Freedom Issue #1231
[electron] embeds Chromium platform (or part of it), recommends nonfree DRM plugins
I want this report to serve as a little more extensive reference for what the blacklist entry will summarize, but also to raise awareness of the Chromium question and its deep consequences.
Electron is a Web-based framework/toolkit for desktop applications, it builds heavily on the Chromium platform to provide everything a Web client is expected to do. Now onto the problems:
- 1. The docs explain how to install a nonfree DRM module. This could probably be easily addressed in a replacement package in the future.
- 2.1. Among the plethora of things worth checking that the PKGBUILD is pulling is a full Chromium release, regardless of what subset of modules electron might need...
- 2.2. ...although unclear Chromium licensing isn't a problem nowadays; concerns remain that Chromium doesn't distribute full source code of third-party code, doesn't build entirely from sources (unless downstream is getting hacky like Debian), and last but not the least: without patching Chromium is tantamount to spyware. A clear understanding of what bits of Chromium are used and what they are doing is needed to determine the extent of the infection.
Updated by bill-auger 2 months ago
- Assignee deleted (
- Status changed from fixed to in progress
i am re-opening this ticket as a perpetual epic; because of the related near-duplicate package names (new BRs expected perpetually) - this is also the blacklist BR reference ticket
arch has been keeping several versions of electron current, renaming them to electronN - currently there are electron, electron6, and electron9 - the blacklist is going to require perpetual maintenance for this package - the blacklist for all of them can simply refer to #1231