much - I mentioned it recently on gnu-linux-libre mailing list along with current efforts to liberate it. http://www.mail-archive.com/[email protected]/msg02199.html
The original "Pass the Ubuntu license check script" Chromium bug report from 2009 is still open and has a blocker. https://bugs.chromium.org/p/chromium/issues/detail?id=28291 Even if we manage to get the code fully free, it presents serious privacy concerns that need to be patched out. Chromium doesn't ship with an "about:config" like Mozilla does, so it makes the job more tedious for us. inox-patchsets are working on it little by little, but there is considerable work to do. The inox-patchset official github even mentions: "It is possible that some data is still transmitted [to Google] (but down to a minimum) this is because Chromium is a quite large and complex codebase which changes each day." --- Google Chrome (Unbranded = Chromium) has also had an unusual past: - Google Chrome Leaking Credit Card Data? "So it turns out that it’s Chrome’s sync feature that was saving my information, but why? It turns out that auto-fill data is synced with your Google account (if you’re signed in and have the feature enable, of course), and all of the computers you’re signed into – and by default, without the benefit of encryption. This file may contain any number of things, from mine I was able to extract the following: Full name Wife’s full name Date of birth Wife’s date of birth Social Security Number Multiple credit card numbers Multiple CVVs Bank account & routing number Not to mention quite a few websites I’ve been to, various addresses, employer’s name and other various useful tidbits. All would be quite useful for identity theft or highly targeted spear phishing."(https://adamcaudill.com/2012/01/15/google-chrome-leaking-credit-card-data/) - Google Dismisses Chrome Browser Microphone Snooping Exploit "Google has shot down a researcher's claims that an exploit he posted online showing how an attacker could snoop on phone calls or other conversations on a user's machine constitutes a security flaw, maintaining that Chrome's speech-recognition feature complies with the W3C's specification." (http://www.darkreading.com/vulnerabilities---threats/google-dismisses-chrome-browser-microphone-snooping-exploit/d/d-id/1141211) - Google's Chromium on Debian Is Listening In on Your Conversations "Apparently, the latest version of Chromium (version 43) on Debian, silently installs a binary file without the user's consent or without being pre-checked or pre-approved. This binary is, in fact, an extension responsible for the browser's voice search feature and adds the famous "OK Google" functionality found in the company's mobile apps to its Chromium project. (http://news.softpedia.com/news/google-s-chromium-on-debian-is-listening-in-on-your-conversations-484914.shtml) - https://en.wikipedia.org/wiki/Google_and_privacy_issues#Google_Chrome ---- Returning to the original topic, QT and KDE were previously using QTWebkit. Webkit does remain fully free software, and Webkit2 is under active development. Unfortunately, QT is now moving strongly to Webengine, which states on it's project website: "QtWebEngine integrates chromium's fast moving web capabilities into Qt. Our goal is to bring the latest and best implementation of the web platform into the universe of Qt. It is not just a port of the core HTML/CSS rendering engine, *it is the entire Chromium platform.*"
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dev mailing list [email protected] https://lists.parabola.nu/mailman/listinfo/dev
