Control: severity -1 normal On 2017-05-27 13:47:45 +0100, Simon McVittie wrote: > On Thu, 08 Sep 2016 at 20:14:28 +0200, Tjeerd Pinkert wrote: > > after reading up a bit (late(ly)) on the W3C EME proposed standard for > > embedding of DRM managed content in web pages, I decided to have a > > look if it is present in the firefox browser > [...] > > I think the presence of code that requires closed source components to > > function, might violate the DFSG for the main section? On the other > > hand, no package relation is available in the non-free section as far > > as I see that is actively depended on. If a decision has been taken on > > this already, then please close. > > I don't see a freeness problem here. > > Firefox with the EME API enabled at compile time, but no CDM (DRM > implementation) installed, is presumably no less functional than Firefox > with the EME API disabled at compile time - so the CDM is not a > dependency, because Firefox without a CDM is a perfectly acceptable web > browser (just missing an optional feature). If we shipped CDMs in > non-free, I don't think Firefox would have a stronger relationship to > them than Suggests (or more likely, the CDMs would declare an Enhances > relationship on Firefox, which means the same thing). Packages in main > are allowed to have Suggests on non-free or even not-in-Debian packages, > just not (Pre-)Depends or Recommends. > > Free CDMs do seem to exist - > https://github.com/fraunhoferfokus/open-content-decryption-module is one > example. It is fairly likely that content publishers will not actually > *use* those CDMs, but that's between you and the content providers whose > products you choose to buy. So from a freeness point of view, this > doesn't seem any worse than any other plugin interface that can accept > both Free and non-Free plugins - for example glibc NSS, PAM, GStreamer, > Firefox NPAPI, kernel modules, and OpenGL/EGL/Vulkan drivers. > > I understand your desire to avoid DRM, but I don't think opening > release-critical bugs requesting that features are removed from our > builds of Firefox is an appropriate way to go about it.
ACK, so let's downgrade the severity. Cheers > > P.S. yes I know, having flash installed as a plugin is as bad as > > having EME enabled... > > In particular, I believe having the Flash NPAPI plugin installed means > your copy of Firefox already loads a DRM implementation, because there's > one in Flash. You might as well use one that is better-sandboxed, which > is the purpose of EME. > > S -- Sebastian Ramacher
