[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Missing source in firefox-esr: EME module

Nat Tuck writes ("Missing source in firefox-esr: EME module"):
> The firefox-esr package in Buster includes the encrypted media extension
> functionality, which relies on library called "wildvine". Source for
> this library is not included in the firefox-esr source package.
> This has been an outstanding bug since 2016, but it hasn't been
> considered as a serious issue with the package:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837091

That bug seems to contradict you.

Firstly, it says that firefox-esr only downloads this proprietary
software after explicit user action.  Is that right ?

Secondly, it is indeed tagged as "serious", ie release critical.

I think the behaviour described at the end of that bug is quite
undesirable.  I think user action to download non-free sofware should
be more explicit, and not so easily invited.

Overall, in Debian, we do not have a good enough mechanism for user
control over these kind of suggestions.  There should be a single
place where a user can say, during installation, what their posture is
for non-free software.

Options should probably include:

0  Never suggest non-free software to me; simply don't mention it.

1  Explicitly confirm for each piece of non-free software.

2  Automatically download and run non-free software whenever
  it is likely to be convenient.

We would have to have some kind of argument about JavaScript on web
pages.  I don't think the FSF's "librejs" stuff is useful in practice
but we should probably offer it as an option.  Something like a ublock
configuration that turns off JS by default and can be fiddled with,
would probably be appropriate for users who select 0 or 1.


Ian Jackson <ijackson@chiark.greenend.org.uk>   These opinions are my own.

If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.

Reply to: