On Thu, 08 Sep 2016 at 20:14:28 +0200, Tjeerd Pinkert wrote: > after reading up a bit (late(ly)) on the W3C EME proposed standard for > embedding of DRM managed content in web pages, I decided to have a > look if it is present in the firefox browser [...] > I think the presence of code that requires closed source components to > function, might violate the DFSG for the main section? On the other > hand, no package relation is available in the non-free section as far > as I see that is actively depended on. If a decision has been taken on > this already, then please close.
I don't see a freeness problem here. Firefox with the EME API enabled at compile time, but no CDM (DRM implementation) installed, is presumably no less functional than Firefox with the EME API disabled at compile time - so the CDM is not a dependency, because Firefox without a CDM is a perfectly acceptable web browser (just missing an optional feature). If we shipped CDMs in non-free, I don't think Firefox would have a stronger relationship to them than Suggests (or more likely, the CDMs would declare an Enhances relationship on Firefox, which means the same thing). Packages in main are allowed to have Suggests on non-free or even not-in-Debian packages, just not (Pre-)Depends or Recommends. Free CDMs do seem to exist - https://github.com/fraunhoferfokus/open-content-decryption-module is one example. It is fairly likely that content publishers will not actually *use* those CDMs, but that's between you and the content providers whose products you choose to buy. So from a freeness point of view, this doesn't seem any worse than any other plugin interface that can accept both Free and non-Free plugins - for example glibc NSS, PAM, GStreamer, Firefox NPAPI, kernel modules, and OpenGL/EGL/Vulkan drivers. I understand your desire to avoid DRM, but I don't think opening release-critical bugs requesting that features are removed from our builds of Firefox is an appropriate way to go about it. > P.S. yes I know, having flash installed as a plugin is as bad as > having EME enabled... In particular, I believe having the Flash NPAPI plugin installed means your copy of Firefox already loads a DRM implementation, because there's one in Flash. You might as well use one that is better-sandboxed, which is the purpose of EME. S