Group: Software/research/Chromium

From LibrePlanet
Jump to: navigation, search

Chromium

Introduction

Chromium has many issues:

  • It's composed from a huge number of source code repositories, which makes it very complicated to even know which license it's under. In Replicant the resulting Chromium licenses files are viewable in the settings. Replicant itself also has a similar issue as it's also composed from a huge number of source code repositories.
  • Some versions were tied to Google services. Nowadays Google services might not be available anymore for community versions of Chromium, so that might be less of a concern for users. Though that might still be a concern as developers may still need to remove these features. If that's the case it would requires time and increase the maintenance burden.
  • It has a design that has many privacy issues. It's for instance way easier for the Tor project to be based on Firefox because of these design issues and also because they can collaborate more easily with Mozilla than with Google (whose business partially rely on surveillance capitalism).

Approaches and distributions

API reimplementation on top of Gecko

  • Replicant had plans to implement an API/ABI somehow compatible with Webview from Geckoview but the work hasn't started yet.

Packaging all the Chromium components

It may be possible to start packaging all the components that chromium use, especially the ones used by other programs as well like Skia that is used by Firefox and by extension Iceweasel, Icecat, etc.

Filling and fixing bugs

It may be possible to do an audit of the Chromium source code, at least to find which licenses are in use, or to audit GuiX's Chromium version to make sure they didn't miss anything while cleaning up the code and looking at licenses.

Distributions

  • Guix tried to identify all of the Chromium licenses but it's hard to check if that work is complete or not given the amount of code in Chromium.
  • Hyperbola removed chromium for various reasons[1]
  • Parabola removed Chromium for various reasons[2], and also adapted many packages not to depend on it. There might also be upstream work to add options in KDE software not to depend on qt5 WebEngine which depends on Chromium.

References

  1. Hyperbola documents the reasons in in its documentation.
  2. The Parabola blacklist mentions that chromium "links to proprietary plugins - unattended phone-home" queries - not entirely built from sources - see https://lists.nongnu.org/archive/html/gnu-linux-libre/2018-03/msg00098.html"