[Q] is ungoogled-chromium completetly FLOSS?

[Megver83]

I'd like to know if ungoogled-chromium frees Chromium from non-free software (e.g. removes unrar, widevine or other first/third party software/binary that's not under a free software license) completely, or if at least builds without it by default. As you are most likely more familiar with the Chromium source code than me, in your experience, is there too much or not really much non-free software? I need this information, because I want to start a project to free Chromium, and this project (ungoogled-chromium) looks like a good start point, at least for the means of privacy.

Would be good, imo, to put this question in the faq, if possible :)

Thanks in advance.

[mbakke]

Widevine is not distributed with Chromium. UnRAR is, but ungoogled-chromium includes a patch that allows building without it.

AFAIK (and I've checked!) UnRAR is the only non-free component present in the Chromium source.

[jstkdng]

The main issue the FOSS folks have with chromium is that its license is a non-free one, at least that was the case when I asked the parabola folks some years ago on their IRC channel. UC is bsd licensed, same as chromium, so technically it isnt FOSS.

[mbakke]

@jstkdng The 3-clause BSD license is a free software license.

[jstkdng]

is it accepted by the fsf? I think it is too permisive for them.

[mbakke]

@jstkdng It is accepted, see here: https://www.gnu.org/licenses/license-list.html#ModifiedBSD

[Megver83]

The main issue the FOSS folks have with chromium is that its license is a non-free one, at least that was the case when I asked the parabola folks some years ago on their IRC channel. UC is bsd licensed, same as chromium, so technically it isnt FOSS.

You might have misunderstood what they said (I'm a Parabola dev, btw), they surely told you that Chromium licensing isn't clear, however that's an old argument as nowadays the licensing for each 3rd party software is in the source code in a license.txt file, and Chromium itself is BSD-licensed. However, I'm looking for binary files without source (I've encountered some .bin files, for example, but haven't yet inspected them).

[Megver83]

This FSF-directory page mentions the unrar issue being nonfree, but as @mbakke said Chromium can be patched to remove it. That page links to this email thread, which talks about Chromium and how ungoogled-chromium is very good to help freeing it from some nonfree binaries and Google dependencies, and Guix's Chromium package. The conclusion is, from what I understood, that the Chromium version distributed by Guix is completely free, as it uses ungoogled-chromium and disables Widevine at build time, but it's technically not FSDG compliant because it downloads the official chromium source code (but this can be easily solved by forking Chromium, ungoogle it, and removing the Widevine support, if I'm not mistaking)

BTW, I just verified sth. that's mentioned in that FSF page, and is that chrome/test/data/import/firefox/macwin.zip/Profiles/brn6z0fz.default/extensions/{3112ca9c-de6d-4884-a869-9855de68056c}/LICENSE.txt is a nonfree license, so I assume that not all first party software is free.

[mbakke]

@Megver83 Guix has a special facility to run code as part of the source derivation. guix build --source ungoogled-chromium (equivalent to apt-get source ungoogled-chromium) will always return the sanitized code. Even the Linux deblobbing script runs in such a derivation.

Where did you find that chrome/test/data/import/firefox/macwin.zip? It is not part of my 83.0.4103.61 tarball.

[Megver83]

Oh, you have a tarball. I found it in the Chromium source here in Github (which is a mirror of the official code)

From where did you get your tarball?

[mbakke]

@Megver83 Tarballs can be downloaded from here: https://commondatastorage.googleapis.com/chromium-browser-official/chromium-83.0.4103.61.tar.xz

The git repository contains more non-free files, but the tarballs are somewhat sanitized.

[Megver83]

@mbakke do know how they "sanitize" (better say generate) those tarballs?

[Megver83]

just found that Harvey_Rayner.svg under third_party/blink/perf_tests/svg/resources is CC Attribution-NoDerivs 2.5 licensed (unfortunately the webpage linked in the LICENSES file doesn't exist anymore, so I can't verify it, anyways, it's just an svg image, nothing really harmful)

I guess that the licensing in the source code is mostly clear, which will be very helpful to identify non-free bits like the one mentioned above.

[mbakke]

@Megver83 The release tarball script used to be in tools/export_tarball, but that is apparently removed. No idea where it lives now.

Good catch wrt that SVG image, I'll remove it from Guix.

[Megver83]

@mbakke it's mentioned in the non-exhaustive list of issues with Chromium from the FSF directory :P

third_party/blink has some images under CC-BY-NC-SA-2.0

and then just did a quick search with find to look at the licenses, and found it. I'm sure there might be more, hopefully not much more

[Eloston]

I am not very well-versed in Chromium licensing, but my understanding is: Basically the same as Chromium, which depends on who's packaging it.

ungoogled-chromium is not just this repository; it includes repos in ungoogled-software that package Chromium for different platforms. There are also individual users who maintain their own builds, but I wouldn't consider them "officially" part of ungoogled-chromium until they have a repo under ungoogled-software.

For example, Debian has a whole system to detect and enforce proper licensing for all source files in their packages. For the Debian chromium package, you can find the license for all the source code files in its debian/copyright file. Our Debian/Ubuntu packaging (https://github.com/ungoogled-software/ungoogled-chromium-debian) is a fork of Debian's package, so we automatically inherit this work. I don't know too much about other platforms that we support.

I don't know if ungoogled-chromium as a whole should strive to be FLOSS mainly because it seems like a bit of work, and there are many different use-cases we have to consider (such as Windows and macOS support, Widevine support, etc.). It might be better to make specific packaging of ungoogled-chromium FLOSS for now, and ensure we don't do anything in this repo that could prevent FLOSS-compliance.

[Megver83]

For the Debian chromium package, you can find the license for all the source code files in its debian/copyright file.

I knew the repo, but didn't read the copyright file. Looks good, at least it has a list of many files, but don't know if all of them.

I don't know if ungoogled-chromium as a whole should strive to be FLOSS mainly because it seems like a bit of work, and there are many different use-cases we have to consider (such as Windows and macOS support, Widevine support, etc.). It might be better to make specific packaging of ungoogled-chromium FLOSS for now, and ensure we don't do anything in this repo that could prevent FLOSS-compliance.

I completely understand this. Anyways, it could be added as an option (e.g. add patches to remove files under nonfree licenses like some media or binaries), but not as the default one, so users and distros that go the pure-FLOSS way can also benefit from this great project. However, as you said, it might require more work, but as a beginning a list of non-trivial files under non-free licenses could be created, so a script/patch just removes them if the user chooses to run it.

[kramred]

The release tarball script used to be in tools/export_tarball, but that is apparently removed. No idea where it lives now.

Could be this one: publish_tarball.py

[wchen342]

Just to add that the Android version is an outlier here, since gclient pulls a lot of pre-built jar files. Most of them have sources somewhere (I have excluded all the Google Play ones), but it is still too hard to find all of them and maintain some script to build all of them.

This is one of the reason the Android version is not in official F-Droid repo too.

[Eloston]

@Megver83 We can create a new repo in the ungoogled-software organization to implement your suggestion. Unless it becomes clear that it's a feature we can and want to implement on all platforms, I don't want to include selectively applicable changes in this repo (otherwise it can get messy and confusing).

If anyone's interested in implemeting this, let us know.

[d-g]

@jstkdng wrote:

is [3-BSDL] accepted by the fsf? I think it is too permisive for them.

Excuse me for a sort of offtopic, but I believe itʼs worth clarifying how deep the confusion is, and where it, perhaps, originates.

First, FSF does not claim any monopoly on judgement which license is a free one and which is not. The list of “Various Licenses and Comments about Them”, cited above, is neither exhaustive nor authoritative.

Thatʼs what another organization — Open Source Initiative (OSI) — do. They indeed put themselves as a source of authority of what can be called ‘open source’ and what can not, and have a bureaucratic procedure for approving specific software licenses as being ‘open source’.

Being “too permissive to be a free licence” does not make much sense either. FSF / GNU, or Debian, or Fedora, or Wikimedia, or whoever involved in creating free products have always recognized even uncopyrighted works as free.

On the contrary, OSI indeed declined to approve some extremely permissive licences as ‘open source’. CC0 (Creative Commons Zero) is the most widely used one.

Anyway, 3-BSDL is fine even for OSI.