On Fri, Mar 17 2023 at 03:43:41 PM -07:00:00, Soren Stoutner
wrote:
Package: chromium
Version: 111.0.5563.64-1
Severity: wishlist
Unicode produced a number of files years ago that contained a
problematic license with the following restriction:
"Unicode, Inc. hereby grants the right to freely use the information
supplied in this file in the creation of products supporting the
Unicode Standard"
This is not free because it prevents the use of the file in ways that
do not support the Unicode standard.
In 2004 Unicode relicensed their files under a different license that
does not contain this restriction.
These is their current copyright and terms of use statement:
http://www.unicode.org/copyright.html
Which links to their current license:
https://www.unicode.org/license.txt
For many years, Chromium integrated an older copy of `Convert-UTF`
with the problematic license. When the problem was brought to their
attention they updated the file's license.
https://bugs.chromium.org/p/google-breakpad/issues/detail?id=270
Right, and debian's chromium is still carrying around a patch that
works around that older problematic unicode license. I've been meaning
to drop that patch.
https://chromium.googlesource.com/breakpad/breakpad/+/14bbefbd9600e08d6a34d7250faa8bc9dba2113e%5E%21/
The Debian Chromium package currently includes three other files that
still contain this problematic license in their headers.
src/3rdparty/chromium/third_party/icu/source/data/mappings/iso-8859_10-1998.ucm
src/3rdparty/chromium/third_party/icu/source/data/mappings/iso-8859_11-2001.ucm
src/3rdparty/chromium/third_party/icu/source/data/mappings/iso-8859_14-1998.ucm
Where are you seeing this?
dilinger@hm90:~$ grep -i "Unicode St"
sid-build/chromium-111.0.5563.64/third_party/icu/source/data/mappings/iso-8859_1*
; echo $?
1
dilinger@hm90:~$ head -n2
sid-build/chromium-111.0.5563.64/third_party/icu/source/data/mappings/iso-8859_10-1998.ucm
# Copyright (C) 2016 and later: Unicode, Inc. and others.
# License & terms of use: http://www.unicode.org/copyright.html
Even though these files are contained under the `chromium`
subdirectory, they do not exist in the upstream Chromium git
repository:
https://chromium.googlesource.com/chromium/src.git/+/refs/heads/main/third_party/
I am uncertain where exactly they enter the stream of code that is
packaged as Chromium on Debian. Wherever it is, they can be updated
with the correct license.
Chromium's git repo doesn't include a bunch of third_party stuff; that
stuff gets pulled in automatically when the chromium devs generate
release tarballs. The directory in the release tarball documents where
they originate. In this case, in third_party/icu/README.chromium .
According to that, the source is from
https://github.com/unicode-org/icu .
Identical files (except for the licenses) are found in the Unicode
GitHub repository:
https://github.com/unicode-org/icu/tree/main/icu4c/source/data/mappings
These were updated to the non-problematic license in 2015:
https://unicode-org.atlassian.net/browse/ICU-22007
A copy of the bad license also appears in:
src/3rdparty/chromium/third_party/breakpad/breakpad/LICENSE
It needs to be removed, and, if breakpad uses the ICU files, replaced
with the license at:
Yeah, breakpad's LICENSE file needs to be corrected. I can send a patch
upstream for that.
https://www.unicode.org/license.txt
Qt WebEngine includes the same problematic files. There is an
upstream bug filed with Qt at:
https://bugreports.qt.io/browse/QTBUG-112008
There is also a Lintian bug regarding the detection of this
problematic license:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854209
