Missing source in firefox-esr: EME module

To: debian-legal@lists.debian.org
Subject: Missing source in firefox-esr: EME module
From: Nat Tuck <nat@ferrus.net>
Date: Tue, 04 Jun 2019 15:23:01 -0400
Message-id: <[🔎] 87h895tasq.fsf@ferrus.net>

The firefox-esr package in Buster includes the encrypted media extension
functionality, which relies on library called "wildvine". Source for
this library is not included in the firefox-esr source package.

This has been an outstanding bug since 2016, but it hasn't been considered as a
serious issue with the package:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837091

The firefox-esr package uses a mechanism apparently intended to work around the
requirement to include source code: it downloads the library at run time. This
implementation detail doesn't change the fact that this is built-in
functionality of the program, shown in the UI as an option like "enable
_javascript_" rather than as an addon or plug-in.

I'm surprised to find this issue in a package in the Debian "main" archive. Am I
misunderstanding debian policy or this situation?

Thanks,

– Nat

Reply to:

Follow-Ups:
- Re: Missing source in firefox-esr: EME module
  - From: Vincent Bernat <bernat@debian.org>
- Re: Missing source in firefox-esr: EME module
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>

Prev by Date: Reply to copyright concerns for libzdb in Seafile
Next by Date: Re: Missing source in firefox-esr: EME module
Previous by thread: Re: Reply to copyright concerns for libzdb in Seafile
Next by thread: Re: Missing source in firefox-esr: EME module
Index(es):
- Date
- Thread