A lot of people get worried about the "Managed by your organization" warning from Chrome/Chromium. It's kinda weird the need to search for this in order to understand why the warning is showing. This can also confuse newcomers.
Maybe fedora-chromium-config can be optional?
@sgallagh FYI
This was originally created because nearly all of the Fedora infrastructure services used Kerberos authentication. Time has passed and now most of them (with the exception of Koji) use OpenID Connect, so it's probably fine if we split this back into two packages, one that provides only the User Agent change and one that provides the kerberos configuration. The latter we could make a Recommends: dependency for fedora-packager rather than Fedora Workstation.
Recommends:
fedora-packager
Does that sound like a reasonable approach?
Firefox and WebKitGTK no longer add Fedora user agent header branding, so I'd say that functionality should be dropped entirely.
Actually, I had forgotten, but we don't carry user-agent branding for Chrome for the last year.
The other pieces we are shipping in this are the Gnome and KDE desktop integration extensions (if those desktop packages are installed). Note: these extensions do not cause the "managed by your organization" notifications.
So to revise my previous suggestion: Let's have a fedora-chromium-config package that Recommends: fedora-chromium-config-gnome if Gnome is installed and/or Recommends: fedora-chromium-config-kde if KDE is installed. We will then move the Recommends: fedora-chromium-config-gssapi to the fedora-packager package. For upgrade purposes, anyone with fedora-chromium-config today will get fedora-chromium-config-gssapi for continuity of functionality.
fedora-chromium-config
Recommends: fedora-chromium-config-gnome
Recommends: fedora-chromium-config-kde
Recommends: fedora-chromium-config-gssapi
fedora-chromium-config-gssapi
I've implemented the above in https://bodhi.fedoraproject.org/updates/FEDORA-2023-c7672bb516
Please review.
I forgot to say that fedora-chromium-config also blocks the "Secure DNS" setting of Chrome (chrome://settings/security). The setting description is grayed out and shows "This setting is disabled on managed browsers".
Yes, because it breaks VPNs, which most people need to be able to use.
Understood, I didn't know. What I was actually trying to say is that a newcomer wouldn't easily understand. There is no easily available information about why the option is grayed out or why the "managed organization" warning is showing.
So we don't need to do anything else here, right? @sgallagh your change is sufficient to resolve this issue?
That was my question to the Workstation WG: is that a sufficient solution for you?
The answer we arrived at on Tuesday was yes. Thanks @sgallagh !
Metadata Update from @aday: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.