Bug 1418917 - Non free files in Chromium
Summary: Non free files in Chromium
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: chromium-browser
Version: 6.10
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Tomas Popela
QA Contact: Tomas Pelka
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-02-03 07:16 UTC by Brigham Keys
Modified: 2017-12-06 11:05 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-12-06 11:05:53 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Brigham Keys 2017-02-03 07:16:33 UTC
Description of problem:
There are unlicensed (non free) files within Chromium, they are listed here in this Lintian page
https://lintian.debian.org/maintainer/pkg-chromium-maint@lists.alioth.debian.org.html#chromium-browser
Some of the files look innocent like

    third_party/catapult/tracing/third_party/d3/d3.min.js

I know that file is BSD licensed because I use d3 for my day job. But others seem a bit more heinous such as

    third_party/analytics/google-analytics-bundle.js line length is 525 characters (>512)

Should probably be no where near the Fedora repositories. There is a fork of Chromium called ungoogled-chromium which has some involvement as well I believe

https://github.com/Eloston/ungoogled-chromium

Version-Release number of selected component (if applicable):
55

Additional info:
Pipermail in the Parabola mailing list
https://www.mail-archive.com/gnu-linux-libre@nongnu.org/msg02203.html
We should also report bugs in QtWebEngine as well because it depends on Chromium, which contains non free files.

Comment 3 Tom "spot" Callaway 2017-02-09 16:41:58 UTC
There is so much noise in those threads (some of them dating back to 2009). I looked through the current Lintian report and checked all of those files in the latest stable Chromium tree and without any exception, they're either not in the Fedora build (we nuke a lot of unused bundled "third_party" code) or they're clearly under a Free license. A few of the files are minified, but the upstreams have the unminified code.

e.g. https://github.com/GoogleChrome/chrome-platform-analytics

I'm not passing judgement on the morality or ethics of Google's javascript choices, but I do not see any non-Free files in the Lintian list.

If there are specific files which you (or anyone) feels to be non-free, please feel free to point it out.

Comment 4 Brigham Keys 2017-02-13 20:00:13 UTC
Perhaps we can notify Chromium upstream about these non free files, even though they are not included in the RH distributions.

Comment 5 Tom "spot" Callaway 2017-02-13 20:07:00 UTC
I'm sorry, I was unclear. I did not find _any_ non-free files. There are files which Fedora removes which are in the Debian Lintian report, but we do not remove them because they are non-free, but because we do not use them in the compile.

Comment 6 Brigham Keys 2017-02-13 20:08:40 UTC
What about the file
    third_party/analytics/google-analytics-bundle.js line length is 525 characters (>512)
That was in the lintian report? I thought google analytics was completely non free?

Comment 7 Tom "spot" Callaway 2017-02-13 20:17:59 UTC
(In reply to Brigham Keys from comment #6)
> What about the file
>     third_party/analytics/google-analytics-bundle.js line length is 525
> characters (>512)
> That was in the lintian report? I thought google analytics was completely
> non free?

I don't know why you think that. It's Apache 2.0, as referenced by the upstream home for google-analytics-bundle.js: https://github.com/GoogleChrome/chrome-platform-analytics

Comment 8 Tomas Popela 2017-02-14 08:27:39 UTC
(In reply to Brigham Keys from comment #4)
> Perhaps we can notify Chromium upstream about these non free files, even
> though they are not included in the RH distributions.

I think that Debian should be the one who should open the upstream bug to let the Chromium developers know about the situation. But that should happened few months (years) ago when the spotted it. I asked them[0] if they've done so, but without any answer yet.

[0] - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787527

Comment 9 Jan Kurik 2017-12-06 11:05:53 UTC
Red Hat Enterprise Linux 6 is in the Production 3 Phase. During the Production 3 Phase, Critical impact Security Advisories (RHSAs) and selected Urgent Priority Bug Fix Advisories (RHBAs) may be released as they become available.

The official life cycle policy can be reviewed here:

http://redhat.com/rhel/lifecycle

This issue does not meet the inclusion criteria for the Production 3 Phase and will be marked as CLOSED/WONTFIX. If this remains a critical requirement, please contact Red Hat Customer Support to request a re-evaluation of the issue, citing a clear business justification. Note that a strong business justification will be required for re-evaluation. Red Hat Customer Support can be contacted via the Red Hat Customer Portal at the following URL:

https://access.redhat.com/


Note You need to log in before you can comment on or make changes to this bug.