Google is one of the top 10 corporate contributers to the Linux kernel. Every time you boot Linux you're using Google code.Originally Posted by cascade9
Ubuntu Cappuccino Scuro
Ubuntu addict and loving it
not quite.
Chromium OS + Branding = Chrome OS as far as we know.
and Chrome/Chromium OS includes Chromium/Chrome.
Chromium Browser + Branding = Chrome Browser as far as we know.
before compiling chromium into chrome, what additional stuff (spyware?) gets slipped in at the last minute? we have absolutely no idea, because we cannot see it.
and what if that additional stuff creates security vulnerabilities? the community won't be able to fix them and send the fixes upstream to google, because they won't be able to see the underlying source code that creates the vulnerability.
so the actual formula is this:
Chromium OS + Branding + stuff we don't know about = Chrome OS
Chromium Browser + Branding + stuff we don't know about = Chromium Browser
now, maybe there is no stuff we don't know about. maybe im being paranoid.
if that is the case, however, why not release the source code that the binary is directly based on (branding and all)? leave it to the self-compilers to remove the branding prior to redistributing, if they chose to redistribute. i am fairly certain that is how firefox does it.
the only reason to differentiate the two is because there is indeed stuff we don't know about.
the formula my proposal would create is:
Chrome - Google Branding = Chromium (or whatever you, the person compiling, feel like naming it)
maybe even include a flag that automatically strips the branding for the self-compiler?
Last edited by earthpigg; February 16th, 2010 at 07:26 PM.
Midnight Commander
The problem with this argument is that it is true of every single binary in the history of software. It's really impossible to know that a binary isn't doing something you don't know about. If you know what you're looking for, you may be able to discover these things, but there is really no foolproof way of knowing that a binary was compiled from the source code the developer provides for it.
So, I think the burden lies on the person making the accusation to provide some reasonable grounds for suspicion. And "they could do it if they wanted to" is not reasonable grounds for suspicion. You could apply that logic to a whole host of situations that range from the very likely ("identity thieves go dumpster diving to get personal info") to the far-fetched ("my neighbor is piping poison gas into my house at night"), and it would be equally true for all scenarios. Thus, "they could do it if they wanted to" does not tell you anything about the actual probability of a thing being done.
I'm certainly not trying to dismiss your concerns, but trying to point out a basic problem with how you are framing them. If you have reasons to believe that Google would surreptitiously add spyware to an open source project (and it would have to go to great lengths to hide this, given the size of that corporation), an open discussion about those reasons would be a valuable thing, I think.
I am aware of all internet traditions. | Getting the best help | Text formatting codes | My last.fm profile
Should I PM support questions? NO!
Gee! These Aren't Roasted!
This part is not possible for Linux based OS because of GPL. They have to give source of Chrome OS.
They do not have to give source of Chrome Browser because it is BSD licensed.
Ubuntu addict and loving it
compare the md5sums of the binary provided to the one you compile yourself with the same flags and version of the compiler on the same architecture.The problem with this argument is that it is true of every single binary in the history of software. It's really impossible to know that a binary isn't doing something you don't know about. If you know what you're looking for, you may be able to discover these things, but there is really no foolproof way of knowing that a binary was compiled from the source code the developer provides for it.
the exact same mathematical mumbo jumbo would be performed both times if the source is indeed the exact source the binary is based on.
i think that would work. can someone confirm?
this is only possible if the source provided includes the branding and everything else, of course.
in the case of FF (source includes mozilla branding), if you found any differences you could go "WTF mozilla?"
in the case of Chrome/ium, you would expect the md5sums to be different due to the branding difference... if the branding was kept in, it would be easy to verify that the binary is indeed from the exact same source code as provided.
burden lies on the accusor for a 'conviction' or for certainty of guilt. i am only expressing doubt.So, I think the burden lies on the person making the accusation to provide some reasonable grounds for suspicion. And "they could do it if they wanted to" is not reasonable grounds for suspicion.
their half-hearted open source ethos and creating murky waters regarding what is and is not open source (chromium is, chrome is not) is enough cause for suspicion. i don't know they are guilty of anything, and i don't know they are innocent either. as i pointed out, it would be incredibly easy for them to prove their innocence beyond any possible shadow of a doubt - include the branding in the source provided.
soo they include the full source of Chrome OS, and keep the stuff they want to hide in Chrome browser (included with Chrome OS)... the same way Linux Mint can include Flash in their distribution without providing the source code for Flash.This part is not possible for Linux based OS because of GPL. They have to give source of Chrome OS.so the actual formula is this:
Chromium OS + Branding + stuff we don't know about = Chrome OS
They do not have to give source of Chrome Browser because it is BSD licensed.
Frothy Coffee!
learn a lot, thanks.
I hope to know if chromium and chromium OS source code is available and other user or open source community can compile it and release it under GPL, then this binary OS completed by community can be used to avoid any spyware or other malware possible. right?
another thing I hope to know is
if the 2d/3d driver used in chrome os is open source and can be used in other linux distribution?
If the answer is yes, I think Chrome OS Good for Linux.
Adv Reply
Bookmarks