Your message dated Thu, 18 Sep 2025 09:29:21 +0200
with message-id <[email protected]>
and subject line iceweasel has been superseded by firefox-esr
has caused the Debian Bug report #788900,
regarding iceweasel: still shows traces of OpenH264
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
788900: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788900
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: iceweasel
Version: 38.0.1-5
Severity: normal
Hi.
Iceweasel still shows places of the blob pluing OpenH264 at several places:
1) All the downloading code and options seems to be still present, as is the
plugin entry in Tools/Add-Ons in the menu (even though disabled).
As far as I understood, the long term plan was to either properly package
OpenH264 and/or rely on other system libs for H264 decoding.
Therefore I'd kindly ask the maintainers to consider removing the whole
downloader facilites.
If the decoder is properly packaged, than the downloader-facilities are
at best useless and at worst get accidentally used/enabled somehow and download
execute possibly malicious code as it has already happened before.
2) Going to about:plugins still shows the plugin being there (just disabled)
and even gives a path where it would exist:
/home/user/.mozilla/firefox/profile/gmp-gmpopenh264/1.1
which is however not even existing but confusing.
So at least this would be nice to be fixed.
3) /home/user/.mozilla/firefox/profile/gmp seems to be still created here?!
This whole blob downloading seems to get more and more of an issue,... just
these days it was found out that Chromium is doing the same.
Many people choose open source for security, trust and verifiability reasons,
thus it would be nice if (at the Debian level) more pro-active measurements
could be taken to preven these things from even remotely happening again.
Especially when it comes to package which are known for having such "habits".
Cheers,
Chris.
--- End Message ---
--- Begin Message ---
Version: 115.12.0esr-1+rm
src:iceweasel has been superseded by src:firefox-esr in version
45.0esr-1 in March 2016. Transitional packages to ease upgrades were
provided in the wheezy, jessie, stretch and buster releases. The
transitional packages have been removed finally before the bullseye
release in August 2021.
After regular security support for buster ended in August 2022 and LTS
support ended in June 2024, I'm closing the remaining bug reports now.
Andreas
--- End Message ---
