Re: Pepper Flash for Chromium
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 06/07/13 16:01, Vincent Bernat wrote:
> It would be convenient for our users of Chromium to be able to have
> a package similar to flashplugin-nonfree to get an up-to-date
> Pepper Flash Player for Chromium.
>
> Daniel is maintaining a PPA archive with such a solution for
> Ubuntu: https://launchpad.net/~skunk/+archive/pepper-flash
>
> I would like to have some insights on how we could provide such a
> package for Debian users (which could be then reused in Ubuntu, so
> I put Chris in Cc).
>
> There are several solutions:
>
> 1. Do like flashplugin-nonfree: provide a package containing some
> script that will fetch another GPG-signed script to check and
> download the appropriate version of Google Chrome, extract the
> Pepper Flash plugin and install it correctly. Optionally, provide
> a cron to keep the plugin up-to-date (this is not the case of
> flashplugin-nonfree). With such a script, the package does not
> need to be updated when new versions of Flash plugin are
> available.
>
> 2. Do like Daniel's PPA or current Ubuntu package
> (flashplugin-installer): whenever a new version is available, the
> package is updated with the appropriate location for Google Chrome
> and a checksum. On upgrade, the package will also update Flash
> Player plugin. On Ubuntu, stable releases get updates through the
> security channel. For Debian, we could either do this, use
> volatile or get an exception similar to Firefox and Chromium.
>
> 3. Put Flash Player plugin into a traditional package.
>
> There is an important drawback with the first two solutions: Google
> only provides the latest version of Google Chrome. So, when an
> update is available, users will get errors until the remote script
> is updated (for solution 1) or the package is updated (for solution
> 2). There is no such problem for solution 3. The problem with
> solution 3 is the EULA only grants a license for use "as provided
> by Google":
>
> https://www.google.com/chrome/intl/en/eula_text.html
>
> Daniel already asked for some guidance on debian-legal@ with no
> luck:
>
> http://lists.debian.org/debian-legal/2013/02/msg00010.html
>
> In this post, he proposed an alternative to solution 3 which would
> ship Google Chrome into a package and only uses the plugin part.
> However, like for NPAPI Flash Player, the EULA seems to forbid
> redistribution.
>
> Any thoughts?
IANAL, but Google's EULA appears to completely rule out any solution
which involves installing anything other than a complete google chrome
package:
> you may not (and you may not permit anyone else to) copy, modify,
> create a derivative work of, reverse engineer, decompile or
> otherwise attempt to extract the source code of the Software or any
> part thereof, unless this is expressly permitted or required by
> law, or unless you have been specifically told that you may do so
> by Google, in writing.
Specifically, downloading the chrome .deb from google and doing
anything other than simply installing it (like extracting the flash
plugin and copying it elsewhere) would be creating a derivative work
and is thus forbidden.
Additionally, the EULA says this ('Services' here includes the
software itself):
> Unless you have been specifically permitted to do so in a separate
> agreement with Google, you agree that you will not reproduce,
> duplicate, copy, sell, trade or resell the Services for any
> purpose.
The only exception being for 'business entities' to their employees:
> Google grants you a non-exclusive, non-transferable license to
> reproduce, distribute, install, and use Google Chrome solely on
> machines intended for use by your employees, officers,
> representatives, and agents in connection with your business
> entity, and provided that their use of Google Chrome will be
> subject to the Terms.
So, as you say, redistribution of the Chrome .deb in Debian also
appears to be forbidden, since Debian users are not Debian
employees/officers/agents.
These two restrictions lead me to conclude that the only option for
"packaging" flashplayer would be for the package to contain a script
which downloads and installs the entire Chrome .deb from Google, and
then points Chromium at the flahsplayer plugin binary. Given the rate
at which the URI for the latest version of Chrome changes, this seems
too fragile to be an "official" solution. Additionally, the Chrome
package automatically adds a Google repository to your sources.list,
which is problematic.
It seems to me that it would be best just to tell Chromium users that
they need to install Chrome if they want Adobe Flash Player.
- --
Regards,
Scott Leggett.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBAgAGBQJR2Qz7AAoJEHlzKPr+55fVc0oQAK9wp5wDDKz9Tggy189J3ekv
nLsVvni4Hn4lV4cedU+1+bsCGYD2YFfUlSR5JEYoKHNVnREfLkMcRiGnnXCjwuWZ
rYpkv1R+isCOOQwq7n92FLfEqdjkidGhXLFse0CW0G1I9Y5TuBVsfOeErD8S9Qb9
Td/yDqRw3yiVyP0p6+xsTOHK4z6yZcD0IoWRNA1+6oAcIjtgTPeqiIciWOygFNtJ
brNWIiTx4FsPooKgWf3Evj+h8AUYB6CCN0J/ngiARyAfeKYDhrhyXm/k/RX24XUk
PROVpG2yQwmlXPjY2hwpV2PWa7xTf63nBmIZnPBoIND+pzz4WVQWyhx2hxHvGydk
KdndTe7QZxEYt/bsJMHIw7YRmNgfrWDsO++FDR5rT0oYfuu6IfHbH0cVNtTSbV97
DIPHXg218boaQLG3z4mAdE1IXrlTm+3nZwRuaeE/Ab5s6IRJ6L7Fe87XH2pV3w7K
9I9yj/0RG6f+fXaPUz1J8c3M29kbEH1fAsQkNPWZs2GoQ9fDSZ9KoShza7p8PVt5
EEj0wlYe7V/zc9IdAKoohAP6chaVKbk9cRhJZyH+HrIXcyUtD+6boxNwlpxeohyL
zV51Y2HJkVwB+wMts5nVZX5pegeWijmNnXaGzibYPOVaKSwM2QgKBa2CPCl/hmJI
cZhRA9Ha0N4zobaGaYFD
=yvh+
-----END PGP SIGNATURE-----
Reply to: