Freedom issue #1231
[electron] embeds Chromium platform (or part of it), recommends nonfree DRM plugins
I want this report to serve as a little more extensive reference for what the blacklist entry will summarize, but also to raise awareness of the Chromium question and its deep consequences.
Electron is a Web-based framework/toolkit for desktop applications, it builds heavily on the Chromium platform to provide everything a Web client is expected to do. Now onto the problems:
- 1. The docs explain how to install a nonfree DRM module. This could probably be easily addressed in a replacement package in the future.
- 2.1. Among the plethora of things worth checking that the PKGBUILD is pulling is a full Chromium release, regardless of what subset of modules electron might need...
- 2.2. ...although unclear Chromium licensing isn't a problem nowadays; concerns remain that Chromium doesn't distribute full source code of third-party code, doesn't build entirely from sources (unless downstream is getting hacky like Debian), and last but not the least: without patching Chromium is tantamount to spyware. A clear understanding of what bits of Chromium are used and what they are doing is needed to determine the extent of the infection.