GNU bug report logs - #34565
ungoogled-chromium may contain Widevine DRM

Previous Next

Package: guix;

Reported by: Jason Self <j <at> jxself.org>

Date: Tue, 19 Feb 2019 05:28:02 UTC

Severity: normal

Done: Marius Bakke <mbakke <at> fastmail.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Adonay Felipe Nogueira <adfeno <at> hyperbola.info>
To: 34565 <at> debbugs.gnu.org
Cc: Jason Self <j <at> jxself.org>
Subject: bug#34565: ungoogled-chromium contains Widevine DRM
Date: Wed, 20 Feb 2019 17:15:15 -0300

[Message part 1 (text/plain, inline)]
Em 20/02/2019 13:18, Julien Lepiller escreveu:
> I think the situation is different though. You can see the build script
> inside the "origin" record as the liberation procedure that anyone can
> see and verify. It's also a procedure targeted at our build farms, so
> that they can produce the liberated source code. Users never manipulate
> non-free source code, unless something is wrong on the build farm side.

I'm not taking any sides here, but to give some more information, if for
example you do `guix edit ungoogled-chromium' you will be presented to
the package definition of Ungoogled-Chromium, taking that as an example
you can see that it has a "source (origin ...) ...)" definition, inside
the inner part (the "origin") you have:

* the upstream download location and method, see (method ...), (uri ...)
and (sha256 ...);
* patches that should be applied immediatelly after downloading and
extracting the source files, per (patches ...);
* snippets and modules to be used with these, also to be applied
immediatelly after downloading and extracting the source files, as seen
in (snippet ...) and (modules ...).

When `guix build -S ungoogled-chromium' is done, first it checks the
build farms for the "prepared" source that matches the given package
definition, version, hash and so on; and lastly it tries to "prepare"
the source according to (patches ...) and (snippet ...) declarations
before even telling the user that the download is ready/done.

Having the (origin ...) visible in this way brings the advantages that
the people of Guix told about here, but as far as I can tell, the user
also sees the original location of the non-free source from upstream if
they do `guix edit ungoogled-chromium'.


-- 
- Página com formas de contato:
  https://libreplanet.org/wiki/User:Adfeno#vCard
- Ativista do software livre (não confundir com o gratuito). Avaliador
  da liberdade de software e de sites.
- Página com lista de contribuições:
  https://libreplanet.org/wiki/User:Adfeno#Contribs
- Para uso em escritórios e trabalhos, favor enviar arquivos do padrão
  internacional OpenDocument/ODF 1.2 (ISO/IEC 26300-1:2015 e
  correlatos). São os .odt/.ods/.odp/odg. O LibreOffice é a suíte de
  escritório recomendada para editar tais arquivos.
- Para outros formatos de arquivos, veja:
  https://libreplanet.org/wiki/User:Adfeno#Arquivos
- Gosta do meu trabalho? Contrate-me ou doe algo para mim!
  https://libreplanet.org/wiki/User:Adfeno#Suporte
- Use comunicações sociais federadas padronizadas, onde o "social"
  permanece independente do fornecedor. #DeleteWhatsApp. Use #XMPP
  (https://libreplanet.org/wiki/XMPP.pt), #DeleteFacebook
  #DeleteInstagram #DeleteTwitter #DeleteYouTube. Use #ActivityPub via
  #Mastodon (https://joinmastodon.org/).
- #DeleteNetflix #CancelNetflix. Evite #DRM:
  https://www.defectivebydesign.org/


[signature.asc (application/pgp-signature, attachment)]
This bug report was last modified 5 years and 225 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.