bug#34565: ungoogled-chromium contains Widevine DRM

[Jelle Licht]

Jason Self <address@hidden> writes:

> Leo Famulari wrote:
>> To clarify this general point about Guix for anyone who is reading
>> along, as a matter of policy the end user does not receive non-free
>> source code from Guix.
>
> Right; the source is downloaded from commondatastorage.googleapis.com
> but that is a technicality. What I'm saying is that the recipe should
> be updated to cause it to download an already-cleaned up version
> directly from Guix (it could be hosted somewhere on gnu.org for example
> but exactly where can be up for negotiation) and that this excuse of

I would argue that this way of thinking is one of the issues Guix and
the broader reproducible builds community is trying to solve (in an
ethical way). Practical software freedom also includes the possibility
of not being dependent on even the gnu.org infrastructure.

> "they're getting it elsewhere" shouldn't be usable as an excuse to
> sidestep the FSDG. It's still causing the user to download the software
> due to the recipes provided by Guix.

The implied tone of your message comes across as needlessly
aggressive. I am not sure if the GNU Kind Communications Guidelines
apply here, but I still urge you to give the broader Guix community the
benefit of the doubt in that they are committed to the FSDG and
everything it entails.

This is like arguing that curl could be used to download proprietary
software; An unmodified Guix will never present a user with non-free
software. If it does, this can be considered a bug and should be fixed
ASAP. Your proposal implies that someone else still downloads the
nonfree upstream sources to modify them, so I see this as even more of a
case of working around the spirit of the FSDG.

>
>> The tools provided by Guix to access source code only return source
>> code that is freely licensed. If the sources have to be modified to
>> ensure this, the unodified source code is not provided to the user.
>
> It's still being downloaded into their computer and then being cleaned
> up after the fact. If there weren't freedom problems with it there
> wouldn't be a need for a clean-up program (ungoogled-chromium in this
> case) to be running -- as a process on the user's computer -- to do
> this.

I do not really get the point you are trying to make, because the
software has to be downloaded at some point in time. Offering a
transparent solution in the form of the Guix store, where the
problematic bits of software only exist in a transient state seems like
it improves the situation across the board.

Whether this fits the letter of the FSDG is an interesting discussion to
be had, but arguing that it goes against the core principles is simply
silly :).

>
> And inhttps://www.gnu.org/distros/free-system-distribution-guidelines.
> htmlwe have:
>
> "For instance, a free system distribution must not contain browsers that 
> implement EME, the browser functionality designed to load DRM modules."
>
> So that should make it quite clear.

I feel most folks here agree on this, at least, so if ungoogled-chromium
still implements a functioning EME, that is a bug.

Respectfully yours,
- Jelle