From debbugs-submit-bounces@debbugs.gnu.org Tue Feb 19 00:27:24 2019 Received: (at submit) by debbugs.gnu.org; 19 Feb 2019 05:27:24 +0000 Received: from localhost ([127.0.0.1]:53712 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gvxwA-0002jV-Lr for submit@debbugs.gnu.org; Tue, 19 Feb 2019 00:27:24 -0500 Received: from bluehome.net ([96.66.250.149]:46846) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gvwL5-0006lz-LI for submit@debbugs.gnu.org; Mon, 18 Feb 2019 22:45:00 -0500 Received: from pc.lan (pc.lan [10.0.0.51]) by bluehome.net (Postfix) with ESMTPSA id 49C014B40319 for ; Mon, 18 Feb 2019 19:44:57 -0800 (PST) Message-ID: <1550547897.31222.1.camel@jxself.org> Subject: ungoogled-chromium contains Widevine DRM From: Jason Self To: submit@debbugs.gnu.org Date: Mon, 18 Feb 2019 19:44:57 -0800 Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.18.5.2-0ubuntu3.2 Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: submit X-Mailman-Approved-At: Tue, 19 Feb 2019 00:27:18 -0500 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Package: guix Unless I am mistaken, ungoogled-chromium is not removing Widevine DRM from upstream Chromium. Guix should remove that if upstream won't, as I believe this goes against "the distro must contain no DRM..." in the FSDG. From debbugs-submit-bounces@debbugs.gnu.org Tue Feb 19 02:06:17 2019 Received: (at 34565) by debbugs.gnu.org; 19 Feb 2019 07:06:17 +0000 Received: from localhost ([127.0.0.1]:53757 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gvzTt-0006p1-1S for submit@debbugs.gnu.org; Tue, 19 Feb 2019 02:06:17 -0500 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:42119) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gvzTo-0006ol-Ix for 34565@debbugs.gnu.org; Tue, 19 Feb 2019 02:06:15 -0500 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 3952F22E76; Tue, 19 Feb 2019 02:06:07 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute4.internal (MEProxy); Tue, 19 Feb 2019 02:06:07 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=mesmtp; bh=CpozGXLbO+gfL2njNjf+ITGO wu5w+12v8A7x7ZKoXwc=; b=BJZY4qpKD3/mFJ8DmKk3v/x6sQtL05WGV6nUT9yh 6Rt7yP72rCFKkGOz8btOi+lHFFHYt7P/0+LKmGZ7gd9zoXI31ELU89M+R0Y45eof JrWr7GH4vH/d06xHfnKdK4JWAjDZ+19RC1saK0q20OBsURhBVMgDiVJLT3wtHPZl CtY= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=CpozGX LbO+gfL2njNjf+ITGOwu5w+12v8A7x7ZKoXwc=; b=RVOaNoUDLAkIdfpMFiyoKz n1db9TD/LzYXvYIWDlxOsW36g4/9sMB1bNAysf4V80MpBDPiZ9UjTIr5pkubM/qc pRUgojM+/Js7XUJr+amMhO7Gf481Xpx19aUkrSpyB+fJLZ8UsZkB2g5zr6TVRm2s c9OvQh5NyrpYIe3YrKsoXXzZGr2sSWY9QF3G5rzsVKQTaPPRBzmgjMk2qLdRDVD7 YRSF4+sIROqB3Ai2KTH0xXOiXzDmpaAFhCvf/wzQzO6EAnwm/EU8L+BVrlNeCx5j aYKFhYXGSmHA1/9N0m47Wnf8oG8LKXLksIbd59MUnZn/ZJ6eGlnxVEHcVEAc7i3w == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedutddrtdefgddvjeculddtuddrgedtledrtddtmd cutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfhuthen uceurghilhhouhhtmecufedttdenucenucfjughrpeffhffvuffkfhggtggujggfsehgtd erredtredvnecuhfhrohhmpefnvghoucfhrghmuhhlrghrihcuoehlvghosehfrghmuhhl rghrihdrnhgrmhgvqeenucfkphepjeeirdduvdegrddvtddvrddufeejnecurfgrrhgrmh epmhgrihhlfhhrohhmpehlvghosehfrghmuhhlrghrihdrnhgrmhgvnecuvehluhhsthgv rhfuihiivgeptd X-ME-Proxy: Received: from localhost (c-76-124-202-137.hsd1.pa.comcast.net [76.124.202.137]) by mail.messagingengine.com (Postfix) with ESMTPA id 6D78DE422E; Tue, 19 Feb 2019 02:06:03 -0500 (EST) Date: Tue, 19 Feb 2019 02:06:01 -0500 From: Leo Famulari To: Jason Self Subject: Re: bug#34565: ungoogled-chromium contains Widevine DRM Message-ID: <20190219070601.GA8273@jasmine.lan> References: <1550547897.31222.1.camel@jxself.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="SUOF0GtieIMvvwua" Content-Disposition: inline In-Reply-To: <1550547897.31222.1.camel@jxself.org> User-Agent: Mutt/1.11.2 (2019-01-07) X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 34565 Cc: 34565@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --SUOF0GtieIMvvwua Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Mon, Feb 18, 2019 at 07:44:57PM -0800, Jason Self wrote: > Unless I am mistaken, ungoogled-chromium is not removing Widevine DRM > from upstream Chromium. Guix should remove that if upstream won't, as I > believe this goes against "the distro must contain no DRM..." in the > FSDG. Why do you think this is the case? It doesn't work for me on any of the Widevine demos I can find, unlike an installation of Google Chrome. --SUOF0GtieIMvvwua Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlxrqskACgkQJkb6MLrK fwgzrA/9H0FJab93kOmGGYimb34J9kyy4Eu0WPw1E1owf80l6HFt6cCBsbxoEwxl n3kgryTH5eUfcEuhErUUY19SnduA7hRgHz77VUpZHw47HFN5s2Psk0Q/OlyKRQ0R uccDXD4NOhS0s7gmM9wcaEQjccolYDcurdfKcvpRPqJZCoNk7y2CYZclX81ELIwF 0JBK2vQ0zypoXza0+i6uqWwAxjZ9VxH+r68+s/X2j0TApeoS3HS/ssIEYsbVKuUT heCKsx/pJjX0jE/krV0k3554KnIyhn/VvMXWOV7oQvujWjrTzbsxpXLltxkHyNkl l2d/ny4SjqUWzkfMfYgSwwzMTdUeMflbRKaXlPRAcNN92tKEkrImX11NBDMnZhh4 9CTaoHe4unR4UUy5M+Ek4xb9sh9T4lUcQ2puNFB5SSFth+OdcwVC/EAwtLx0+OIM HBhSCw4c1l//7zB9Sh2dC0c64fRtAN5Zd5sS3FQ3PSiLRF/XJIHqXr1dlUFnSzAv 241g+tNuTJvpwwndy7a9fVPNfa0b2Sbqs7+rWAz53CtDjYKJFYokug2ZTUntltS0 rqq0lHvVpAtSgsqNTnh3JOtSWCFsZ2HJJbDWCRxIUrOEJDBSzx1D2gpvLXcuRnhg d3KqFIduVTaW79JEIx0kqpvgLqZLUBBhi2mGJsA5wZBlAzRP+6g= =v/ZO -----END PGP SIGNATURE----- --SUOF0GtieIMvvwua-- From debbugs-submit-bounces@debbugs.gnu.org Tue Feb 19 08:28:32 2019 Received: (at 34565) by debbugs.gnu.org; 19 Feb 2019 13:28:32 +0000 Received: from localhost ([127.0.0.1]:54005 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gw5Rn-0005Rc-O7 for submit@debbugs.gnu.org; Tue, 19 Feb 2019 08:28:32 -0500 Received: from bluehome.net ([96.66.250.149]:47136) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gw5Rk-0005RP-GR for 34565@debbugs.gnu.org; Tue, 19 Feb 2019 08:28:29 -0500 Received: from pc.lan (pc.lan [10.0.0.51]) by bluehome.net (Postfix) with ESMTPSA id E19324B400A0 for <34565@debbugs.gnu.org>; Tue, 19 Feb 2019 05:28:26 -0800 (PST) Message-ID: <1550582906.5431.7.camel@jxself.org> Subject: Re: bug#34565: ungoogled-chromium contains Widevine DRM From: Jason Self To: 34565@debbugs.gnu.org Date: Tue, 19 Feb 2019 05:28:26 -0800 In-Reply-To: <20190219070601.GA8273@jasmine.lan> References: <1550547897.31222.1.camel@jxself.org> <20190219070601.GA8273@jasmine.lan> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-bQbHQjUQ1oknBjrz4YAY" X-Mailer: Evolution 3.18.5.2-0ubuntu3.2 Mime-Version: 1.0 X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 34565 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-bQbHQjUQ1oknBjrz4YAY Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Tue, 2019-02-19 at 02:06 -0500, Leo Famulari wrote: Why do you think this is the case? We know Chromium comes with it. Have you looked through=C2=A0ungoogled- chromium to see where it's being deleted? --=-bQbHQjUQ1oknBjrz4YAY Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iQIcBAABCgAGBQJcbAR6AAoJEJ0NsxtUWjGYe9QQAISDtgdlS9ieMNmlYCNB1VON D/TssfVcjWwMLkwPoYQ6nmojja0UtpVNPTs+4nvm/+dELwwCjIxVioLa335iWZk6 4D3chC6y/6lgybLFC+QV2asnqz/qGfOqKHAbwpPTXWKZ5A7rA7DBva4I/5nGEquN LEIPpML4u6O3PqEpKZvgie6IWKMsFiJ1TjSa+7nTB5v9n78T1p6GHsIyoef7tXxK pF7JIhv4QEys/gYpVkRRsyeF6NIyPo7BFECqBf5slZDQCeWChTXnlV+eQGJoFMn5 biSQziysBdSyviHMDQ7j8bt4ECE8WuCj4GOxVzYhOpa8t5Zh7IZ9e9eL0ti7Q7Pg uGguUrJmL9cNrJYQYjJ2fQOxYnZ/B6/ECCDRuCDjmCoF0oRe5BC+f0UYzMAvnmkF 5+ufm91g5tO1WtV1YfyCzZ3tzqLd7ON0nUxiaqtsRfA6zekQAclqhnMnTCy2Q0vX edIzFOtfthWAoR86d8IBW1wTH9QwtJJ/ku/+W1R7LorlQT1kEvojaOsTLrjTYPC1 EqL8AXIy5hMEJboEW1druos+r49ARGQ7+GM8WGEgy8TLZ6g9/WTfa2w1hJpc3ZG1 m83psCDaFDAwROAKASDD9yStL8qe+e8OLi7A4PCvPM1MlBYKvnOpi1gX+iG+01VP Exlw9keWXMQjsBwOlJS/ =OPaZ -----END PGP SIGNATURE----- --=-bQbHQjUQ1oknBjrz4YAY-- From debbugs-submit-bounces@debbugs.gnu.org Tue Feb 19 08:42:49 2019 Received: (at 34565) by debbugs.gnu.org; 19 Feb 2019 13:42:49 +0000 Received: from localhost ([127.0.0.1]:54010 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gw5fd-0005nq-4k for submit@debbugs.gnu.org; Tue, 19 Feb 2019 08:42:49 -0500 Received: from lepiller.eu ([89.234.186.109]:51374) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gw5fc-0005ng-2J for 34565@debbugs.gnu.org; Tue, 19 Feb 2019 08:42:48 -0500 Received: from webmail.lepiller.eu (static-176-182-42-79.ncc.abo.bbox.fr [176.182.42.79]) by lepiller.eu (OpenSMTPD) with ESMTPSA id fee2c52b (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); Tue, 19 Feb 2019 13:42:43 +0000 (UTC) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Date: Tue, 19 Feb 2019 14:42:42 +0100 From: Julien Lepiller To: Jason Self Subject: Re: bug#34565: ungoogled-chromium contains Widevine DRM In-Reply-To: <1550582906.5431.7.camel@jxself.org> References: <1550547897.31222.1.camel@jxself.org> <20190219070601.GA8273@jasmine.lan> <1550582906.5431.7.camel@jxself.org> Message-ID: X-Sender: julien@lepiller.eu User-Agent: Roundcube Webmail/1.3.8 X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 34565 Cc: 34565@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Le 2019-02-19 14:28, Jason Self a écrit : > On Tue, 2019-02-19 at 02:06 -0500, Leo Famulari wrote: > Why do you think this is the case? > > We know Chromium comes with it. Have you looked through ungoogled- > chromium to see where it's being deleted? Our package definition has two widevine-related headers listed as preserved third-party stuff... I'm not sure how widevine normally gets into chromium, but if we don't have it, I guess we should not need these headers? There might actually be an issue, but I'm not sure how to check. Where is widevine in upstream (non ungoogled) chromium? Is it downloaded at runtime? IIUC, the rest of this widevine directory is removed before building anything, so maybe there's nothing to worry about after all? From debbugs-submit-bounces@debbugs.gnu.org Tue Feb 19 09:43:54 2019 Received: (at 34565) by debbugs.gnu.org; 19 Feb 2019 14:43:54 +0000 Received: from localhost ([127.0.0.1]:54035 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gw6cj-0007LV-QB for submit@debbugs.gnu.org; Tue, 19 Feb 2019 09:43:53 -0500 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:46973) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gw6ch-0007LI-9c for 34565@debbugs.gnu.org; Tue, 19 Feb 2019 09:43:52 -0500 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id B023822157; Tue, 19 Feb 2019 09:43:45 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute4.internal (MEProxy); Tue, 19 Feb 2019 09:43:45 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=mesmtp; bh=l5eCWl2t9vAJP0Q1YHC382Ls 8sXzKB0A4ncdM385CgE=; b=W+ub/KBQ2iZ0zO/T2q3Xy9oFNC/6vh3nddEq/hrU j/5bMYGuuaqmaDhrTJocKjNuNiJId2WYZxPEk7dyNyQXsFQYe3I6U1mDNRPHnpK6 f821BZGe46DdF6urH9kOpXhaj0O8JSRdScsYI8kEzMQAW4PWESCZgKfBrPewRNzp RGA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=l5eCWl 2t9vAJP0Q1YHC382Ls8sXzKB0A4ncdM385CgE=; b=kZxoXqplXRrlhhX8ZVX++I Pir/oaWOX2LVmgID2R3QTfMIm3iypJ59b/ZkboB8NP2SNK6rGVHWVqwsz3d57n0o 8lsluzQt6ob5OtYe+1nvW5evClQsFXP9FgSUVz0enK8FXSVv4gMvvxUVL6mGtGQO dXiIWtaPKb1eTZcoiQZjD9zI/4gEidRz8fSzsNfxVa/tGUJLBIVxb+fbdmMXeo03 ShPRa8IxFd+xuC6eNxtrKgEKnUEvDhr5/1yZllInCU2lyq9p8G14yqAiVNXxX9wY sgY0Orz6nGaLM2cVZPVv/U+LEiOJiG7CrewZlN0JIJ2R36yedmOzbaBrwRAM5ZUw == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedutddrtdeggdeiieculddtuddrgedtledrtddtmd cutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfhuthen uceurghilhhouhhtmecufedttdenucenucfjughrpeffhffvuffkfhggtggujggfsehgtd erredtredunecuhfhrohhmpefnvghoucfhrghmuhhlrghrihcuoehlvghosehfrghmuhhl rghrihdrnhgrmhgvqeenucfkphepjeeirdduvdegrddvtddvrddufeejnecurfgrrhgrmh epmhgrihhlfhhrohhmpehlvghosehfrghmuhhlrghrihdrnhgrmhgvnecuvehluhhsthgv rhfuihiivgeptd X-ME-Proxy: Received: from localhost (c-76-124-202-137.hsd1.pa.comcast.net [76.124.202.137]) by mail.messagingengine.com (Postfix) with ESMTPA id D4340E4240; Tue, 19 Feb 2019 09:43:44 -0500 (EST) Date: Tue, 19 Feb 2019 09:43:42 -0500 From: Leo Famulari To: Jason Self Subject: Re: bug#34565: ungoogled-chromium contains Widevine DRM Message-ID: <20190219144342.GA2688@jasmine.lan> References: <1550547897.31222.1.camel@jxself.org> <20190219070601.GA8273@jasmine.lan> <1550582906.5431.7.camel@jxself.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="YZ5djTAD1cGYuMQK" Content-Disposition: inline In-Reply-To: <1550582906.5431.7.camel@jxself.org> User-Agent: Mutt/1.11.2 (2019-01-07) X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 34565 Cc: 34565@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --YZ5djTAD1cGYuMQK Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Feb 19, 2019 at 05:28:26AM -0800, Jason Self wrote: > We know Chromium comes with it. Have you looked through=A0ungoogled- > chromium to see where it's being deleted? Please show us the paths in our package's source code. We need to remove it if it is there. I looked and cannot find it. I looked at how some other distros do it. They get the Widevine binaries by extracting them from a download of the Google Chrome browser, which is not the browser that has been packaged for Guix. --YZ5djTAD1cGYuMQK Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlxsFhsACgkQJkb6MLrK fwj3sA/9G+BmgkEAnYEe41qMs90eVYG2jtYDRvS9S6AkXVSdKUv1TecFDAvaMddl ymWaML/6YvRPW/9c09g+iUjkToBYTcymdD59c7GWhR73MKcZb3i0DScU/nDllxhs dh6MqRnElK9D9Ej4Z/66y7NrrSD/5X62FXfmPDiNTP0BbAS+8FPKWLkItle3LSzA tJUmr47wvBl+fxtSf7r3eWzj5PZk1wvBmyKHC+a8JvylK2gcg1PKVF8GnqQhgdKF t/bQ5gnG1Gq1u9Um0rprza17gQjC6U+AG7W7VA9CkcBLVkY+FyQte2C1XmPSfIyD LQQ3V+EL8l6bNEuE7c+x4OWWudSkRqp8xG9JbfBvGycISBUnhzZdS/C7Po59uh4S mrGqYr1pqmIF1S/KvfphOpPt1gs0SV2ixMvPrgr4WM2lxX9UdOhpJf6PYUtLC3Yp AB6s/fXxC2QEKBUsu6ba6SzH5660jXU9We+ywb2TliluHql7tcsivUOX3lEWc44w A++8TltYRhdgvufgIQRqa/41SxGH7H2DiLIRC2oMqfr3wNDty1+deeCwg1NclCAV qLUhvuEw4rOS3+VdxZcTbP4Jc/qN1Lgj9x5JnBGGucxwz3yB/H3l/szUPEz11UlB pZvPEY9BzuP0jkLlM+qHlLGQsXmJVm834SihYPsOvdD2RJzk22M= =Wnx/ -----END PGP SIGNATURE----- --YZ5djTAD1cGYuMQK-- From debbugs-submit-bounces@debbugs.gnu.org Tue Feb 19 09:44:25 2019 Received: (at 34565) by debbugs.gnu.org; 19 Feb 2019 14:44:25 +0000 Received: from localhost ([127.0.0.1]:54039 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gw6dF-0007Ml-3H for submit@debbugs.gnu.org; Tue, 19 Feb 2019 09:44:25 -0500 Received: from lepiller.eu ([89.234.186.109]:51382) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gw6dD-0007Mb-FT for 34565@debbugs.gnu.org; Tue, 19 Feb 2019 09:44:24 -0500 Received: from webmail.lepiller.eu (static-176-182-42-79.ncc.abo.bbox.fr [176.182.42.79]) by lepiller.eu (OpenSMTPD) with ESMTPSA id cf91b538 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO) for <34565@debbugs.gnu.org>; Tue, 19 Feb 2019 14:44:17 +0000 (UTC) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Date: Tue, 19 Feb 2019 15:44:17 +0100 From: Julien Lepiller To: 34565@debbugs.gnu.org Subject: Re: bug#34565: ungoogled-chromium contains Widevine DRM In-Reply-To: References: <1550547897.31222.1.camel@jxself.org> <20190219070601.GA8273@jasmine.lan> <1550582906.5431.7.camel@jxself.org> Message-ID: X-Sender: julien@lepiller.eu User-Agent: Roundcube Webmail/1.3.8 X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 34565 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Le 2019-02-19 14:42, Julien Lepiller a écrit : > Le 2019-02-19 14:28, Jason Self a écrit : >> On Tue, 2019-02-19 at 02:06 -0500, Leo Famulari wrote: >> Why do you think this is the case? >> >> We know Chromium comes with it. Have you looked through ungoogled- >> chromium to see where it's being deleted? > > Our package definition has two widevine-related headers listed as > preserved third-party stuff... I'm not sure how widevine normally > gets into chromium, but if we don't have it, I guess we should > not need these headers? There might actually be an issue, but > I'm not sure how to check. Where is widevine in upstream (non > ungoogled) chromium? Is it downloaded at runtime? > > IIUC, the rest of this widevine directory is removed before > building anything, so maybe there's nothing to worry about > after all? So I've downloaded the source tarball with `guix build -S chromium` and here's what I found in it: $ find -name cdm ./media/cdm ./third_party/widevine/cdm ./chrome/android/java/src/org/chromium/chrome/browser/media/cdm ./chrome/browser/media/android/cdm ./content/renderer/media/cdm ./chromecast/media/cdm ./components/cdm $ find -name widevine ./third_party/widevine $ find -name '*widevine*' ./third_party/widevine ./third_party/widevine/cdm/android/widevine_cdm_version.h ./third_party/widevine/cdm/widevinecdmadapter.ver ./third_party/widevine/cdm/stub/widevine_cdm_version.h ./third_party/widevine/cdm/widevine.gni ./third_party/widevine/cdm/widevine_cdm_version.h ./third_party/widevine/cdm/widevine_cdm_common.h ./chrome/common/widevine_cdm_constants.h ./chrome/common/widevine_cdm_constants.cc ./chrome/browser/component_updater/widevine_cdm_component_installer.cc ./chrome/browser/component_updater/widevine_cdm_component_installer.h ./components/cdm/common/widevine_drm_delegate_android.cc ./components/cdm/common/widevine_drm_delegate_android.h ./components/cdm/renderer/widevine_key_system_properties.cc ./components/cdm/renderer/widevine_key_system_properties.h This ./chrome/browser/component_updater/widevine_cdm_component_installer.cc looks particularly suspicious to me... Now, it seems that widevine stuff only gets built when the ENABLE_WIDEVINE option is set, and it doesn't seem to be the case in guix' package. Since I don't understand how the browser gets built, so I'm not sure about the default. In any case, it would be good to get rid of these files even if they aren't built. HTH! From debbugs-submit-bounces@debbugs.gnu.org Tue Feb 19 19:39:16 2019 Received: (at 34565) by debbugs.gnu.org; 20 Feb 2019 00:39:16 +0000 Received: from localhost ([127.0.0.1]:56930 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gwFut-00062g-RD for submit@debbugs.gnu.org; Tue, 19 Feb 2019 19:39:16 -0500 Received: from bluehome.net ([96.66.250.149]:47360) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gwFus-00062X-5V for 34565@debbugs.gnu.org; Tue, 19 Feb 2019 19:39:14 -0500 Received: from pc.lan (pc.lan [10.0.0.51]) by bluehome.net (Postfix) with ESMTPSA id 987F84B4069C for <34565@debbugs.gnu.org>; Tue, 19 Feb 2019 16:39:12 -0800 (PST) Message-ID: <1550623152.12316.5.camel@jxself.org> Subject: Re: bug#34565: ungoogled-chromium contains Widevine DRM From: Jason Self To: 34565@debbugs.gnu.org Date: Tue, 19 Feb 2019 16:39:12 -0800 In-Reply-To: <20190219144342.GA2688@jasmine.lan> References: <1550547897.31222.1.camel@jxself.org> <20190219070601.GA8273@jasmine.lan> <1550582906.5431.7.camel@jxself.org> <20190219144342.GA2688@jasmine.lan> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-pzz+1IqxJ3m8isCv+19H" X-Mailer: Evolution 3.18.5.2-0ubuntu3.2 Mime-Version: 1.0 X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 34565 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-pzz+1IqxJ3m8isCv+19H Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Based on=C2=A0http://issues.guix.info/issue/28004#2=C2=A0it is disabled at = build time; but not removed. The person said they thought this was FSDG compliant but a reading of "the distro must contain no DRM" from the FSDG could be taken to mean the distro still "contains" it, since it's still within the source code of the program. "Disabled by default" shouldn't be good enough IMHO; build flags should not be used to hide freedom problems. The source code represents what the software *is*, not the build flags. --=-pzz+1IqxJ3m8isCv+19H Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iQIcBAABCgAGBQJcbKGwAAoJEJ0NsxtUWjGYmGAP+wTXJ80sklDLx8lp9VPxPELo Uhu4JVBHN53JNEe/I1Q5J5Xu9AzFGbThNoGleL+CPmXGBQVym5KI+2rNQ/LHfNym qvOGn9twPY7jCh/RhZUt7bSmm0kcKQFdfWAQDb2FaJO1dOEtV9pooWxwMwjgOzNw 1FINrdBHdDfWtjvQ2vafmQAVbjaqK9mjNTW4sE26GGKOgscRsD3uoFm2HQFEptku Md/2I6te4KZnLm+320DGvSgWKcC5AQwVsEtHcTB21LfAk4rGZwn8XGtdH+Xagsm2 NVKevpYDtepTrxwQuxY1Cd1NSQ0VaDcCs8DrKX6SZaWCmQiXKSrvp+yhEX3P69di orldJkCqFLNGymGEmzyQ6LPaSYIlcpFHdxZQQ7kop/z7tUyxBdsQeMjPMcyHWLt3 +OkDHGDO6jBQHxPhxsUsAK9gqCe5xW7zWk5BQZzj59WurajTXaJXR/lYlHzs+EAG PS6VQ9RQZ0dQQWObag8HbuTW2xyRwO8xFY/o0u7+r2iB5zg26BjJhFELouP0oT2P omcEgF8Y+4OWgnO0FE7U5M+74f6ACNKQ++PrLNw9dkur89dHIsvDd3MCp6yEuKfq mG2zJX+P+Jg+hhPVDXA99jaJ3b3Uw85+Ldvrz+QLEuXT6+z5oH8d59RfgYTdPL2l HnGfn+otxauemJ2jE30H =zN5H -----END PGP SIGNATURE----- --=-pzz+1IqxJ3m8isCv+19H-- From debbugs-submit-bounces@debbugs.gnu.org Tue Feb 19 20:12:23 2019 Received: (at 34565) by debbugs.gnu.org; 20 Feb 2019 01:12:23 +0000 Received: from localhost ([127.0.0.1]:56942 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gwGQw-0006q6-Tq for submit@debbugs.gnu.org; Tue, 19 Feb 2019 20:12:23 -0500 Received: from bluehome.net ([96.66.250.149]:47388) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gwGQt-0006pv-In for 34565@debbugs.gnu.org; Tue, 19 Feb 2019 20:12:21 -0500 Received: from pc.lan (pc.lan [10.0.0.51]) by bluehome.net (Postfix) with ESMTPSA id 3DF784B400A0 for <34565@debbugs.gnu.org>; Tue, 19 Feb 2019 17:12:18 -0800 (PST) Message-ID: <1550625137.14138.3.camel@jxself.org> Subject: Re: bug#34565: ungoogled-chromium contains Widevine DRM From: Jason Self To: 34565@debbugs.gnu.org Date: Tue, 19 Feb 2019 17:12:17 -0800 In-Reply-To: <1550623152.12316.5.camel@jxself.org> References: <1550547897.31222.1.camel@jxself.org> <20190219070601.GA8273@jasmine.lan> <1550582906.5431.7.camel@jxself.org> <20190219144342.GA2688@jasmine.lan> <1550623152.12316.5.camel@jxself.org> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-uOLl35LSDQMCsKmHFb2A" X-Mailer: Evolution 3.18.5.2-0ubuntu3.2 Mime-Version: 1.0 X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 34565 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-uOLl35LSDQMCsKmHFb2A Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable A different but related matter is the build process itself. I understand this is not exactly related to the DRM matter but it does seem similiar. I can open another bug over this if needed. I have recently submitted upstream's Chromium 73.0.3683.45 into my FOSSology instance for analysis. Actually, less than a third of the total files were classified as "BSD-like". In total it found 162 unique licenses. Of course, automated licenses analysis is never perfect and I have not fully vetted any particular results but it does help to at least indicate that which is very clearly free software and that which needs further investigation. Even in the short time I was reviewing it I found a number of freedom problems. I don't mean that to be an exhaustive list of everything, merely an indicator of a symptom: * unrar (license denies freedom 0) * third_party/blink has some images under CC-BY-NC-SA-2.0 * Google Toolbar is in there, with a non-free EULA Taking this and considering Guix's build process: The method of building seems to involve downloading Chromium, then runnning ungoogled-chromium over it, and then building. I'm not sure if any other packages have their freedom problems fixed in this way but this, just like build flags, should not be sufficient. Freedom problems should not be hidden/removed after the fact by asking the user to run a clean-up program after downloading the source, even if that has been automated by the package manager. What is sent to the end user to compile should itself be 100% free software and FSDG compliant from the beginning. If not it still amounts to distributing non-free software to the user when they want to, for example, do guix build -S chromium. --=-uOLl35LSDQMCsKmHFb2A Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iQIcBAABCgAGBQJcbKlyAAoJEJ0NsxtUWjGYiNMQALC0+q6+B4fntdDAW8GLGdg3 NVD4OHfUVWce4bdinEdYLo8G44m6hUxyGAVHVi+VJWKUbFu9z1GZoOKDTCfW7qJl NO2w3wphY2vzu5DtWfBVzX20PnAvvOo1+C3t9QoJDBJQFfJ2zy8qtq8b28Mvz3em OagcbyQE3TAktpC3HFuqqlQV9Hdabm5knavdepYyncQbaXmr48epZtARpYsUu+nb D/ANT2kf6kGgAc/Pg/8TW5qDMYufXZQdfeys3jLHoxYiHi2pxDEPsWNnIoUbXiwY gRNQ4eRFWG7zFuE4BZboimjJFnWYnTI2MDrCZ+lECukQEWDIjCUd38Waa8RmJUFB g6p0tf9LwEBRcDr+JIWCZMlw8+Ph+0HQGetx2DtjQDb59cJYgo+C6L+Xl5JhgSx3 zykZPPpQpZRf8k5uY+HtTJK9/0xyaarEJhafGE7fK0KuwW62qbwj2Evnx0Tw+8jQ oeEjVouZb+SkpUvQUJazGtsCi3UPqD3yIBXfBik/zdSUGptpMrUzCOHBm7q/1BsB 2hegh1nVsvBVM0HLDrgwTqxBsYaD/c+ZP0YII2MJjl94F9eBiJ17FRy3mWNlgfg3 mtVnyjGwhA+EK0gn05YsnsPm2WXfJu92w+BF2vY5oSGiBIXxGrM8VMwkKkd7J3Fe RhzK3O7wtTW2/Bff/PUP =IL5v -----END PGP SIGNATURE----- --=-uOLl35LSDQMCsKmHFb2A-- From debbugs-submit-bounces@debbugs.gnu.org Tue Feb 19 20:19:53 2019 Received: (at 34565) by debbugs.gnu.org; 20 Feb 2019 01:19:53 +0000 Received: from localhost ([127.0.0.1]:56946 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gwGYA-00070f-Sm for submit@debbugs.gnu.org; Tue, 19 Feb 2019 20:19:51 -0500 Received: from bluehome.net ([96.66.250.149]:47390) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gwGY8-00070X-Ps for 34565@debbugs.gnu.org; Tue, 19 Feb 2019 20:19:49 -0500 Received: from pc.lan (pc.lan [10.0.0.51]) by bluehome.net (Postfix) with ESMTPSA id CC6BF4B40319 for <34565@debbugs.gnu.org>; Tue, 19 Feb 2019 17:19:47 -0800 (PST) Message-ID: <1550625587.14780.2.camel@jxself.org> Subject: Re: bug#34565: ungoogled-chromium contains Widevine DRM From: Jason Self To: 34565@debbugs.gnu.org Date: Tue, 19 Feb 2019 17:19:47 -0800 In-Reply-To: <1550625137.14138.3.camel@jxself.org> References: <1550547897.31222.1.camel@jxself.org> <20190219070601.GA8273@jasmine.lan> <1550582906.5431.7.camel@jxself.org> <20190219144342.GA2688@jasmine.lan> <1550623152.12316.5.camel@jxself.org> <1550625137.14138.3.camel@jxself.org> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-FL3Ud8YXXQFaqXtTAp91" X-Mailer: Evolution 3.18.5.2-0ubuntu3.2 Mime-Version: 1.0 X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 34565 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-FL3Ud8YXXQFaqXtTAp91 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable > should not be hidden/removed after the fact by asking the user to run > a clean-up program after downloading the source, even if that has > been automated by the package manager. What is sent to the end user > to compile should itself be 100% free software and FSDG compliant > from the beginning. If not it still amounts to distributing non-free > software to the user when they want to, for example, do guix build -S > chromium. I should probably add on that this position comes from my interaction with the FSF in 2010: When LibreWRT was founded in 2010 (before it later merged into libreCMC) we submitted a similar=C2=A0question to the FSF= , as to if it was sufficient for the LibreWRT build scripts (which would be run by the person building the firmware image from source and would have completely automated, just like how someone might instruct Guix to build from source) to download Linux and then run the Linux-libre deblobbing scripts on it vs having the build scripts instead download tarballs that were already cleaned up. I can't seem to find the email from back then but the response was that we needed to use already cleaned-up tarballs, not ask the user to clean up the software after ward even if automated. So that was what we did. Guix should do something similar. --=-FL3Ud8YXXQFaqXtTAp91 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iQIcBAABCgAGBQJcbKszAAoJEJ0NsxtUWjGYptMP/03CoxIb6qFWOuDbHi1bf4CS VyWKv/OFofuPghUSWnoNWs8ugvZZma3bc4Ak3UYsR9XCWIR4lIvn30qgSczA60oT gfB8MVUp/k0c87fufQ8qbZQRt0DdOdkYGkJOll6oZOqh8qSyRX+3DUGq9rL4wvi9 hjfELcTThu+0YIZBt+QKLSQmlPEnvMbUtJSDZ5UizUXVNktxSvbLdhg813yBEjAl prWr9Fe1GdUrmCeCpz/OHMJGpkr157ALxI2Wal7JmaeGKH3oFMzIOAqvAL6TWEJY wD3sWArALoLKGrbtlu/dMpbB7J2qhyR0CH2hKASixwyl+pjd8mSzPDwyHK+/YQWo 2CZX4hipXPTsb9ksTr4dh5Ai9OawjEtIMU0NohZ2oErPAW25sXmZWjkTpZm/MMet ur8sBsBcvCA7Bq5tawDh8FTMXGbBXiy3qBH8IyxGvPevs4NovybzkoZpqLfs9ySa 0lzyklJYPrxPSeLTdCcNAKp1lUxkunMsQO7gv3jFLRvgQJXD8cHZFqXfJ0NnFkdd ak1r95g9woP3QrwKcVz5xn99Kz+ZdS9YhUVC01OGr8Oq7Y7n2yxCYfWNTkahwcyl 2olj1CDhT8Hj62ZRC2iUtmzSiizNl/be2d9TEiUZO+YjG34jpHBMiFcDKIC1cUj6 bYdauzexlozdupfqcGB4 =NaxA -----END PGP SIGNATURE----- --=-FL3Ud8YXXQFaqXtTAp91-- From debbugs-submit-bounces@debbugs.gnu.org Wed Feb 20 00:15:49 2019 Received: (at 34565) by debbugs.gnu.org; 20 Feb 2019 05:15:49 +0000 Received: from localhost ([127.0.0.1]:57058 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gwKEX-0004Xz-2o for submit@debbugs.gnu.org; Wed, 20 Feb 2019 00:15:49 -0500 Received: from wout2-smtp.messagingengine.com ([64.147.123.25]:36633) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gwKEU-0004Xk-Ek for 34565@debbugs.gnu.org; Wed, 20 Feb 2019 00:15:47 -0500 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.west.internal (Postfix) with ESMTP id DC3F43627; Wed, 20 Feb 2019 00:15:39 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Wed, 20 Feb 2019 00:15:40 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=mesmtp; bh=web75sLD/KWI41Te0/nyU6e8 q0KUEkRGmzgnUNBMTQ0=; b=FtR2DVB+RImB9RBKjQdDLl1mznZbGYChnFUss12G n5WlFv56o+YWX9rRm11hHcKF3BPywoCjeafCkQdmhOOai7Nof6W8q7lEq89dtg2K KBt2z76SSEewupIU+vTVmJJQnxY+gR/FoEiI3QWN8cHDTkP6yuPTcfaWXn/JBcCG CwU= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=web75s LD/KWI41Te0/nyU6e8q0KUEkRGmzgnUNBMTQ0=; b=AhLcb1NI76BzNhMItDaeiR S5cu3YAmrglgHjcswv51KvUAGC2n5lgoqZCAljUfjmotYYaDuHhvonh8mclCVhg/ lJ9uQCl5PjxEkyLFhIGdqyEOAg7QqsPcZnhYwxgFvIPxoxP7Lo3mrzJgOQjfQaS8 YT5rzTcoj5+wAyRdSSEdAFttuqL0NsjZiR2EL7TlON4OJcw4e/V7dw4vx9BjOlXc CiQb+/Xax3mtNEPTeTNsmnCDTkUaNv/OYnlZx8Gx9dlEj12id6/gCBb4Lcbr7VU3 rME2B0c41N8B+INXZMfmIoHp0xDizCxCnvScETkwke6NyG6G8okAVoWdwcr3BmMQ == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedutddrtdehgdekgeculddtuddrgedtledrtddtmd cutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfhuthen uceurghilhhouhhtmecufedttdenucenucfjughrpeffhffvuffkfhggtggujggfsehgtd erredtredvnecuhfhrohhmpefnvghoucfhrghmuhhlrghrihcuoehlvghosehfrghmuhhl rghrihdrnhgrmhgvqeenucfkphepjeeirdduvdegrddvtddvrddufeejnecurfgrrhgrmh epmhgrihhlfhhrohhmpehlvghosehfrghmuhhlrghrihdrnhgrmhgvnecuvehluhhsthgv rhfuihiivgeptd X-ME-Proxy: Received: from localhost (c-76-124-202-137.hsd1.pa.comcast.net [76.124.202.137]) by mail.messagingengine.com (Postfix) with ESMTPA id 7B93010311; Wed, 20 Feb 2019 00:15:38 -0500 (EST) Date: Wed, 20 Feb 2019 00:15:36 -0500 From: Leo Famulari To: Jason Self Subject: Re: bug#34565: ungoogled-chromium contains Widevine DRM Message-ID: <20190220051536.GA7782@jasmine.lan> References: <1550547897.31222.1.camel@jxself.org> <20190219070601.GA8273@jasmine.lan> <1550582906.5431.7.camel@jxself.org> <20190219144342.GA2688@jasmine.lan> <1550623152.12316.5.camel@jxself.org> <1550625137.14138.3.camel@jxself.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="liOOAslEiF7prFVr" Content-Disposition: inline In-Reply-To: <1550625137.14138.3.camel@jxself.org> User-Agent: Mutt/1.11.2 (2019-01-07) X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 34565 Cc: 34565@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --liOOAslEiF7prFVr Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Tue, Feb 19, 2019 at 05:12:17PM -0800, Jason Self wrote: > Taking this and considering Guix's build process: The method of > building seems to involve downloading Chromium, then runnning > ungoogled-chromium over it, and then building. I'm not sure if any > other packages have their freedom problems fixed in this way but this, > just like build flags, should not be sufficient. Freedom problems > should not be hidden/removed after the fact by asking the user to run a > clean-up program after downloading the source, even if that has been > automated by the package manager. What is sent to the end user to > compile should itself be 100% free software and FSDG compliant from the > beginning. If not it still amounts to distributing non-free software to > the user when they want to, for example, do guix build -S chromium. To clarify this general point about Guix for anyone who is reading along, as a matter of policy the end user does not receive non-free source code from Guix. The tools provided by Guix to access source code only return source code that is freely licensed. If the sources have to be modified to ensure this, the unodified source code is not provided to the user. Guix is specifically designed to do it this way. --liOOAslEiF7prFVr Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlxs4nUACgkQJkb6MLrK fwhsPw//TGH5826MuUVxzsxjlYgNWfcLworp6z7LEQmhq9SjjyX2gCa76bCQTyHi +wAGo2GCnYIGuV/jMAZj/dyTrpsJjd48DQhYeEUdilQPh6ktWN5LOxj/R68mp7eP BVTizKe+vEbJ1iJcK3B4F7UNAlRWp7ur+4gSqmFdGSd3y9EIwPgfVBTMjp0qleVk ddJYhRYpHNmcVPcgVbyb8JewFn7ctOPsBGfpZqieirbDJRq+sjVDs2DsZzE+l+dk C2U86gQfLM6/vGwCV9Ly7yXpxf0XvdVZrowrU8M+iGeBmpvBCBY+RwF/jE8EKg/7 i+I00wMEF8XtzC0eP3JyPxGOjjD/0/PMIhtuOE0DNW4TFkYhKKfy57ZnTA1P+8Co yvZUyl5eJMuGy6QgYUGLbrVERS9ib7CVTWEAUoP4CBuBuj4X+LfnTyrHDRUY76FR 3SAgWQIvGkGQ8Bn+uii2UxgYhZWK6r8wTirGuu5Zjzy1vNcdaxNr5EQDu0jcxfBl QpthGuq1fZX8U8kRyJ/OCSFyUdE2hpcDLYL9xzF4d1/J30s2s6X3LU+CBhy9c86a 05ZJNHY8wTxMtWBkq80r7HSC4jf80R2bHzjc2C0uUzpImhdQXdaFQ+dmmPLuUd5p h9dtxEu2CgEhrDvennldvD6my8ZSA/ig6scVOy+FbjWm56/pnc4= =vUdq -----END PGP SIGNATURE----- --liOOAslEiF7prFVr-- From debbugs-submit-bounces@debbugs.gnu.org Wed Feb 20 00:22:01 2019 Received: (at control) by debbugs.gnu.org; 20 Feb 2019 05:22:01 +0000 Received: from localhost ([127.0.0.1]:57063 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gwKKW-0004h3-T7 for submit@debbugs.gnu.org; Wed, 20 Feb 2019 00:22:01 -0500 Received: from wout2-smtp.messagingengine.com ([64.147.123.25]:40987) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gwKKV-0004gj-I9 for control@debbugs.gnu.org; Wed, 20 Feb 2019 00:21:59 -0500 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.west.internal (Postfix) with ESMTP id 6A57C35A2; Wed, 20 Feb 2019 00:21:53 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute4.internal (MEProxy); Wed, 20 Feb 2019 00:21:53 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:to:message-id:mime-version:content-type; s=mesmtp; bh=okfW1uBLm6Q7ZJpQiF9WavXg3KQqpQok7zI4Meo2VFM=; b=aobG/VCySPAX OxU28I78r/EsAJNCN1KUcf6iQ1OmOYBPq5qLhvEuByWtx4g4gddZNba5Up1BFvLE HADa+z2YMFQ7Hs6CemFIg1z2qtEMF5SGSMHaIDCkVp3Z47jWLIzDqzRUt5u7QtrP inySBUmQmWH/Yez7xlCNCx8Z8taQzn8= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:message-id :mime-version:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=okfW1uBLm6Q7ZJpQiF9WavXg3KQqpQok7zI4Meo2V FM=; b=GedrcARUG2dre+jqta2QrMkNM5exArvvkahZKYLjZMdS+B1eOQGhBmppc d/pXUWEehdcDKIlK75KVOu3lDqBG0N31XNbudI0dfffHcCxaVAj99WfT1/XwErrx z8eRW/MuF8pfiZC707SYptW43VcsGhs+cyNEWOE16w/HzDOLCaEvst9TD4/lwAJ9 JIxxYMzu4jfFjKjBnlua/ePZ7I3M7rR+VQ8lCiIAiZyBMZFsMwDfEca4ow5FhOkx gGmzWA2+FT0HBG/ulQ77weIE/OncamWM3WtopoOPF/jcP6rJadDq8FDZfKbbFKtZ MOD3lM7SVrXlXQJAkw/ku3Xi9yHhA== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedutddrtdehgdekgeculddtuddrgedtledrtddtmd cutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfhuthen uceurghilhhouhhtmecufedttdenucfgmhhpthihuchsuhgsjhgvtghtucdluddtmdenuc fjughrpeffhffvkfggtggufgesthdtredttdervdenucfhrhhomhepnfgvohcuhfgrmhhu lhgrrhhiuceolhgvohesfhgrmhhulhgrrhhirdhnrghmvgeqnecukfhppeejiedruddvge drvddtvddrudefjeenucfrrghrrghmpehmrghilhhfrhhomheplhgvohesfhgrmhhulhgr rhhirdhnrghmvgenucevlhhushhtvghrufhiiigvpedt X-ME-Proxy: Received: from localhost (c-76-124-202-137.hsd1.pa.comcast.net [76.124.202.137]) by mail.messagingengine.com (Postfix) with ESMTPA id D3C25E409E for ; Wed, 20 Feb 2019 00:21:51 -0500 (EST) Date: Wed, 20 Feb 2019 00:21:50 -0500 From: Leo Famulari To: control@debbugs.gnu.org Message-ID: <20190220052150.GA8951@jasmine.lan> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.11.2 (2019-01-07) X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: retitle 34565 ungoogled-chromium may contain Widevine DRM Content analysis details: (1.3 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: messagingengine.com] -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [64.147.123.25 listed in list.dnswl.org] -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record 1.8 MISSING_SUBJECT Missing Subject: header 0.2 NO_SUBJECT Extra score for no subject X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.3 (/) retitle 34565 ungoogled-chromium may contain Widevine DRM From debbugs-submit-bounces@debbugs.gnu.org Wed Feb 20 00:35:52 2019 Received: (at 34565) by debbugs.gnu.org; 20 Feb 2019 05:35:52 +0000 Received: from localhost ([127.0.0.1]:57072 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gwKXw-000720-GQ for submit@debbugs.gnu.org; Wed, 20 Feb 2019 00:35:52 -0500 Received: from bluehome.net ([96.66.250.149]:47518) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gwKXt-00071q-IX for 34565@debbugs.gnu.org; Wed, 20 Feb 2019 00:35:50 -0500 Received: from pc.lan (pc.lan [10.0.0.51]) by bluehome.net (Postfix) with ESMTPSA id 043254B400A0 for <34565@debbugs.gnu.org>; Tue, 19 Feb 2019 21:35:48 -0800 (PST) Message-ID: <1550640947.21795.7.camel@jxself.org> Subject: Re: bug#34565: ungoogled-chromium contains Widevine DRM From: Jason Self To: 34565@debbugs.gnu.org Date: Tue, 19 Feb 2019 21:35:47 -0800 In-Reply-To: <20190220051536.GA7782@jasmine.lan> References: <1550547897.31222.1.camel@jxself.org> <20190219070601.GA8273@jasmine.lan> <1550582906.5431.7.camel@jxself.org> <20190219144342.GA2688@jasmine.lan> <1550623152.12316.5.camel@jxself.org> <1550625137.14138.3.camel@jxself.org> <20190220051536.GA7782@jasmine.lan> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.18.5.2-0ubuntu3.2 Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 34565 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Leo Famulari wrote: > To clarify this general point about Guix for anyone who is reading > along, as a matter of policy the end user does not receive non-free > source code from Guix. Right; the source is downloaded from commondatastorage.googleapis.com but that is a technicality. What I'm saying is that the recipe should be updated to cause it to download an already-cleaned up version directly from Guix (it could be hosted somewhere on gnu.org for example but exactly where can be up for negotiation) and that this excuse of "they're getting it elsewhere" shouldn't be usable as an excuse to sidestep the FSDG. It's still causing the user to download the software due to the recipes provided by Guix. > The tools provided by Guix to access source code only return source > code that is freely licensed. If the sources have to be modified to > ensure this, the unodified source code is not provided to the user. It's still being downloaded into their computer and then being cleaned up after the fact. If there weren't freedom problems with it there wouldn't be a need for a clean-up program (ungoogled-chromium in this case) to be running -- as a process on the user's computer -- to do this. And in https://www.gnu.org/distros/free-system-distribution-guidelines. html we have: "For instance, a free system distribution must not contain browsers that implement EME, the browser functionality designed to load DRM modules." So that should make it quite clear. From debbugs-submit-bounces@debbugs.gnu.org Wed Feb 20 00:42:33 2019 Received: (at 34565) by debbugs.gnu.org; 20 Feb 2019 05:42:33 +0000 Received: from localhost ([127.0.0.1]:57077 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gwKeP-0007BG-AA for submit@debbugs.gnu.org; Wed, 20 Feb 2019 00:42:33 -0500 Received: from wout2-smtp.messagingengine.com ([64.147.123.25]:47233) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gwKeM-0007B2-Ef for 34565@debbugs.gnu.org; Wed, 20 Feb 2019 00:42:31 -0500 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.west.internal (Postfix) with ESMTP id 5CCDC3182; Wed, 20 Feb 2019 00:42:24 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute4.internal (MEProxy); Wed, 20 Feb 2019 00:42:24 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=mesmtp; bh=F3mfbOFV0DHad9pPLn1XmppS KzkHNwda9jBObUjg9d4=; b=UVbH2ZZ+xRBp4GRafN5cY7QvEaq0CQEuaRfDuycl YW0F6S+W7bRYtk5+5IGMyoCf+ZWAhxyCH6T0GCtgRtwS/UPl05AIBYAGLQJFCBvn 2tqoWp5SkPUxukYfx/n/Lyu5bu/Pf8vjM4a1Vii1CZjgzd58V/L/WpCobCdafcwI vq0= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=F3mfbO FV0DHad9pPLn1XmppSKzkHNwda9jBObUjg9d4=; b=roox1wURoHbw8O4xpuYqPu FnjzNcmDuIVCDml+QjEjd7eenxYkSaTXSp/xXhcM0lNeNSSKlButcH+/nfGYvIxe QDEr+7PFhX9WSe26qVTRkUClGYOROzZbOUvZAWs1DAy2mJ4pkc9+chmu1xRscwuY BDyRzFdgS0Zt4F8XhT32m/78wcjnx6ydAXxTucv7Q0m5vgrIqjiWxjL3W9LF9jFK s9UTrVyQ9cSFGVWphA5i3A1fubncJCYhhKJtLJ8/VNv1899h29cqj/k/hIOwTAJ7 BRpz0uRVMBRXYWTzS5AXPLBlxwYID7MUzhJMz9f5f9bioCoavYA0Gn7h/HfcFxKg == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedutddrtdehgdekkeculddtuddrgedtledrtddtmd cutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfhuthen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepfffhvffukfhfgggtuggjfgesghdtreertdervdenucfhrhhomhepnfgvohcu hfgrmhhulhgrrhhiuceolhgvohesfhgrmhhulhgrrhhirdhnrghmvgeqnecukfhppeejie druddvgedrvddtvddrudefjeenucfrrghrrghmpehmrghilhhfrhhomheplhgvohesfhgr mhhulhgrrhhirdhnrghmvgenucevlhhushhtvghrufhiiigvpedt X-ME-Proxy: Received: from localhost (c-76-124-202-137.hsd1.pa.comcast.net [76.124.202.137]) by mail.messagingengine.com (Postfix) with ESMTPA id 9B575E4210; Wed, 20 Feb 2019 00:42:20 -0500 (EST) Date: Wed, 20 Feb 2019 00:42:19 -0500 From: Leo Famulari To: Julien Lepiller Subject: Re: bug#34565: ungoogled-chromium contains Widevine DRM Message-ID: <20190220054219.GA9386@jasmine.lan> References: <1550547897.31222.1.camel@jxself.org> <20190219070601.GA8273@jasmine.lan> <1550582906.5431.7.camel@jxself.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="rwEMma7ioTxnRzrJ" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.11.2 (2019-01-07) X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 34565 Cc: 34565@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --rwEMma7ioTxnRzrJ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Feb 19, 2019 at 03:44:17PM +0100, Julien Lepiller wrote: > So I've downloaded the source tarball with `guix build -S chromium` > and here's what I found in it: [...] Thanks for taking a look, Julien! We need to find out if Widevine DRM is actually included in the Guix ungoogled-chromium package or not. Obviously the intent was to not include it, and it does not work in practice. Widevine videos do not play and there is no prompt to install or enable DRM, unlike in some other browsers that use DRM. I think the next steps for this subject are to first, in general, figure out where Widevine comes from, and then, more specifically, decide what to do about the files you mentioned.=20 As I mentioned already, other distros seem to get Widevine by extracting its binary from Chrome, even when using it for Chromium. It seems reasonable to assume that if Widevine were included in Chromium they would not be downloading a whole 'nother browser for that one component. As for the specific files listed by Julien, they may be harmless, or not, we should figure out what they do and if they need to be removed. --rwEMma7ioTxnRzrJ Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlxs6LsACgkQJkb6MLrK fwhX7hAAkH8/9+45iJyItVt5t/tP/qHhK34m+Vc+tkrk3+BaCev2AFP45h8i57oI wVXq8VGff++j575zGbZRV0+PHaOinAEo15mTWIWbpes56LM/LToOrpepd+E1ikQN TJGqzWeus2VFWW1rjwPNM5YWcjNBBOQMSENkJkOWT5p9HS+oFaKsXsl8q5A9+bFP cruwMyp0wmU59tdoSibik5zKcX2bI4SgWW69vGhh57lVLHtm7sKUSPySamnthTEY wSOzBMuIYOv6W3TS7cuiMqYqT8hpPbUxddJyysfrQjNQNQ2sWv5CqVj5gSSNXQRy H/OGQ6j5tnn+tuvSSAsP1c7d2P0NfgB/PdrmfIj2gzy9J3mxfHF2ZLzjsuRpzowG OlxgoEF2XlZtESMvDXrDyFtRlk7KwPL5qsVOwIOW9UbEfs4sCPiUhB2iXFOQWqwJ wwTRycbefAwzNckMsrd08Z5tegq2QMYE/yHaFCEr+p4tjFdnXWExe03sd/3IrSE2 F0DR/eRQaXf0fNP/ZqMYmG0+NvXBy4lc6GCmApgq5cJS6hkw2mtkhUNiiPKz/1hs NyHHNNnTmJ4rR3NpGzfnXTPjPmftWk+S/hP/6uCNRPUWcXlLrfSq6xLR5aESHJBF fuLzS9Agw+sb3j2Hcno6alIXxF5fMrTTyGV4rgR0uypx8IZejh8= =24ni -----END PGP SIGNATURE----- --rwEMma7ioTxnRzrJ-- From debbugs-submit-bounces@debbugs.gnu.org Wed Feb 20 02:59:27 2019 Received: (at 34565) by debbugs.gnu.org; 20 Feb 2019 07:59:27 +0000 Received: from localhost ([127.0.0.1]:57151 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gwMmt-0004DW-Cr for submit@debbugs.gnu.org; Wed, 20 Feb 2019 02:59:27 -0500 Received: from sender-of-o51.zoho.com ([135.84.80.216]:21138) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gwMmr-0004DO-EZ for 34565@debbugs.gnu.org; Wed, 20 Feb 2019 02:59:26 -0500 ARC-Seal: i=1; a=rsa-sha256; t=1550649547; cv=none; d=zoho.com; s=zohoarc; b=n7GAySEB+i2ZidEcVuyNMpqePSYBrBwaKGeUdL9wtRjXLt3Iqt3ucOI9omb7kKDmgQBfGx6Wytu1am6O1ltghR9ZATVIszOSzUjrE8fWZLy7Yic9xrt/uxss4LteCQHQHS17P0dnTm3s90MN3lds1Eun40GWe7zJgtS5Y3gXxi0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1550649547; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To:ARC-Authentication-Results; bh=JzbNcNBGBsiSlmpgcn0fQDw5llZq5DrAw3NZ8WjgMSk=; b=YWSW0RcHCF3/sWfUbeuzNZ73X6BHajO+LsvMQJJAV2EiLxswETESINvaD2z5InFV4qWKe3Thksr8iIQMrh6s4xjZ+Bp51TbLHZJ/GV/m4RBBQLTbtFMOy+dTb0UfubXXIh3vqRNvcz9+t3tCGP+zarCbegpy5PTd2Vn9QpxCjOg= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass header.i=elephly.net; spf=pass smtp.mailfrom=rekado@elephly.net; dmarc=pass header.from= header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1550649547; s=zoho; d=elephly.net; i=rekado@elephly.net; h=References:From:To:Cc:Subject:In-reply-to:Date:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding; l=1180; bh=JzbNcNBGBsiSlmpgcn0fQDw5llZq5DrAw3NZ8WjgMSk=; b=U9lFhCixl0pSmKabwphq4oe8nRHXmi/WXmoSQgyRoORmhyjSaCqgPLjeuHVizYnK xsxGe3GoKB8LNB7DSJTChwHZXwyqKQ/lA+padagXwJjTdabESF2/zOYcMMw9SoLbD+I ClOcsWg2IFVH+t5Mt9sBIOZkdW8tmci5GEbj8yzQ= Received: from localhost (p54AD468B.dip0.t-ipconnect.de [84.173.70.139]) by mx.zohomail.com with SMTPS id 1550649545548802.8040730294048; Tue, 19 Feb 2019 23:59:05 -0800 (PST) References: <1550547897.31222.1.camel@jxself.org> <20190219070601.GA8273@jasmine.lan> <1550582906.5431.7.camel@jxself.org> <20190219144342.GA2688@jasmine.lan> <1550623152.12316.5.camel@jxself.org> <1550625137.14138.3.camel@jxself.org> <20190220051536.GA7782@jasmine.lan> <1550640947.21795.7.camel@jxself.org> User-agent: mu4e 1.0; emacs 26.1 From: Ricardo Wurmus To: Jason Self Subject: Re: bug#34565: ungoogled-chromium might contain remnants of Widevine DRM In-reply-to: <1550640947.21795.7.camel@jxself.org> X-URL: https://elephly.net X-PGP-Key: https://elephly.net/rekado.pubkey X-PGP-Fingerprint: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC Date: Wed, 20 Feb 2019 08:59:00 +0100 Message-ID: <8736oivqkb.fsf@elephly.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-ZohoMailClient: External X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 34565 Cc: 34565@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Jason Self writes: > Leo Famulari wrote: >> To clarify this general point about Guix for anyone who is reading >> along, as a matter of policy the end user does not receive non-free >> source code from Guix. > > Right; the source is downloaded from commondatastorage.googleapis.com > but that is a technicality. What I'm saying is that the recipe should > be updated to cause it to download an already-cleaned up version > directly from Guix (it could be hosted somewhere on gnu.org for example > but exactly where can be up for negotiation) and that this excuse of > "they're getting it elsewhere" shouldn't be usable as an excuse to > sidestep the FSDG. It's still causing the user to download the software > due to the recipes provided by Guix. Please do not claim that Guix sidesteps or aims to sidestep the FSDG. This is not the case as we are committed to abiding by the FSDG. What users get when using =E2=80=9Cguix build --source=E2=80=9D is the proc= essed source code from the Guix build farm. The fallback is to fetch the original sources directly and process them (which is what the build farm does as well). -- Ricardo From debbugs-submit-bounces@debbugs.gnu.org Wed Feb 20 04:22:53 2019 Received: (at 34565) by debbugs.gnu.org; 20 Feb 2019 09:22:53 +0000 Received: from localhost ([127.0.0.1]:57183 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gwO5X-0008DI-PF for submit@debbugs.gnu.org; Wed, 20 Feb 2019 04:22:51 -0500 Received: from ns13.heimat.it ([46.4.214.66]:49674) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gwO5S-0008D0-69 for 34565@debbugs.gnu.org; Wed, 20 Feb 2019 04:22:46 -0500 Received: from localhost (ip6-localhost [127.0.0.1]) by ns13.heimat.it (Postfix) with ESMTP id 1469730056B; Wed, 20 Feb 2019 09:22:36 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at ns13.heimat.it Received: from ns13.heimat.it ([127.0.0.1]) by localhost (ns13.heimat.it [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AHVAEoApjYUP; Wed, 20 Feb 2019 09:22:31 +0000 (UTC) Received: from bourrache.mug.xelera.it (unknown [93.56.161.211]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by ns13.heimat.it (Postfix) with ESMTPSA id 9DD31300101; Wed, 20 Feb 2019 09:22:31 +0000 (UTC) Received: from roquette.mug.biscuolo.net (roquette.mug.biscuolo.net [10.38.2.14]) by bourrache.mug.xelera.it (Postfix) with SMTP id D0B09300056; Wed, 20 Feb 2019 10:22:29 +0100 (CET) Received: (nullmailer pid 13354 invoked by uid 1000); Wed, 20 Feb 2019 09:22:29 -0000 From: Giovanni Biscuolo To: Leo Famulari Subject: Re: bug#34565: ungoogled-chromium contains Widevine DRM In-Reply-To: <20190220054219.GA9386@jasmine.lan> (message from Leo Famulari on Wed, 20 Feb 2019 00:42:19 -0500) Organization: Xelera.eu Date: Wed, 20 Feb 2019 10:22:19 +0100 Message-ID: <87imxe95mc.fsf@roquette.mug.biscuolo.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 34565 Cc: 34565@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hello, maybe Marius Bakke have something interesting to say about his judgements on this "DRM matter" indeed, this is a pretty ignorant (aka me) comment: Leo Famulari writes: [...] > I think the next steps for this subject are to first, in general, figure > out where Widevine comes from, and then, more specifically, decide what > to do about the files you mentioned.=20 > > As I mentioned already, other distros seem to get Widevine by extracting > its binary from Chrome, even when using it for Chromium. It seems > reasonable to assume that if Widevine were included in Chromium they > would not be downloading a whole 'nother browser for that one > component. ungoogle-chromium FAQs [1] confirms that in order to install Widevine users have to download a shared object (libwidevinecdm.so) and install it system wide in /usr/lib/chromium or in $HOME/.local/lib/ I tried to install ungoogled-chromium from Guix but failed (another story...) so I cannot see myself, but AFAIU there is no way for a user to enable Widevine from the user interface *nor* manually I don't know if the libwidevinecdm.so user loading must be forbidden **programmatically** [2] to be FSDG compliant: what is the case with the linux-libre kernel? are users forbidden to "insmod proprietery_module" they _independently_ downloded or developed? anyway, as Julien Lepiller already verified (Guix package definition is there for anyone to check, and checking is very easy), Widevine stuff only gets built when the ENABLE_WIDEVINE build option is set... and it's not this case, so it's unlikely that users will be able to install Widevine even following the above mentioned procedure last but not least: AFAIU ungoogled-chromium Guix package documentation nor Guix Manual contains information on how to obtain proprierary extensions to any software; am I wrong? > As for the specific files listed by Julien, they may be harmless, or > not, we should figure out what they do and if they need to be removed. AFAIU that code allows dynamically linking Widevine (sorry cannot still check myself), but it is _disabled_ at build time is this enough to be FSDG compliant? given all the above, it seems to me that ungoogled-chromium binaries provided by Guix substitute servers _and_ sources provided by Guix build farms (are provided by them, right?) does not ship with DRM enabled to sum it up: AFAIU for users to be able to use Widevine they must create a custom package definition _outside_ official Guix channels *and* download the shared object "libwidevinecdm.so" from Chromium, installing it "manually" system wide or locally HTH! Ciao Giovanni [1] https://ungoogled-software.github.io/ungoogled-chromium-wiki/faq#how-do-i-i= nstall-widevine-cdm [2] I mean by stripping away any bit of source code that allows users to dynamically link potentially proprietary shared objects in the software =2D-=20 Giovanni Biscuolo Xelera IT Infrastructures --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERcxjuFJYydVfNLI5030Op87MORIFAlxtHEwACgkQ030Op87M ORJl5w/+JddYSZeBKTdqiGMOuJo6h1oWsJB5UgW5+h8EBsrbZSRRRO9RtF2UDLus HAQwJX3JDowo4lMb5DUERHUHPnbACvKQFWBwDeuWK+jRdo+/naodu4UPX7/gHerq pwyYjn30Zxn6GXtdnKkISGOPXrGqpi5dJChcIpSDwaQkTn8G7guPM3KC/+mMjDeE OnDTzhoqXfM/YyKQIXcOU823HH9Jvb0vJiEfzBmg1Gty7KzM6jJew6yxFPtzaseN SiD0hZj4U+9ZAcGhEFE0zn7BXTsadUUsX09pk687vevi2Kk69fskLviZJ6Id56yc ebuRZ7C2Ao/2g+nr8nU2cNWKi6DDOYEKF8YXbZfheT28s0ojkLTGH87M7q6sZNVg IE5Cmp4pxTXKE8LvcPhED/QODzw4Ez+nVEozT3/+JBoUuhkl4NZbgNN+Wuz7rEcz C4XZpc075JhdnnudzY4P9mbt9lJnHWwSrX/xIpRlTRguRrnSV671LkHUa7HWmVQA tNO8tLWXHlKRRxIAVOPCsyvoP8PRlpxugrIaoORVC1f4YqX7XT91aQshTWiygtrp 6NBCLmpG6AvTj6yUOoMiJFB3iFNfPLVuyMC3AwdR/hHok2xpG0ae2QQY9My131I2 49z9IiGNxYM6F+TDbkgxSH5Uak0NvQuSF+Emc4GmQcWWmohNC/Q= =3yTE -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Wed Feb 20 05:09:28 2019 Received: (at 34565) by debbugs.gnu.org; 20 Feb 2019 10:09:28 +0000 Received: from localhost ([127.0.0.1]:57199 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gwOog-0000vf-3b for submit@debbugs.gnu.org; Wed, 20 Feb 2019 05:09:28 -0500 Received: from mail1.fsfe.org ([217.69.89.151]:46256) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gwOod-0000vV-Nr for 34565@debbugs.gnu.org; Wed, 20 Feb 2019 05:09:24 -0500 References: <1550547897.31222.1.camel@jxself.org> <20190219070601.GA8273@jasmine.lan> <1550582906.5431.7.camel@jxself.org> <20190219144342.GA2688@jasmine.lan> <1550623152.12316.5.camel@jxself.org> <1550625137.14138.3.camel@jxself.org> <20190220051536.GA7782@jasmine.lan> <1550640947.21795.7.camel@jxself.org> User-agent: mu4e 1.0; emacs 26.1 From: Jelle Licht To: Jason Self Subject: Re: bug#34565: ungoogled-chromium contains Widevine DRM In-reply-to: <1550640947.21795.7.camel@jxself.org> Date: Wed, 20 Feb 2019 11:09:20 +0100 Message-ID: <87a7iqdb5b.fsf@fsfe.org> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 34565 Cc: 34565@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -6.0 (------) Jason Self writes: > Leo Famulari wrote: >> To clarify this general point about Guix for anyone who is reading >> along, as a matter of policy the end user does not receive non-free >> source code from Guix. > > Right; the source is downloaded from commondatastorage.googleapis.com > but that is a technicality. What I'm saying is that the recipe should > be updated to cause it to download an already-cleaned up version > directly from Guix (it could be hosted somewhere on gnu.org for example > but exactly where can be up for negotiation) and that this excuse of I would argue that this way of thinking is one of the issues Guix and the broader reproducible builds community is trying to solve (in an ethical way). Practical software freedom also includes the possibility of not being dependent on even the gnu.org infrastructure. > "they're getting it elsewhere" shouldn't be usable as an excuse to > sidestep the FSDG. It's still causing the user to download the software > due to the recipes provided by Guix. The implied tone of your message comes across as needlessly aggressive. I am not sure if the GNU Kind Communications Guidelines apply here, but I still urge you to give the broader Guix community the benefit of the doubt in that they are committed to the FSDG and everything it entails. This is like arguing that curl could be used to download proprietary software; An unmodified Guix will never present a user with non-free software. If it does, this can be considered a bug and should be fixed ASAP. Your proposal implies that someone else still downloads the nonfree upstream sources to modify them, so I see this as even more of a case of working around the spirit of the FSDG. > >> The tools provided by Guix to access source code only return source >> code that is freely licensed. If the sources have to be modified to >> ensure this, the unodified source code is not provided to the user. > > It's still being downloaded into their computer and then being cleaned > up after the fact. If there weren't freedom problems with it there > wouldn't be a need for a clean-up program (ungoogled-chromium in this > case) to be running -- as a process on the user's computer -- to do > this. I do not really get the point you are trying to make, because the software has to be downloaded at some point in time. Offering a transparent solution in the form of the Guix store, where the problematic bits of software only exist in a transient state seems like it improves the situation across the board. Whether this fits the letter of the FSDG is an interesting discussion to be had, but arguing that it goes against the core principles is simply silly :). > > And inhttps://www.gnu.org/distros/free-system-distribution-guidelines. > htmlwe have: > > "For instance, a free system distribution must not contain browsers that implement EME, the browser functionality designed to load DRM modules." > > So that should make it quite clear. I feel most folks here agree on this, at least, so if ungoogled-chromium still implements a functioning EME, that is a bug. Respectfully yours, - Jelle From debbugs-submit-bounces@debbugs.gnu.org Wed Feb 20 08:03:42 2019 Received: (at 34565) by debbugs.gnu.org; 20 Feb 2019 13:03:42 +0000 Received: from localhost ([127.0.0.1]:57253 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gwRXK-0007ET-FN for submit@debbugs.gnu.org; Wed, 20 Feb 2019 08:03:42 -0500 Received: from bluehome.net ([96.66.250.149]:47690) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gwRXI-0007EK-2T for 34565@debbugs.gnu.org; Wed, 20 Feb 2019 08:03:41 -0500 Received: from pc.lan (pc.lan [10.0.0.51]) by bluehome.net (Postfix) with ESMTPSA id 61C124B402F9 for <34565@debbugs.gnu.org>; Wed, 20 Feb 2019 05:03:32 -0800 (PST) Message-ID: <1550667811.25277.1.camel@jxself.org> Subject: Re: bug#34565: ungoogled-chromium contains Widevine DRM From: Jason Self To: 34565@debbugs.gnu.org Date: Wed, 20 Feb 2019 05:03:31 -0800 In-Reply-To: <1550625587.14780.2.camel@jxself.org> References: <1550547897.31222.1.camel@jxself.org> <20190219070601.GA8273@jasmine.lan> <1550582906.5431.7.camel@jxself.org> <20190219144342.GA2688@jasmine.lan> <1550623152.12316.5.camel@jxself.org> <1550625137.14138.3.camel@jxself.org> <1550625587.14780.2.camel@jxself.org> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-K9avsEVh8YTzFyKp6qqp" X-Mailer: Evolution 3.18.5.2-0ubuntu3.2 Mime-Version: 1.0 X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 34565 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-K9avsEVh8YTzFyKp6qqp Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Jason Self wrote: > I should probably add on that this position comes from my interaction > with the FSF in 2010: When LibreWRT was founded in 2010 (before it > later merged into libreCMC) we submitted a similar=C2=A0question to the > FSF,as to if it was sufficient for the LibreWRT build scripts (which > would be run by the person building the firmware image from source > and would have completely automated, just like how someone might > instruct Guix to build from source) to download Linux and then run > the Linux-libre deblobbing scripts on it vs having the build scripts > instead download tarballs that were already cleaned up. I can't seem > to find the email from back then but the response was that we needed > to use already cleaned-up tarballs, not ask the user to clean up the > software afterward even if automated. So that was what we did. Guix > should do something similar. I haven't been able to find this conversation in my email. As it seems to be directly relevant to Guix, since it seems to also be the exact same method they use, I have emailed the FSF asking if they can locate this in their ticketing system and to re-send the conversation to me. More to come. --=-K9avsEVh8YTzFyKp6qqp Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iQIcBAABCgAGBQJcbVAkAAoJEJ0NsxtUWjGYn2gP/ixSgVt8SsabNCn8CLnq0wXd cwnudZoYBrvVc26fsO+px1yH+Om24UHXRlwKjfsEnaZEW8G6EUSbYMWbqOxwVvHB ktinWyp0INAriLPsdCy6PgHnOy5rSA0JVLkFTopY4Gfefn4ha/VBmXeedb8uODeZ a1Uaijnr18j6F6Db1Hoe0cLp/9iM2WbpkoQ0SFwdxWCXNRq1w8r/Xd2ZEvds/l+B bWEF1c2Yr0MonG8krXQukfzhgIHEg+f6LUHlO53wr2YQMXYM97H5BF6EKqlSCc6k EEI0FZpCCPpBphDz9DJMh79rqXL6r8XrDJDet7jhVJ20Qg5onJqsaBL6W+chIs3q BmqWuVEHa3nvURerNBEMgZiPDZt0SfbHaZrDxjoA9zUBbKMRm1d4vJtK2NNXauNQ Nc0059VUN2jslCO+AsEL1SCP4C4YRiMxRQGgBbeU8mefDSIM8k3+9N+dQhwESVpU 5i5qRpkngIHf+S8aOA43vDP7bXrupgu9T6awX6og0Ptsw6lxsUihBiX6peVDvYTG ePzyWuQb2XpxGqPkGTVD9ihlaoLRypnY3X7rKwtgRcqb2qm+IsqUs1kuykzuSQqS fz1mLF4Rlbv4Ss7dIeJtz2JgLPX7jUc3GPtpTmNQVG9gXhlrIFqIW64Wcpoyyxpj xyFNQT/BjuAO+3tykA0Q =Lshi -----END PGP SIGNATURE----- --=-K9avsEVh8YTzFyKp6qqp-- From debbugs-submit-bounces@debbugs.gnu.org Wed Feb 20 09:37:32 2019 Received: (at 34565) by debbugs.gnu.org; 20 Feb 2019 14:37:32 +0000 Received: from localhost ([127.0.0.1]:57289 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gwT07-00011a-JX for submit@debbugs.gnu.org; Wed, 20 Feb 2019 09:37:31 -0500 Received: from wout2-smtp.messagingengine.com ([64.147.123.25]:44573) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gwT04-00011M-Se for 34565@debbugs.gnu.org; Wed, 20 Feb 2019 09:37:29 -0500 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.west.internal (Postfix) with ESMTP id E06CC3345; Wed, 20 Feb 2019 09:37:22 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute5.internal (MEProxy); Wed, 20 Feb 2019 09:37:23 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h= from:to:subject:in-reply-to:references:date:message-id :mime-version:content-type; s=fm2; bh=FOFxL3AfQMDSiBikSIAd1ULixZ xdgOrHO5zmWMSRTQg=; b=1HyjEGe86mgLPVgTPsvvMAaeYfqHOW22B8VXHZSIFs 1fVKizmfsv5Fs4BSBFrOIhdNNDHE+1r+6sOS108pxXzKBt++iIy/NB95sOUD/qH2 UNtBlPiNBpzNBvnLtVKsiViTwSEwqX31nUvo3V/zV4Ldd19vanzPAQbf4IszmMiJ RAgKvibT9Jjd0GxlufDXLOIvX5ctnT3mPO7lBdlCh8/4RDcD0e8oEZmWipUaDK4A I8gqlQc+yTLopiMseTRQh611oiNywv8/pxBHVSPwoxFoQlDbc3g0kI7xac3qaJDG EC5ZU9up41Cf8mwf7Li9uRqTLppPDPs6V+0KrT9tAd4w== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=FOFxL3 AfQMDSiBikSIAd1ULixZxdgOrHO5zmWMSRTQg=; b=O2/FfdGz58zU4dhv4ueGrx NPTuLyJu9k8iv2FVC6C87/nlrToisS4gd0NTRkKHMuic/xvDfx/kb3K+sKeFS8Zw vi7bk39t+peyNsXRZr7KllmnOE7D1KPEobBMEmAbUIwBKoSSYScvfe8Oe6KNEGz3 9Ribp2QUFwlPlRxFiZDjpVUgXy4xFCkNwneGQ49DJzw0J6kPKiw44OkiXAuGFVP4 6mwAE4F6EIx60XFpyU4N6wqNM0QKrDwnIp0X0Ox9iKT19JaryKP0ICr83hJMNdlU e1T+5goN8BSs1h80L622PeQAIINoMWhH9IhODK7g/BvPN2hUILrZsbh1veVn8o/g == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedutddrtdeigdeiheculddtuddrgedtledrtddtmd cutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfhuthen uceurghilhhouhhtmecufedttdenucenucfjughrpefhvffujghffgffkfggtgesghdtre ertdertdenucfhrhhomhepofgrrhhiuhhsuceurghkkhgvuceomhgsrghkkhgvsehfrghs thhmrghilhdrtghomheqnecukfhppeeivddrudeirddvvdeirddugedtnecurfgrrhgrmh epmhgrihhlfhhrohhmpehmsggrkhhkvgesfhgrshhtmhgrihhlrdgtohhmnecuvehluhhs thgvrhfuihiivgeptd X-ME-Proxy: Received: from localhost (140.226.16.62.customer.cdi.no [62.16.226.140]) by mail.messagingengine.com (Postfix) with ESMTPA id 79983E4068; Wed, 20 Feb 2019 09:37:21 -0500 (EST) From: Marius Bakke To: Jason Self , 34565@debbugs.gnu.org Subject: Re: bug#34565: ungoogled-chromium contains Widevine DRM In-Reply-To: <1550625137.14138.3.camel@jxself.org> References: <1550547897.31222.1.camel@jxself.org> <20190219070601.GA8273@jasmine.lan> <1550582906.5431.7.camel@jxself.org> <20190219144342.GA2688@jasmine.lan> <1550623152.12316.5.camel@jxself.org> <1550625137.14138.3.camel@jxself.org> User-Agent: Notmuch/0.28.2 (https://notmuchmail.org) Emacs/26.1 (x86_64-pc-linux-gnu) Date: Wed, 20 Feb 2019 15:37:15 +0100 Message-ID: <87wolumspw.fsf@fastmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 34565 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --=-=-= Content-Type: text/plain Jason Self writes: > A different but related matter is the build process itself. I > understand this is not exactly related to the DRM matter but it does > seem similiar. I can open another bug over this if needed. I have > recently submitted upstream's Chromium 73.0.3683.45 into my FOSSology > instance for analysis. Actually, less than a third of the total files > were classified as "BSD-like". In total it found 162 unique licenses. > Of course, automated licenses analysis is never perfect and I have not > fully vetted any particular results but it does help to at least > indicate that which is very clearly free software and that which needs > further investigation. To avoid duplicate work, it would be useful if you ran this analysis on the tarball produced by `guix build --source ungoogled-chromium`. > Even in the short time I was reviewing it I found a number of freedom > problems. I don't mean that to be an exhaustive list of everything, > merely an indicator of a symptom: > > * unrar (license denies freedom 0) UnRAR is not present in the Guix source. > * third_party/blink has some images under CC-BY-NC-SA-2.0 I cannot find these images: grepping for CC-BY-NC-SA or 'Creative Commons' did not aid. Did you record the absolute paths to these files? > * Google Toolbar is in there, with a non-free EULA My grep-fu is really failing me today. Where is this located? > Taking this and considering Guix's build process: The method of > building seems to involve downloading Chromium, then runnning > ungoogled-chromium over it, and then building. I'm not sure if any > other packages have their freedom problems fixed in this way but this, > just like build flags, should not be sufficient. Freedom problems > should not be hidden/removed after the fact by asking the user to run a > clean-up program after downloading the source, even if that has been > automated by the package manager. What is sent to the end user to > compile should itself be 100% free software and FSDG compliant from the > beginning. If not it still amounts to distributing non-free software to > the user when they want to, for example, do guix build -S chromium. As Leo says, `guix build --source` should never return nonfree software as a matter of policy. Ungoogled-Chromium is no different: running `guix build --source ungoogled-chromium` will run the pruning scripts and generate a sanitized tarball, or (more likely) transparently download an already-processed source from the build farm. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlxtZhsACgkQoqBt8qM6 VPqsOgf/SymCu2BiYdx8tadD4zwI1gkUYVznrflJYFeHTQuF6cx7vmMxL0HPyPTM gEQEm8q3EXdvHOpY/j5eW/KwSv5O5/ICwaHk36zvA3AVQTgzpXfvQNjjtxRT5rIq eSzVDEGtbsX1X+mZCeXsIv1qoJzAaOT0E9kV8qONEcYvdUh084GAGKyku+2kO452 yW+2iyKGbljWWwevx3IcDpP5Vuy8IctY224sXIH6p5LrEibEX2Cw/3PWohjse1j2 GOrVPAD39oggU4hIoHbXKYMYX/fDAHZlfFLW2mjS5cjEzOV9IZpld1rHS1w0W5i+ PEp+/7Vq8B/SvX/AxXV1zRLKljw60g== =AyoI -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Wed Feb 20 09:49:03 2019 Received: (at 34565) by debbugs.gnu.org; 20 Feb 2019 14:49:03 +0000 Received: from localhost ([127.0.0.1]:57297 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gwTBH-0001IO-AI for submit@debbugs.gnu.org; Wed, 20 Feb 2019 09:49:03 -0500 Received: from wout2-smtp.messagingengine.com ([64.147.123.25]:42691) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gwTBG-0001Hv-0S for 34565@debbugs.gnu.org; Wed, 20 Feb 2019 09:49:02 -0500 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.west.internal (Postfix) with ESMTP id 5703C3255; Wed, 20 Feb 2019 09:48:55 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute5.internal (MEProxy); Wed, 20 Feb 2019 09:48:55 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h= from:to:cc:subject:in-reply-to:references:date:message-id :mime-version:content-type; s=fm2; bh=t1agAVtylsoXEHQY7gho52B+5D 2WB3cw/41WeQbp/fo=; b=YfRi1d250BDSMTmLmlqHLnJsJz0rrBg9LI6INSlWnI Zy18CrTeFwnBsbv7/GkrP+l+IRUFOyF7xj79ZTsQExmaeY/t5NRvnKMFB61dqJIw xMGw32NfoTdGgCnhi7NtZdGhxCLmdsr+Uhrmv4ThUStKbkZ6xu8u9UAxN0GKXeXJ Xr6aRDGZ03YVvLic71D9YXa/z8+Es3lJvjjPR1lRjn7hhKI30aAbhni4Z4+5d6RG UWOsfgwUeGOayOQ6msrE0Bn4674ZUyPFybw4TuZd2Wc/IDvrIHsKaDjaBUE519Ex Je5LZJqXW8AE2EnVL6FF2SK2S8+AkrifS7rU389BL1GA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=t1agAV tylsoXEHQY7gho52B+5D2WB3cw/41WeQbp/fo=; b=S7+83SdVvlpiNLmx8Bpe0N vtt0Gm7lYGQZo1AusMfpNIfZvt1MHh2VdADU/Fmx0ZYLrsVs3WGzdl5VO1S3bTxw YUp1rgPvrWRRCTcrlGYMTqVBWO28QyIf0D3GBvKXMSgiuyYoM6jG/PuWgKkCTxxt 0e2ivjOwGo29T+YPUmdLu6PlYygDo289un1S8scJgvgTgcfme8DKiHr2yXf0R1lY 46ekMz4SvEf8BE1LphC7o/3SaeQ7Njrpw7kCTcSM01/UznLyy+5hOl02ObVFXmLW lqp13XZR6Xv/fzrTNvDGSb11g2cWVfWFs4ebMJ9zUvqHoWApg6qQjGwImULXvguA == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedutddrtdeigdeikeculddtuddrgedtledrtddtmd cutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfhuthen uceurghilhhouhhtmecufedttdenucenucfjughrpefhvffujghffgffkfggtgesghdtre ertdertdenucfhrhhomhepofgrrhhiuhhsuceurghkkhgvuceomhgsrghkkhgvsehfrghs thhmrghilhdrtghomheqnecukfhppeeivddrudeirddvvdeirddugedtnecurfgrrhgrmh epmhgrihhlfhhrohhmpehmsggrkhhkvgesfhgrshhtmhgrihhlrdgtohhmnecuvehluhhs thgvrhfuihiivgeptd X-ME-Proxy: Received: from localhost (140.226.16.62.customer.cdi.no [62.16.226.140]) by mail.messagingengine.com (Postfix) with ESMTPA id 1854DE4549; Wed, 20 Feb 2019 09:48:52 -0500 (EST) From: Marius Bakke To: Giovanni Biscuolo , Leo Famulari Subject: Re: bug#34565: ungoogled-chromium contains Widevine DRM In-Reply-To: <87imxe95mc.fsf@roquette.mug.biscuolo.net> References: <1550547897.31222.1.camel@jxself.org> <87imxe95mc.fsf@roquette.mug.biscuolo.net> User-Agent: Notmuch/0.28.2 (https://notmuchmail.org) Emacs/26.1 (x86_64-pc-linux-gnu) Date: Wed, 20 Feb 2019 15:48:51 +0100 Message-ID: <87sgwims6k.fsf@fastmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 34565 Cc: 34565@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --=-=-= Content-Type: text/plain Giovanni Biscuolo writes: > Hello, > > maybe Marius Bakke have something interesting to say about his > judgements on this "DRM matter" [...] > to sum it up: AFAIU for users to be able to use Widevine they must > create a custom package definition _outside_ official Guix channels > *and* download the shared object "libwidevinecdm.so" from Chromium, > installing it "manually" system wide or locally This analysis is correct. For DRM to work, the user has to build with "enable_widevine=true", and then somehow obtain 'libwidevinecdm.so' and make the browser use it. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlxtaNMACgkQoqBt8qM6 VPotoAgAwQNR32dh2V6rnTLfpdqzb4INoSKuM6Z2LLwqrFJDd0UZnS7EqBWduZ4A MBkRWvS/B2kN6v65x1rUT/2XN41vYzoEfTMEit5or8eH4XqnqFL7WkpeEVmjacVh Nwk16giGflLlVwahyIMgHDzaiasZUeoqB/lGLHA+669GVAywPQ48dsLuecTz+FRP KDaGGhSccTStHja6lDrDuG5LULPXbtZ+VKjV44lEFrC+mN697NujfT3UaJCLLJ+I QmPgEObPiK8PCBYdRYdXMuJNnAw0K6zU0x7hdvGXpX7g0LG3gkYygshMHzyHZIBe dQqv7TfA/5N9J+KaySHqLMFZtahrJA== =DLQ4 -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Wed Feb 20 11:19:04 2019 Received: (at 34565) by debbugs.gnu.org; 20 Feb 2019 16:19:04 +0000 Received: from localhost ([127.0.0.1]:58353 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gwUaO-0005hb-6s for submit@debbugs.gnu.org; Wed, 20 Feb 2019 11:19:04 -0500 Received: from lepiller.eu ([89.234.186.109]:51402) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gwUaM-0005h9-2t for 34565@debbugs.gnu.org; Wed, 20 Feb 2019 11:19:02 -0500 Received: from webmail.lepiller.eu (static-176-182-42-79.ncc.abo.bbox.fr [176.182.42.79]) by lepiller.eu (OpenSMTPD) with ESMTPSA id 873aeaff (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); Wed, 20 Feb 2019 16:18:57 +0000 (UTC) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Date: Wed, 20 Feb 2019 17:18:56 +0100 From: Julien Lepiller To: Jason Self Subject: Re: bug#34565: ungoogled-chromium contains Widevine DRM In-Reply-To: <1550667811.25277.1.camel@jxself.org> References: <1550547897.31222.1.camel@jxself.org> <20190219070601.GA8273@jasmine.lan> <1550582906.5431.7.camel@jxself.org> <20190219144342.GA2688@jasmine.lan> <1550623152.12316.5.camel@jxself.org> <1550625137.14138.3.camel@jxself.org> <1550625587.14780.2.camel@jxself.org> <1550667811.25277.1.camel@jxself.org> Message-ID: X-Sender: julien@lepiller.eu User-Agent: Roundcube Webmail/1.3.8 X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 34565 Cc: 34565@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Le 2019-02-20 14:03, Jason Self a écrit : > Jason Self wrote: >> I should probably add on that this position comes from my interaction >> with the FSF in 2010: When LibreWRT was founded in 2010 (before it >> later merged into libreCMC) we submitted a similar question to the >> FSF,as to if it was sufficient for the LibreWRT build scripts (which >> would be run by the person building the firmware image from source >> and would have completely automated, just like how someone might >> instruct Guix to build from source) to download Linux and then run >> the Linux-libre deblobbing scripts on it vs having the build scripts >> instead download tarballs that were already cleaned up. I can't seem >> to find the email from back then but the response was that we needed >> to use already cleaned-up tarballs, not ask the user to clean up the >> software afterward even if automated. So that was what we did. Guix >> should do something similar. > > I haven't been able to find this conversation in my email. As it seems > to be directly relevant to Guix, since it seems to also be the exact > same method they use, I have emailed the FSF asking if they can locate > this in their ticketing system and to re-send the conversation to me. > More to come. I think the situation is different though. You can see the build script inside the "origin" record as the liberation procedure that anyone can see and verify. It's also a procedure targeted at our build farms, so that they can produce the liberated source code. Users never manipulate non-free source code, unless something is wrong on the build farm side. Essentially, users only download the liberated sources, and build the package from that, or they download the sources from the build farm and build the package from that. The source they download is the one that `guix build -S foo` gives you, and the semantics is "give me the sources to build foo", not "build the sources of foo". I think that this way is more transparent, since we can independently, altough with tooling not provided by guix, check and re-run the liberation procedure that is documented as part of the guix package recipe. This is much better than trusting someone to have actually run the right liberation procedure as you can examine both the result and the procedure itself. I hope this is clearer now :) Well, I'm still interested by that discussion on libreWRT. From debbugs-submit-bounces@debbugs.gnu.org Wed Feb 20 15:16:19 2019 Received: (at 34565) by debbugs.gnu.org; 20 Feb 2019 20:16:19 +0000 Received: from localhost ([127.0.0.1]:58578 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gwYHz-0003Cf-B3 for submit@debbugs.gnu.org; Wed, 20 Feb 2019 15:16:19 -0500 Received: from relay8-d.mail.gandi.net ([217.70.183.201]:56345) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gwYHu-0003CT-QX for 34565@debbugs.gnu.org; Wed, 20 Feb 2019 15:16:15 -0500 X-Originating-IP: 187.181.183.29 Received: from [192.168.1.100] (unknown [187.181.183.29]) (Authenticated sender: adfeno@hyperbola.info) by relay8-d.mail.gandi.net (Postfix) with ESMTPSA id 0BD171BF207; Wed, 20 Feb 2019 20:16:11 +0000 (UTC) Subject: Re: bug#34565: ungoogled-chromium contains Widevine DRM To: 34565@debbugs.gnu.org References: <1550547897.31222.1.camel@jxself.org> <20190219070601.GA8273@jasmine.lan> <1550582906.5431.7.camel@jxself.org> <20190219144342.GA2688@jasmine.lan> <1550623152.12316.5.camel@jxself.org> <1550625137.14138.3.camel@jxself.org> <1550625587.14780.2.camel@jxself.org> <1550667811.25277.1.camel@jxself.org> From: Adonay Felipe Nogueira Openpgp: preference=signencrypt Autocrypt: addr=adfeno@hyperbola.info; prefer-encrypt=mutual; keydata= xsPuBFSdo9IRDACmvQCvDZOHZ33gwVtn//XtEmnlcl1yR6j06qvh2E22aK3bmom1y6HfgAVq l+3R16sL27Y0cEeM12Xl2h1HrFiT3Hd/LGWNVC/osPAKrrs6bMRh3uUdOVWeVuM/7c6n5hvx PAkZ6s70w1+y1ilG19aEpezFybAb9oE7+qBLjKAZPgceHeOxUthdfqDDqc/oenCGVEQNvPzK jQVzE+NnB3KdbGNQKFjTuWutxHjMY61H06a824vMd4SU5ReHlDnhCfasJUYcT6ykijf5xeCU icLvLowZl3rCjzjxFxKGnfh/vT6LqMNlfLfTKMR8zmXKHXC+KJjQG3Ohl++7BTGxIrxZtAr6 MKeNczQng0xJtGI/gSus+8Rt9GycMJ/TZh+CrMsRiWmleONsl2fYO5pd4P+hDcttVOmdI/dj H3yycUt5nzgezid+O2NzsjJNNAgDy9uxOLa01aBpaSR94IsYPCxaHh9rBo27v5L8lm2DZTmy CdTdJ/g7OETOSKGmrGywwmsBAO9f4sVideYrDJbEUcXkFSH19ctJYCgLHscWzpypGsQNC/9X iq7fMCS5kAkK/ZcsPeaI4VIDkFJAF22oJyCvJwLWpaQKXBLAFYcAltEHfjdgrrYlexlgQ7SX yX136hD8HJTe1oc2qHN/CXa+LDvxhhNLIgagKP13IIt8AS7U+3YsrCSgu1fjDpxoEP2+xXTS jjcDmnJIWv1oDjIp57OfpKokvHtEsMgXrZI4Ft3ftpzN6o/YWVQeJ7VBdVeKPkzukMfHu04q 1O6TcfSVGLSjrSdTD8/0LcRmwEwgxRBbhp3kxmnUqV+/C/Cj1G2LurKBdqC/rGTSgR1TeQji rTDvV4aReZ8swQS8dGoO4CoxG3ZVz0nsLs7Nl/wRoIMXVo/yMd03LIySSJuATWD6+0LOL5PT gsIRYpBw3jcLTAwPsQd8M8CH9b07qGJ4roVkhEj3R09WeDmSSCLcyQERTzA3EskuaDF8qrRj q68/6kZwhsmssBzAH1PWnFpBAqEaoyQZUisoCffbQwM31oYt04Ng7JXqKHVE+ZchcujtijK5 bPz9ARgL/11E5yq9Z9x+OIxVx1lhMadwH/ze2CrTUIMTo9ZAp8tBqDvXOr43FHPTYio0wycl /anW2D6+4Q49/gK8GQS4xWo/jZnCjOaVIPRbH+y/HE4eXBwKA9UKHpYdZuL2z1zFLYvZd/LT rX66q/+8YMETsu86e4J76lE0WhljWdseM4RFmKlPepSttgCS6iRcWZeuhpknqpOILBwNUtFA Dnqbe9y5ZQ8xETy4/nDMIeWmiHIhQ5bzm+dzOVwtqOpDpTvMzZbU3buBCsZFVrzxuXa66sJu W3fhc//cJ6GTlKz404tAuJrVr9q+uB4OOlkjoUYOIYnwwmKhZaqaUQDTpvK67QhWCZiDHJ/J bvuMCv/XCVh/1IdTbe518jVzfcYjlyxcSHFq8TxiGhJYaBFF4vPC9+vf7l2fQVhDzzpBqMVH 5k9nGJXJ9M0mDO9e8O4CkV55YXzVQFVipiaGyd9DBKcWHAyprxj20MBkP0npXfGErkADCUEp 1MpKt0p3U3BJkoi2Ms0uQWRvbmF5IEZlbGlwZSBOb2d1ZWlyYSA8YWRmZW5vQGh5cGVyYm9s YS5pbmZvPsJ6BBMRCAAiBQJZkFYUAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRDI 1uFSAe6docKxAQCAKQxT1MlVJyXdFC7sGFH00jlHeybp6qgOVfJvpqLPGgD+ITwpdjy3RD2c kuENzAKzvom8pnDrNW+oIIIYUaE5gMTOw00EVJ2j0hAQAPcu3bLnt0CqcF49mN0m7z13Fiqv wLRxJe2sEeduZl146rqyNdv4XmaCSdsbgThfw7sW60/J4Gyianv2uzm9E4DpnSh/Ie4LGqXC UALnIYhxeILOo8CvFW1hkF/AgZp0CNoXrP786Nh0rksHfwps0B7b6Vy/E0blioaijvUS2z3/ DKY6CXb7D8wRi64qTMarLaifRzIR/pbX29uBB2McOeoswSFob/McMA7AHp3p+lttR5J8eLc3 Ckj7OuJCY74XIAGq2B64RPmn617BD9ym83M3fcbEXgDBQtvLjznfKNzeMXOLXN/7/qKm1Sza 5NpeAGDg0YvXg6qIi0iyJw4RVzdCiqacO+G3Am/Ge2XDKsuBgsEf1YjlENINGS/ZmqfZd0sH jCJHb/YOlEzVw8HVMzeES8aUOBDh+d2aWhYx30jXuFbMqvuOh4t7JZjBy8TQVuvVhIps0Qyu /YnNxKzZ2F9keaN854KRtcGxaD/wOGpgoAOlyhH+pXVTTl3GCMCHonJ6Sn+jNGa6+oX7HF8h wSevwzQ11WThTPmUTlPU96jN5kqE6qLKBo2msu2MxVQRo1kLlHCRfjvbNGf2iZXRKI+RARgv a+7NZPtYDs1Sg/zw7HgUowImT6JGcN0ZgAMqw/V2nALvW+Caq03GCNiWR2elB/jmhHR+3Brj 18fsc25HAAMFEADViuPfdUqFHzmKgVdRH5A8NIZNTT/MMrYCqv5PAkEhnsXLXeHHV7a0cbfx 3yf86Pv8XMtBItShUVQ9UPVvmFW3ew5cqCCUF5MzrbOXrrso+78yflYjbh55Sf1HelG11eBT xs2auCgMWVsxRjgk9sbzh0j+R9MCMXHw0H/x63BS+due6Z0PYlsgXxbtWxB0P7kiYekXn6xo MeJco9CbWufnWdK4J5WylILQPNwI8uwrj56TUmh3PFnC2UmUa+KQ9m5gWHOIybWYZf4TTXBi N6gvhUqN9IpGFaNG26sWWiOpEWAiVTwPE/lSB+yibouSfE3XLw1Q+FH7TqwmtVS6Kj+yC4Z7 GlDcmqlQxJhBdXTEpTk0rA1Bs4okjqVoQRpLPYUFkhVA15jJGrewUJuUhL128gL2Ek0A14FW +zmi0Wi3tIrUQXovGy7eorIgq7M3/ri0ibbrS5jE4yfIZG/8nb1S/RX5JEwEaoe7izi+1GIi GkCRkzGT3VqG78ppH2166Bq9qDwGf3T/CmLMDNpxsc1qt857nz7RFBMM+dNs5h/Bh0t++i01 JJd/ykqdfUL8nHRwDO1Fkz/R5wugeJ/dB0TcqpnArjtTc+KVN/lRYfltEc5j0DqvFRwk3Ztd 5KocWrWD/MBAvZVYKzJ9Bov9FGRUIGDDTJyo5VVCSe1IeSYa9sJhBBgRCgAJBQJUnaPSAhsM AAoJEMjW4VIB7p2h7ewBAMBCaE8lh2MyK8PBZ2rOSEYIQNjxADPt9Mri7CLnZxtPAQCwCO+a x4WXJV0T1ZOOFa/esCB72RkEVZ7ArkTKQDnVng== Message-ID: Date: Wed, 20 Feb 2019 17:15:15 -0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Icedove/52.9.1 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="fo4N6xMxY23BiGZjd2VfApmWyfvYLYmBK" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 34565 Cc: Jason Self X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --fo4N6xMxY23BiGZjd2VfApmWyfvYLYmBK Content-Type: multipart/mixed; boundary="WhmOiffMcXX1dadplzfTZATpPXP5566sS"; protected-headers="v1" From: Adonay Felipe Nogueira To: 34565@debbugs.gnu.org Cc: Jason Self Message-ID: Subject: Re: bug#34565: ungoogled-chromium contains Widevine DRM References: <1550547897.31222.1.camel@jxself.org> <20190219070601.GA8273@jasmine.lan> <1550582906.5431.7.camel@jxself.org> <20190219144342.GA2688@jasmine.lan> <1550623152.12316.5.camel@jxself.org> <1550625137.14138.3.camel@jxself.org> <1550625587.14780.2.camel@jxself.org> <1550667811.25277.1.camel@jxself.org> In-Reply-To: --WhmOiffMcXX1dadplzfTZATpPXP5566sS Content-Type: text/plain; charset=utf-8 Content-Language: pt-BR Content-Transfer-Encoding: quoted-printable Em 20/02/2019 13:18, Julien Lepiller escreveu: > I think the situation is different though. You can see the build script= > inside the "origin" record as the liberation procedure that anyone can > see and verify. It's also a procedure targeted at our build farms, so > that they can produce the liberated source code. Users never manipulate= > non-free source code, unless something is wrong on the build farm side.= I'm not taking any sides here, but to give some more information, if for example you do `guix edit ungoogled-chromium' you will be presented to the package definition of Ungoogled-Chromium, taking that as an example you can see that it has a "source (origin ...) ...)" definition, inside the inner part (the "origin") you have: * the upstream download location and method, see (method ...), (uri ...) and (sha256 ...); * patches that should be applied immediatelly after downloading and extracting the source files, per (patches ...); * snippets and modules to be used with these, also to be applied immediatelly after downloading and extracting the source files, as seen in (snippet ...) and (modules ...). When `guix build -S ungoogled-chromium' is done, first it checks the build farms for the "prepared" source that matches the given package definition, version, hash and so on; and lastly it tries to "prepare" the source according to (patches ...) and (snippet ...) declarations before even telling the user that the download is ready/done. Having the (origin ...) visible in this way brings the advantages that the people of Guix told about here, but as far as I can tell, the user also sees the original location of the non-free source from upstream if they do `guix edit ungoogled-chromium'. --=20 - P=C3=A1gina com formas de contato: https://libreplanet.org/wiki/User:Adfeno#vCard - Ativista do software livre (n=C3=A3o confundir com o gratuito). Avaliad= or da liberdade de software e de sites. - P=C3=A1gina com lista de contribui=C3=A7=C3=B5es: https://libreplanet.org/wiki/User:Adfeno#Contribs - Para uso em escrit=C3=B3rios e trabalhos, favor enviar arquivos do padr= =C3=A3o internacional OpenDocument/ODF 1.2 (ISO/IEC 26300-1:2015 e correlatos). S=C3=A3o os .odt/.ods/.odp/odg. O LibreOffice =C3=A9 a su=C3= =ADte de escrit=C3=B3rio recomendada para editar tais arquivos. - Para outros formatos de arquivos, veja: https://libreplanet.org/wiki/User:Adfeno#Arquivos - Gosta do meu trabalho? Contrate-me ou doe algo para mim! https://libreplanet.org/wiki/User:Adfeno#Suporte - Use comunica=C3=A7=C3=B5es sociais federadas padronizadas, onde o "soci= al" permanece independente do fornecedor. #DeleteWhatsApp. Use #XMPP (https://libreplanet.org/wiki/XMPP.pt), #DeleteFacebook #DeleteInstagram #DeleteTwitter #DeleteYouTube. Use #ActivityPub via #Mastodon (https://joinmastodon.org/). - #DeleteNetflix #CancelNetflix. Evite #DRM: https://www.defectivebydesign.org/ --WhmOiffMcXX1dadplzfTZATpPXP5566sS-- --fo4N6xMxY23BiGZjd2VfApmWyfvYLYmBK Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iF4EAREIAAYFAlxttV4ACgkQyNbhUgHunaHNVwEA41S4hXRwXV64gR+YMLqtJdwt L3X1++Sj49YqiYJBGIwBAJH3LRRFBKPIszF460JesVZxb8zomm/yGCUjZ3GXCSTB =TSBl -----END PGP SIGNATURE----- --fo4N6xMxY23BiGZjd2VfApmWyfvYLYmBK-- From debbugs-submit-bounces@debbugs.gnu.org Wed Feb 20 16:50:29 2019 Received: (at 34565) by debbugs.gnu.org; 20 Feb 2019 21:50:29 +0000 Received: from localhost ([127.0.0.1]:58698 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gwZl7-0007mz-EU for submit@debbugs.gnu.org; Wed, 20 Feb 2019 16:50:29 -0500 Received: from sender-of-o51.zoho.com ([135.84.80.216]:21144) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gwZl5-0007mo-5J for 34565@debbugs.gnu.org; Wed, 20 Feb 2019 16:50:27 -0500 ARC-Seal: i=1; a=rsa-sha256; t=1550699400; cv=none; d=zoho.com; s=zohoarc; b=OZSbNC4i0jjWg88HALE9MktIehrqC1cfIG/3ebvZbAn7DSwYzlk6Pn4MyQzFEjV7q30qrWyPsDOtZ/XYMx/yM7n38x5MufhuxxbBbGP6ctL4k77IrC6hxhY6NiwDKdWB8FjoL4IM9IyhO+PGH2MIcSYTlOc1xyph1YI/WMqcqME= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1550699400; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To:ARC-Authentication-Results; bh=IqaA9y9b22gkq4OcMexJ7Uq/2ieIPNxR+ku+DFvcOfc=; b=ogyEAnnbzpBRMQ43PoaR++0XCU9EYuCHBwd5XS4tGokrB9wmbRpprOmFwEoVCRQ824LKnRnoQcnXqu+KOJMVzurPWCEHmLXs7213Ru0wcDFRAc4qBbfESnsNHO6mjgmqzp7kQUEMqQuVmTYFv3+erv7gku0hmL4N47BEG5t/SzQ= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass header.i=elephly.net; spf=pass smtp.mailfrom=rekado@elephly.net; dmarc=pass header.from= header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1550699400; s=zoho; d=elephly.net; i=rekado@elephly.net; h=References:From:To:Cc:Subject:In-reply-to:Date:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding; l=948; bh=IqaA9y9b22gkq4OcMexJ7Uq/2ieIPNxR+ku+DFvcOfc=; b=YJLkMIWNzP1ldcwN3mKz530gfKZtuCizn6MZyQsKqMIDGFah61I+TgBBPAJj8EI+ P0POmxDhDFkc1Gy776DBcSqvXBhYlqgbMzp95h3h3a8hYPrDYAEIxx741ohCrTxqACh T8dxqyDTTxBpMIWVrbRmKhRwVvROQ5ezPGtfEKJs= Received: from localhost (p54AD468B.dip0.t-ipconnect.de [84.173.70.139]) by mx.zohomail.com with SMTPS id 1550699398006736.9641772771565; Wed, 20 Feb 2019 13:49:58 -0800 (PST) References: <1550547897.31222.1.camel@jxself.org> <20190219070601.GA8273@jasmine.lan> <1550582906.5431.7.camel@jxself.org> <20190219144342.GA2688@jasmine.lan> <1550623152.12316.5.camel@jxself.org> <1550625137.14138.3.camel@jxself.org> <1550625587.14780.2.camel@jxself.org> <1550667811.25277.1.camel@jxself.org> User-agent: mu4e 1.0; emacs 26.1 From: Ricardo Wurmus To: Adonay Felipe Nogueira Subject: Re: bug#34565: ungoogled-chromium contains Widevine DRM In-reply-to: X-URL: https://elephly.net X-PGP-Key: https://elephly.net/rekado.pubkey X-PGP-Fingerprint: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC Date: Wed, 20 Feb 2019 22:49:54 +0100 Message-ID: <87zhqq3zb1.fsf@elephly.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-ZohoMailClient: External X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 34565 Cc: 34565@debbugs.gnu.org, Jason Self X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Adonay Felipe Nogueira writes: > Em 20/02/2019 13:18, Julien Lepiller escreveu: >> I think the situation is different though. You can see the build script >> inside the "origin" record as the liberation procedure that anyone can >> see and verify. It's also a procedure targeted at our build farms, so >> that they can produce the liberated source code. Users never manipulate >> non-free source code, unless something is wrong on the build farm side. > > I'm not taking any sides here, but to give some more information [=E2=80= =A6] I would appreciate it if this discussion could be moved elsewhere. This is about whether the package in Guix contains =E2=80=9CWidevine DRM=E2=80= =9D. As far as I understand it does not (as a third-party binary needs to be obtained). If it does after all contain objectionable files please point them out so that we can remove them ASAP. Thanks! -- Ricardo From debbugs-submit-bounces@debbugs.gnu.org Wed Feb 20 21:19:40 2019 Received: (at 34565) by debbugs.gnu.org; 21 Feb 2019 02:19:40 +0000 Received: from localhost ([127.0.0.1]:58831 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gwdxb-0007pU-OK for submit@debbugs.gnu.org; Wed, 20 Feb 2019 21:19:39 -0500 Received: from bluehome.net ([96.66.250.149]:48020) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gwdxW-0007pI-Lr for 34565@debbugs.gnu.org; Wed, 20 Feb 2019 21:19:35 -0500 Received: from pc.lan (pc.lan [10.0.0.51]) by bluehome.net (Postfix) with ESMTPSA id 3F23E4B40655 for <34565@debbugs.gnu.org>; Wed, 20 Feb 2019 18:19:31 -0800 (PST) Message-ID: <1550715570.3891.5.camel@jxself.org> Subject: Re: bug#34565: ungoogled-chromium contains Widevine DRM From: Jason Self To: 34565@debbugs.gnu.org Date: Wed, 20 Feb 2019 18:19:30 -0800 In-Reply-To: <87zhqq3zb1.fsf@elephly.net> References: <1550547897.31222.1.camel@jxself.org> <20190219070601.GA8273@jasmine.lan> <1550582906.5431.7.camel@jxself.org> <20190219144342.GA2688@jasmine.lan> <1550623152.12316.5.camel@jxself.org> <1550625137.14138.3.camel@jxself.org> <1550625587.14780.2.camel@jxself.org> <1550667811.25277.1.camel@jxself.org> <87zhqq3zb1.fsf@elephly.net> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-R4ZKrt/heJU/vNUbolKK" X-Mailer: Evolution 3.18.5.2-0ubuntu3.2 Mime-Version: 1.0 X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 34565 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-R4ZKrt/heJU/vNUbolKK Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Wed, 2019-02-20 at 22:49 +0100, Ricardo Wurmus wrote: > If it does after all contain objectionable files please point them > out so that we can remove them ASAP. That was done earlier in the thread. It might also be interesting to try building with enable_widevine=3Dtrue. In the context of the FSDG's "a free system distribution must not contain browsers that implement EME, the browser functionality designed to load DRM modules", I wonder if the browser would still be considered as "implementing" the "functionality ... to load DRM modules" from the FSF's viewpoint since it's only a build flag and the support for loading the module (even if not provided by Guix since it's non-free) seems otherwise intact. --=-R4ZKrt/heJU/vNUbolKK Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iQIcBAABCgAGBQJcbgqzAAoJEJ0NsxtUWjGYhi4P/1pB19ZHhMp5Z/C6OuvKUlT/ foJ+vuUbltzazI6FPxwnu1VNC5pyMcDVNFd6KzzwwgGlQrEj2FOs/jkjRR2YjEfV Oit2SyX9O0Vt5SH5S04ejquxKXLRrose7s7qO7yi84kOMfA8v7bUVM7SPdyBG4zP GXToTodOeNVgr0HMhst3AVC9ul0YqeF56Od0EwjiTitDam0hHycKy2w9rgz0sScf A3v1HpMzXrepXfROcwlblxHiF5Nsy4zSGiJ5MOK/UCQFz7SZLY2RINFnZHPrR2mu njj71qQRSlXWY9ebBC0MoE/gOh9FWXgJTWWyuRVb/x+D9/NfDIlCIzp2Ztr3GUth axArY0T8HRzh132a2sWtLnObxe1/dsjhmzm1TRhzMm7fYJkrwo+vOWUenryOHexA kkXvrPhH4/PAIdUSZKqtoX3+FSkBzgizatylMdHuLWIKSR/BQeAetpiCTn5pj1ty eTqNdycrdYwE+s4jSttUyO82ZEVkprZY9C9G4AxVUSmoZ5B3icjISXQVJdxdP2vG jiofpqfkHoq0Moc3UkvFhF6ebItgd1TqsjW7gA+/m6i30e4UdDAg933I9eiQ5Gwj lfGXhd+IIV6qLhXpjokGqVY+awaeRBkIuUtzY6QrgWCWuZ5Cgn7OVOntAGGKaebx 3MXPuzTXMU1rrA5sn4qL =l8JR -----END PGP SIGNATURE----- --=-R4ZKrt/heJU/vNUbolKK-- From debbugs-submit-bounces@debbugs.gnu.org Wed Feb 20 21:43:22 2019 Received: (at 34565) by debbugs.gnu.org; 21 Feb 2019 02:43:22 +0000 Received: from localhost ([127.0.0.1]:58863 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gweKX-0008SH-NP for submit@debbugs.gnu.org; Wed, 20 Feb 2019 21:43:22 -0500 Received: from bluehome.net ([96.66.250.149]:48028) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gweKU-0008S8-P7 for 34565@debbugs.gnu.org; Wed, 20 Feb 2019 21:43:20 -0500 Received: from pc.lan (pc.lan [10.0.0.51]) by bluehome.net (Postfix) with ESMTPSA id 64FA24B40248 for <34565@debbugs.gnu.org>; Wed, 20 Feb 2019 18:43:17 -0800 (PST) Message-ID: <1550716997.3891.12.camel@jxself.org> Subject: Re: bug#34565: ungoogled-chromium contains Widevine DRM From: Jason Self To: 34565@debbugs.gnu.org Date: Wed, 20 Feb 2019 18:43:17 -0800 In-Reply-To: <87wolumspw.fsf@fastmail.com> References: <1550547897.31222.1.camel@jxself.org> <20190219070601.GA8273@jasmine.lan> <1550582906.5431.7.camel@jxself.org> <20190219144342.GA2688@jasmine.lan> <1550623152.12316.5.camel@jxself.org> <1550625137.14138.3.camel@jxself.org> <87wolumspw.fsf@fastmail.com> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-Evc5CrmascxenIzAzZQD" X-Mailer: Evolution 3.18.5.2-0ubuntu3.2 Mime-Version: 1.0 X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 34565 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-Evc5CrmascxenIzAzZQD Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Marius Bakke wrote: > not present in the Guix source. Please keep in mind I was discussing upstream Chromium in that piece. It's also not an exhaustive list. > I cannot find these images: grepping for CC-BY-NC-SA or 'Creative > Commons' did not aid.=C2=A0=C2=A0Did you record the absolute paths to the= se > files? Of course - FOSSology records everything as it recursively unpacks and searches files, metadata of files, etc.=C2=A0 1. third_party/blink/web_tests/fast/backgrounds/size/resources/SquirrelFis h.svg has within it: http://www.flickr.com/photos/goopymart/; / CC BY-NC-SA 2.0 2. chrome/test/data/extensions/api_test/wallpaper_manager/test_bad.jpg contains: xmpRights:WebStatement=3D"http://creativecommons.org/licenses/by-nc-sa/2. 0/ 3. chrome/test/data/extensions/test.jpg contains within it: http://creativecommons.org/licenses/by-nc-sa/2.0/ 4. chrome/test/data/extensions/api_test/wallpaper/test.jpg Identified by FOSSology as being identical to file 3. 5. chrome/test/data/extensions/api_test/wallpaper_manager/test.jpg contains within it: http://creativecommons.org/licenses/by-nc-sa/2.0/ > My grep-fu is really failing me today.=C2=A0=C2=A0Where is this located? chrome/test/data/import/firefox/macwin.zip/Profiles/brn6z0fz.default/ex tensions/{3112ca9c-de6d-4884-a869-9855de68056c}/chrome/google- toolbar.jar chrome/test/data/import/firefox/macwin.zip/Profiles/brn6z0fz.default/ex tensions/{3112ca9c-de6d-4884-a869-9855de68056c}/LICENSE.txt Keep in mind this was not an exhaustive report of all of upstream Chromium 73.0.3683.45 and there is much left out. They were intended only as examples to show freedom problems within Chromium itself. As for the rest I guess we'll need to wait on a response from the FSF since I seem to be receving pushback myself. --=-Evc5CrmascxenIzAzZQD Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iQIcBAABCgAGBQJcbhBFAAoJEJ0NsxtUWjGYjtAP/3tqhVnUuT0mv9mANEm7RBWk 8RupJmjA+LQkxoao7QDM55DcbzZL2zvlHnnvyjnoJnMyq2xwqliQ4JmBq3fJGn3T Zw1mDnvHRmfFEFDv0yOXG1MyYLVBmr3vyBrCjOsCRnuh8BPTpA8F4WYvY3CcYnLU jHKoUDYd7PTLffGxHYftVJbujX9tZPo2M7/6X90uVWYcLzC1W+dVRabPBlkR8Zvx I/b6HrMIhU618zeWgUvkdhP8+UrmHlaoaFefeXkH8VThHQKuaiP8Us6aw1ohxsha lyURXL9gXKGXDFjVrgsJQ/+ObfKIuijAwXN7d9g3FOzKp5fFnR73+SDt7y8sdMoh S7jgpXQWKqzKscTJGlKGIdX1impVHvmxq9vmrMAnaQuQVt5UWlKn2y5tQ3bnaEpy 83ZK/IbopnE4EZ87eEq1uS+ThK/EvKfEjIY1RYjAkw/rrJI4vAj1aqCU9KuMkKD4 x7dRtjY4gtiKXhH2qpf6edKC43V/T+8g8XfX3zM3YykWHZHkw8FOnDZoLHzN7xFx Qze7G7gtcjz+BzHnbb8WaACeCKGsJHEVPmjXsDMm9fDzE4HsM38fc9mGcp/OiSPF je2897jfYbKYmijt1qaVuEOJM882nzHjQsIxuTkMCNZAUFchVK9A1B0sQrZlIMfj dTjGDMmzojRO9x0LVWG6 =ezW/ -----END PGP SIGNATURE----- --=-Evc5CrmascxenIzAzZQD-- From debbugs-submit-bounces@debbugs.gnu.org Thu Feb 21 02:51:14 2019 Received: (at 34565) by debbugs.gnu.org; 21 Feb 2019 07:51:15 +0000 Received: from localhost ([127.0.0.1]:58924 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gwj8U-0007ea-Gb for submit@debbugs.gnu.org; Thu, 21 Feb 2019 02:51:14 -0500 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:46447) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gwj8S-0007eM-3P for 34565@debbugs.gnu.org; Thu, 21 Feb 2019 02:51:12 -0500 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id C623F2207E; Thu, 21 Feb 2019 02:51:06 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute5.internal (MEProxy); Thu, 21 Feb 2019 02:51:06 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h= from:to:subject:in-reply-to:references:date:message-id :mime-version:content-type; s=fm2; bh=ohcMOK7XN90lweidz/381BH9qX 9hgUbb4Z7nTWxsDlY=; b=eW+dV1jJM063bo07ZdSY2gNuC2znySGIagbhksyuYj eRwWRlOFqhvJO7I0DeGNA/me92e5+06NliUcwzg02JhpJkKVKrli9SFNM+Qt86Eo mftEPVibBLL9cPXs2S95PVBi94AxML0qbBrpqyGYAwFMb1UjjDAAZcAkfaM1TIwV SFFCTY866c8+ghe8CBU02G/MCYtIrMCjE3yRpiJznaev67CLmZ5WsFG/MaeDUeLn FVsuVkWGwm0aD58Ez3qRd4UtB/x3iH601pr7zYbipLqtuITCLvGnDrGEAz0gcS83 axMapSxelU9i+JtG931dC17Efezp+XnVJu9n9RDP5coQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=ohcMOK 7XN90lweidz/381BH9qX9hgUbb4Z7nTWxsDlY=; b=vD5Uk4831CQ2bD8lf0R9ZZ NNlLi4vlidjoZBpSGf+JIQDti4TFPTa+4Jprh7ljoxVUDSdPP1gHi4/qhsJWuxDL qhDeSl+f8wlsKtcjfmD3GnXzFegVcx/wq1Oxy5Orf1DwkcbC2+mJRQi9l9Me1TAb CN0gyUBHmqhCXSgaZPuaoDJegzBw40a5i0HZO5ATZGuFQD5w7kv6ZHV0qph4MEKc fMFETd636WeOiqIw5B+m8MjxbvaQHlkPb73BdrdXVN5U7hwfWv0X8q6UKGz7+csr Z8cIOXIT6jlMm7F3N7SjCPWDpr4HcHw8VcNMQMKauyxJP9bc7gpp/RDmGKtXFU0w == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedutddrtdejgdduudefucdltddurdegtdelrddttd dmucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfquhht necuuegrihhlohhuthemuceftddtnecunecujfgurhephffvufgjfhgffffkgggtsehgtd erredtreejnecuhfhrohhmpeforghrihhushcuuegrkhhkvgcuoehmsggrkhhkvgesfhgr shhtmhgrihhlrdgtohhmqeenucfkphepiedvrdduiedrvddviedrudegtdenucfrrghrrg hmpehmrghilhhfrhhomhepmhgsrghkkhgvsehfrghsthhmrghilhdrtghomhenucevlhhu shhtvghrufhiiigvpedt X-ME-Proxy: Received: from localhost (140.226.16.62.customer.cdi.no [62.16.226.140]) by mail.messagingengine.com (Postfix) with ESMTPA id B8C04E4339; Thu, 21 Feb 2019 02:51:05 -0500 (EST) From: Marius Bakke To: Jason Self , 34565@debbugs.gnu.org Subject: Re: bug#34565: ungoogled-chromium contains Widevine DRM In-Reply-To: <1550716997.3891.12.camel@jxself.org> References: <1550547897.31222.1.camel@jxself.org> <20190219070601.GA8273@jasmine.lan> <1550582906.5431.7.camel@jxself.org> <20190219144342.GA2688@jasmine.lan> <1550623152.12316.5.camel@jxself.org> <1550625137.14138.3.camel@jxself.org> <87wolumspw.fsf@fastmail.com> <1550716997.3891.12.camel@jxself.org> User-Agent: Notmuch/0.28.2 (https://notmuchmail.org) Emacs/26.1 (x86_64-pc-linux-gnu) Date: Thu, 21 Feb 2019 08:51:04 +0100 Message-ID: <877edtmvfb.fsf@fastmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 34565 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Jason Self writes: > Marius Bakke wrote: >> not present in the Guix source. > > Please keep in mind I was discussing upstream Chromium in that piece. > It's also not an exhaustive list. I don't think upstream Chromium is relevant to this discussion. >> I cannot find these images: grepping for CC-BY-NC-SA or 'Creative >> Commons' did not aid.=C2=A0=C2=A0Did you record the absolute paths to th= ese >> files? > > Of course - FOSSology records everything as it recursively unpacks and > searches files, metadata of files, etc.=C2=A0 I was not aware of FOSSology, and admit that I have not checked file metadata. It would be great to have this tool in Guix! None of the reported files are present in the Guix source. I believe they are all scrubbed by the Ungoogled binary pruning script. I really appreciate your effort here, but please only use this bug tracker for problems that affect the Guix package. Thanks! --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlxuWGgACgkQoqBt8qM6 VPo+Jgf/Sy7SS9Pl+GpZ0AJ+WEueR6dO/eVtv37l45cgppEmpMDrEg+FWoxwVcvF NSdIXbDdkTkncFQU0PiTB0+2s4DqaoWrnofoKn0CDYsyOy5pmbBupZJP2Z5J9UbX moTT/3VYzpP1xtKi1FhgFdSvxDk8X8NXagGl0ZeUSeQMdDJJiPlsuCq/d5SkP6LW AA5hoAtLImRdtMcp3Btr20a+SBtgEBWNM8A0IX+lW3bHBlC3Qw0DaVWLRPMmAwL0 xY5IikT5Jv+knd/zb3iJ8kydMUHOI0Y2bEA/GPMywucuRFCXyiSBm2aisp/W7etN wnvD32ZrLVqfsthypYjtLh0B7wYs1Q== =T/h/ -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Sat Oct 12 07:14:27 2019 Received: (at 34565) by debbugs.gnu.org; 12 Oct 2019 11:14:28 +0000 Received: from localhost ([127.0.0.1]:60787 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iJFLv-0006cx-LA for submit@debbugs.gnu.org; Sat, 12 Oct 2019 07:14:27 -0400 Received: from aibo.runbox.com ([91.220.196.211]:52088) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iJFLt-0006ci-Fl for 34565@debbugs.gnu.org; Sat, 12 Oct 2019 07:14:26 -0400 Received: from [10.9.9.204] (helo=mailfront22.runbox) by mailtransmit02.runbox with esmtp (Exim 4.86_2) (envelope-from ) id 1iJFLp-0005ES-V0; Sat, 12 Oct 2019 13:14:22 +0200 Received: by mailfront22.runbox with esmtpsa [Authenticated alias (882477)] (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) id 1iJFLm-0003hv-Al; Sat, 12 Oct 2019 13:14:18 +0200 Date: Sat, 12 Oct 2019 11:14:17 +0000 From: ng0 To: Marius Bakke Subject: Re: bug#34565: ungoogled-chromium contains Widevine DRM Message-ID: <20191012111417.bqw7xynqpcqtawgx@uptimegirl> References: <1550547897.31222.1.camel@jxself.org> <87imxe95mc.fsf@roquette.mug.biscuolo.net> <87sgwims6k.fsf@fastmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="izuehtvyinybyp2k" Content-Disposition: inline In-Reply-To: <87sgwims6k.fsf@fastmail.com> X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 34565 Cc: 34565@debbugs.gnu.org, Leo Famulari X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --izuehtvyinybyp2k Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Marius Bakke transcribed 1.2K bytes: > Giovanni Biscuolo writes: >=20 > > Hello, > > > > maybe Marius Bakke have something interesting to say about his > > judgements on this "DRM matter" >=20 > [...] >=20 > > to sum it up: AFAIU for users to be able to use Widevine they must > > create a custom package definition _outside_ official Guix channels > > *and* download the shared object "libwidevinecdm.so" from Chromium, > > installing it "manually" system wide or locally >=20 > This analysis is correct. For DRM to work, the user has to build with > "enable_widevine=3Dtrue", and then somehow obtain 'libwidevinecdm.so' and > make the browser use it. Can this bug be closed? The wording is very vague ("may") and for Guix to distribute widevine.so legally, you have to get permission and sign an NDA with Google, both of which are reportedly hard for 3rd party devs even, not sure how hard it is for new operating systems. Your stand on software with NDAs should be clear (as per policy not applicable, no NDAs). So even if traces of the code to build this might still be left, you have to master additional steps to make it work, and after having read some of widevine.so I doubt it would work out of the box with Guix System (elfpatching could get it to work with Guix, but you are still entering the field where official distribution requires legal paperwork). --izuehtvyinybyp2k Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEqIyK3RKYKNfqwC5S4i+bv+40hYgFAl2htYkACgkQ4i+bv+40 hYjG2Q//d7H86A6PbQCJ+XD+PFCaQyNNEIe8CHjqaP2Uh97s6BQ5m3fOlLYp8wzw fKs9c5WKHU2cWhV/ifOPufTh0z3U+1jY80cpzTfbT+JmOA7Hmk/8L0oegtGgKQrj bK2ecA3TabsB4JbtPKDsUdzuhu00XWFOlUtMtont3ur2eVZbN6Y1NhjDL71qXWk6 OVWk7/bSVDch/2W5R2S6YzbZDGl2YbMFjwHrhQD/ab06rQR3pTDLDdvYL1NzemNI T5D6dV1NIbCbxbhf4+e6coImLygAuzCUE6Ujwy9LXVAfPcpeQvnZ7tAypeHt7jC6 CWN/+6Pq1RUV3QHL9RRE0awGR0siEJJvRJfBSho8qJJtog7dBFrbF+h0leALqoVp iNyk/DiWUYT9IWXCaCGkjngCYmrH6ycarBvP3tkYw9viDLZQl2AA5cDFaN/ddNUe A5qajGdJ+zMqRmxVhxDPLJr3gnsJc+ZOs/9o1cCNmU2Zs7hFMY1MdgEyGaf+KE0K 7ImAopWZNA+eDUP9/zuuwdWaWssmc2s3UopO59Q44pfrvwPB6+AbdsL1r/wtAdtZ VHS/tlR25ssUq40rMianw77ClkLvHJTMPxRH0jG/ltLmq5DDZbJR9y/WbQQVGKfI 4zFVfyEqFgYcie3LQzCzHenYytOMgWWftH2+E7KEUj4oDignWrY= =REzv -----END PGP SIGNATURE----- --izuehtvyinybyp2k-- From debbugs-submit-bounces@debbugs.gnu.org Sat Oct 12 07:33:07 2019 Received: (at 34565-done) by debbugs.gnu.org; 12 Oct 2019 11:33:07 +0000 Received: from localhost ([127.0.0.1]:60794 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iJFdw-0000fU-A8 for submit@debbugs.gnu.org; Sat, 12 Oct 2019 07:33:07 -0400 Received: from wout5-smtp.messagingengine.com ([64.147.123.21]:46277) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iJFdu-0000f0-7X for 34565-done@debbugs.gnu.org; Sat, 12 Oct 2019 07:33:03 -0400 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.west.internal (Postfix) with ESMTP id 300404C3; Sat, 12 Oct 2019 07:32:56 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute5.internal (MEProxy); Sat, 12 Oct 2019 07:32:56 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h= from:to:cc:subject:in-reply-to:references:date:message-id :mime-version:content-type; s=fm1; bh=WjxrYE/4t/VWHU4mAtiEAwyiqT YcEABS82uPZtzQDpo=; b=VLKbVanyIu1dkmielYs6elAD1x/UkGVYMB1PhiyBw/ a4wVCg25a5tmLywDsRsc3apq0qtaGfHJxrwUGBB6FCfMbxaCa/WUBTbB7N85YD8+ S3QYANDxGHeY7OH5BXtS7+glXIn7m1NTfI7XHoSJOYwnF3j8MpQj226INJEGURqg VcYqMP6VZCUVWvRW2AelSFL4QS+L/f6MJOlwfA3EyENHRkiLJqAk0up7tXf1qtNc fQnyRuShYrAwirKDNcJNa0y7WomZzVpvqYfrrd2LDplMEPhuQVVmjefPrBvwi/6s OG925/+nbed3OF5GBLzIuG5GJkd1lhWyn/8mRWPZXlEg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=WjxrYE /4t/VWHU4mAtiEAwyiqTYcEABS82uPZtzQDpo=; b=mbZ/jjBFiHOP1ZuaatvEOk FgYR1UzzVhZ5rHyKb5D0fZd5plQvebt+KN37RGL+9Hx51nLioGqFjxwiIU9Y29S1 0/hLqxqY1QhRYYTGqqDrq/7Fvevn43QS7c+aDnZ/Ry7wjMDD2EU87g3BK3ly2GCr zz7JpyLYH5V3XhafSPL0H2qeAFF6j3MmRp/iyHeaPu3Tn7HZE/G/6dz+i2aRXEb8 XhUxiNjCssTp4LgCfL4CIBaoo+wcA5pzInNzZeU8y7JWpc9wMDsm6gk4KOBc1pH0 qq3++YYn2+0fH311ru6akkSkuFNRmTHlkp42wLOFjPyBEtSAEJL/6DKKYZw+w8dQ == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedufedrieejgdegvdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhephffvufgjfhgffffkgggtsehgtderre dtredtnecuhfhrohhmpeforghrihhushcuuegrkhhkvgcuoehmsggrkhhkvgesfhgrshht mhgrihhlrdgtohhmqeenucfkphepiedvrdduiedrudelvddrudehtdenucfrrghrrghmpe hmrghilhhfrhhomhepmhgsrghkkhgvsehfrghsthhmrghilhdrtghomhenucevlhhushht vghrufhiiigvpedt X-ME-Proxy: Received: from localhost (ti0006q161-0149.bb.online.no [62.16.192.150]) by mail.messagingengine.com (Postfix) with ESMTPA id 9622280061; Sat, 12 Oct 2019 07:32:54 -0400 (EDT) From: Marius Bakke To: ng0 Subject: Re: bug#34565: ungoogled-chromium may contain Widevine DRM In-Reply-To: <20191012111417.bqw7xynqpcqtawgx@uptimegirl> References: <1550547897.31222.1.camel@jxself.org> <87imxe95mc.fsf@roquette.mug.biscuolo.net> <87sgwims6k.fsf@fastmail.com> <20191012111417.bqw7xynqpcqtawgx@uptimegirl> User-Agent: Notmuch/0.29.1 (https://notmuchmail.org) Emacs/26.2 (x86_64-pc-linux-gnu) Date: Sat, 12 Oct 2019 13:32:52 +0200 Message-ID: <87lftq2o7v.fsf@devup.no> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 34565-done Cc: 34565-done@debbugs.gnu.org, Leo Famulari X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable ng0 writes: > Marius Bakke transcribed 1.2K bytes: >> Giovanni Biscuolo writes: >>=20 >> > Hello, >> > >> > maybe Marius Bakke have something interesting to say about his >> > judgements on this "DRM matter" >>=20 >> [...] >>=20 >> > to sum it up: AFAIU for users to be able to use Widevine they must >> > create a custom package definition _outside_ official Guix channels >> > *and* download the shared object "libwidevinecdm.so" from Chromium, >> > installing it "manually" system wide or locally >>=20 >> This analysis is correct. For DRM to work, the user has to build with >> "enable_widevine=3Dtrue", and then somehow obtain 'libwidevinecdm.so' and >> make the browser use it. > > Can this bug be closed? Yes, I am closing this now; thanks for the reminder. The actual Widevine implementation is not part of Chromium, and the interfaces for loading it are disabled at build time. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAl2hueQACgkQoqBt8qM6 VPoDFwgA0IBYI13YDCMtuIE9ojoc8iremaTOF/dENwhDZb9wyQfnG3cGr/CSbJv3 tWesT8TEjG3JfaCAaV3bOKJex64d3N9n2XE6uc93/h2aPMQjncj63/uOEJw6Pcuu 7YuxT2XJMjgfL2l/Vunj9JELSBuMo/zYYQukh/BAmRueM246x1ZILBpXC8zVoR2C vGAfVs/01Hg5LnLfo2NhXZBJGl25oF+uN4sSC1rdr+VwSQCZrGbAKM51xeLE+B/0 VGVp4nv/yTE5jJQzBLlSBdVWh9TwoRmKrpFqZWzwr/0O54xltDP9IvXzBszhsirO uPE3jEtlcysIERGkE+HPAI6Hay88ew== =sJ5i -----END PGP SIGNATURE----- --=-=-=-- From unknown Fri Jun 20 19:55:09 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Sat, 09 Nov 2019 12:24:06 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator