[arch-dev-public] Chromium losing Sync support on March 15

Giancarlo Razzolini grazzolini at archlinux.org
Tue Jan 26 19:59:09 UTC 2021

Em janeiro 26, 2021 16:20 Evangelos Foutras via arch-dev-public escreveu:
> As somewhat expected, the above didn't result in any further clarification.
> The only acceptable way forward for me is to switch to Chrome's keys.
> We (kind of) have permission for this based on the 2013 ToS exception
> allowing inclusion of Google API keys in our packages (see attached
> email copy). This was not just permitted unofficially; "the 2013
> special terms, additional quota, and exact wording of the email passed
> the internal approval process, including legal, engineering, and
> VP-level management". [1]
> Building Chromium without API keys results in a browser that is
> unsuitable for production use. Removing the OAuth 2.0 credentials (or
> when the Chrome team limits them) mainly breaks Chrome data sync
> (e.g.: passwords, bookmarks, open tabs). Additionally removing the
> main API key disables functionality like Safe Browsing and
> Geolocation. I don't consider a browser with downgraded functionality
> and security suitable for end users. [2]
> If people are still concerned about angering Google, even though
> there's probably nothing illegal about bundling Chrome's keys (when
> also considering the aforementioned permission from 2013) then let's
> just remove the package from our repos instead of officially providing
> a potentially unsafe and feature-incomplete browser.
> [1] https://groups.google.com/a/chromium.org/g/chromium-packagers/c/SG6jnsP4pWM/m/Mt0U_lWPDAAJ
> [2] https://groups.google.com/a/chromium.org/g/chromium-packagers/c/SG6jnsP4pWM/m/OOxl9wKLAAAJ


Due to the recent developments on the chromium-packagers list, I think we should drop
chromium from the repositories.

If we use chrome keys we'll be on a legal limbo. If we drop the oauth keys, chromium is
crippled. If we drop all keys, safe browsing doesn't work. The prospects are bleak, to say
the least.

Also, after the recent messages, I wouldn't be surprised if google comes after us, if we choose
to bake chrome keys into our chromium package.

Giancarlo Razzolini

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-dev-public/attachments/20210126/4a661ba0/attachment.sig>

More information about the arch-dev-public mailing list