Re: wip/cliqz: Request for review

[Greg Troxel <gdt%lexort.com@localhost>]

Santhosh Raju <santhosh.raju%gmail.com@localhost> writes:

>>   It has a fixed requirement on clang, rather than just some c++
>>   version.  If that is really the way it is and documented to be that
>>   way by upstream, that's 100% fine.  But if it's not documented
>>   upstream, then an upstream bug is probably appropriate and certainly a
>>   comment about why.
>
> The cliqz project basically uses Firefox and since there was a recent
> shift in Firefox building using clang everywhere, I guess the change
> applies here too. I believe this is probably why you see the fixed
> requirement on clang.

If this is the same as firefox, then it's fine.  (Note that I am far
more inclined to put in comments explaining things than most others.)

>>   The DESCR talks about "proprietary" things, but then I see the license
>>   is mpl.  Perhaps that's taken from upstream, but it would be good to
>>   reword if they really just mean "cliqz has filtering/saftey features
>>   not found in other browsers".   If there is an aspect of this which is
>>   not really open source, then then license tag needs adjusting.
>
> The "proprietary" thing here is the extension developed by Cliqz and
> used by Cliqz browser, this extension basically gets baked into their
> browser build and is part of the distfile. The browser and the source
> is open since it follows basically Firefox upstream hence the mpl
> license. Which is why the wording has been put like that by the makers
> of the browser.
>
> So yes, there is an aspect of it which is not really open source, Any
> advice on how to proceed with the license tag here?

I'm not really following what you are saying, but this is important to
get right.

The part I don't understand is "proprietary extension is part of the
distfile" and "the source is open"; those don't line up.  But I think
you are separating "source code to build the program" and "extension
file that is loaded by the program".

It sounds like the cliqz distfile has essentially all of the contents of
the normal firefox distribution, and that those files are under the same
terms as firefox releases them.  Is that true?

Then, you are talking about an "extension", but I don't understand

  1) is this extension in the distfile?  Does it make its way into the
  installed package?  What is the license on it?  Is it a blob, or is it
  source?

  2) Is there some other mechanism at play, where the browser downloads
  the extension automatically, so that the package is Free Software,
  but it's set up so that what the user runs isn't?  Or something else?

Basically, we have license tags so that users do not end up running
non-Free software without being clearly aware of it.   So that's the
guiding principle in license tags.

There is a subtlety if things are downloaded later.  In f-droid (which
is not pkgsrc and has different rules, but it's interesting to think
about), that would be cause to get an antifeature warning "this program
promotes non-Free addons".   pkgsrc has not really dealt with the
downloading things later issue.  I would say that if it just happens
without the user explicitly asking for it (which is different than the
user getting a popup and clicking ok!), then the LICENSE of the package
should reflect the licensing of whatever is downloaded.

And, we often disable any kind of automatic phoning home, as that's a
security bug.