Bug#748342: iceweasel: please keep sandbox code for EME/CDM DRM plugins out of Iceweasel builds
Am Freitag, 16. Mai 2014, 20:39:37 schrieb Mike Hommey: > On Fri, May 16, 2014 at 01:34:38PM +0200, Martin Steigerwald wrote: > > Am Freitag, 16. Mai 2014, 20:22:09 schrieb Mike Hommey: > > > On Fri, May 16, 2014 at 12:38:46PM +0200, Martin Steigerwald wrote: > > > > Package: iceweasel > > > > Version: 29.0.1-1 > > > > Severity: normal > > > > Tags: upstream > > > > > > > > Dear Maintainer, > > > > > > > > Mozilla unfortunately chose to support external DRM plugins by an > > > > opensource sandbox for EME/CDM plugins[1][2]. > > > > > > > > Please keep this open source sandbox code out of Iceweasel builds once > > > > it > > > > becomes available. As for reasons to do so please see [2][3]. > > > > > > > > Feel free to close the bug report with a statement of your intent to > > > > do > > > > so. > > > > > > > > If its not possible to remove the code easily, please at least disable > > > > it. > > > > > > The code is not even in http://hg.mozilla.org/mozilla-central/, which > > > means it's more than 3 months away from possibly reaching unstable. > > > > > > There is nothing to disable, nothing to remove, nothing to be seen > > > regarding what it's going to be. > > > > > > Please refrain from using the *Bug* tracking system for currently > > > entirely hypothetical bugs. > > > > Mozilla Foundation is about to introduce a new way to load proprietary and > > potentially unsafe code within the browser. > > > > To me thats a bug. > > > > Thats why I open one with upstream as well[1]. > > > > Well, I will reopen this bug or open a new one should this code arrives > > within Firefox. > > BTW, have you filed a bug to remove the firmware loader from the linux > kernel yet? Care to elaborate how existing ways to include proprietary code within a system justify CDM/EME? Added to that: I am definately interested in hardware free of proprietary firmware. But unlike hardware needing firmware, HTML5 DRM is avoidable. Easily. -- Martin 'Helios' Steigerwald - http://www.Lichtvoll.de GPG: 03B0 0D6C 0040 0710 4AFA B82F 991B EAAC A599 84C7 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#748342: iceweasel: please keep sandbox code for EME/CDM DRM plugins out of Iceweasel builds
Am Freitag, 16. Mai 2014, 13:42:01 schrieb Sylvestre Ledru: > On 16/05/2014 13:34, Martin Steigerwald wrote: > > Mozilla Foundation is about to introduce a new way to load proprietary and > > potentially unsafe code within the browser. > > Like flash or the sun-java applet plugin ? How do you come to the conclusion that these are *new* ways to load proprietary and potentially unsafe code within the browser? As far as I can think back these have been there. And how do these long existing ways to do that justify adding a new way to do it – instead of getting rid of the old ways as soon as possible. Aside from that Adobe Flash and Sun Java may at least be used for something non DRM related as well while EME / CDM is specifically targetted at DRM and thus closed code which my even be protected by laws which make put the work of security researchers at risk. Read the second link in my bug post. -- Martin 'Helios' Steigerwald - http://www.Lichtvoll.de GPG: 03B0 0D6C 0040 0710 4AFA B82F 991B EAAC A599 84C7 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#748342: iceweasel: please keep sandbox code for EME/CDM DRM plugins out of Iceweasel builds
On 16/05/2014 13:34, Martin Steigerwald wrote: > Mozilla Foundation is about to introduce a new way to load proprietary and > potentially unsafe code within the browser. Like flash or the sun-java applet plugin ? Sylvestre -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#748342: iceweasel: please keep sandbox code for EME/CDM DRM plugins out of Iceweasel builds
On Fri, May 16, 2014 at 01:34:38PM +0200, Martin Steigerwald wrote: > Am Freitag, 16. Mai 2014, 20:22:09 schrieb Mike Hommey: > > On Fri, May 16, 2014 at 12:38:46PM +0200, Martin Steigerwald wrote: > > > Package: iceweasel > > > Version: 29.0.1-1 > > > Severity: normal > > > Tags: upstream > > > > > > Dear Maintainer, > > > > > > Mozilla unfortunately chose to support external DRM plugins by an > > > opensource sandbox for EME/CDM plugins[1][2]. > > > > > > Please keep this open source sandbox code out of Iceweasel builds once it > > > becomes available. As for reasons to do so please see [2][3]. > > > > > > Feel free to close the bug report with a statement of your intent to do > > > so. > > > > > > If its not possible to remove the code easily, please at least disable it. > > > > The code is not even in http://hg.mozilla.org/mozilla-central/, which > > means it's more than 3 months away from possibly reaching unstable. > > > > There is nothing to disable, nothing to remove, nothing to be seen > > regarding what it's going to be. > > > > Please refrain from using the *Bug* tracking system for currently > > entirely hypothetical bugs. > > Mozilla Foundation is about to introduce a new way to load proprietary and > potentially unsafe code within the browser. > > To me thats a bug. > > Thats why I open one with upstream as well[1]. > > Well, I will reopen this bug or open a new one should this code arrives > within > Firefox. BTW, have you filed a bug to remove the firmware loader from the linux kernel yet? Mike -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#748342: iceweasel: please keep sandbox code for EME/CDM DRM plugins out of Iceweasel builds
On Fri, May 16, 2014 at 01:34:38PM +0200, Martin Steigerwald wrote: > Am Freitag, 16. Mai 2014, 20:22:09 schrieb Mike Hommey: > > On Fri, May 16, 2014 at 12:38:46PM +0200, Martin Steigerwald wrote: > > > Package: iceweasel > > > Version: 29.0.1-1 > > > Severity: normal > > > Tags: upstream > > > > > > Dear Maintainer, > > > > > > Mozilla unfortunately chose to support external DRM plugins by an > > > opensource sandbox for EME/CDM plugins[1][2]. > > > > > > Please keep this open source sandbox code out of Iceweasel builds once it > > > becomes available. As for reasons to do so please see [2][3]. > > > > > > Feel free to close the bug report with a statement of your intent to do > > > so. > > > > > > If its not possible to remove the code easily, please at least disable it. > > > > The code is not even in http://hg.mozilla.org/mozilla-central/, which > > means it's more than 3 months away from possibly reaching unstable. > > > > There is nothing to disable, nothing to remove, nothing to be seen > > regarding what it's going to be. > > > > Please refrain from using the *Bug* tracking system for currently > > entirely hypothetical bugs. > > Mozilla Foundation is about to introduce a new way to load proprietary and > potentially unsafe code within the browser. > > To me thats a bug. > > Thats why I open one with upstream as well[1]. > > Well, I will reopen this bug or open a new one should this code arrives > within > Firefox. And I will close it again then. Until you have something to say about an iceweasel package that is in the Debian archive, please don't file a bug. There are enough real bugs to deal with already. Mike -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#748342: iceweasel: please keep sandbox code for EME/CDM DRM plugins out of Iceweasel builds
Am Freitag, 16. Mai 2014, 20:22:09 schrieb Mike Hommey: > On Fri, May 16, 2014 at 12:38:46PM +0200, Martin Steigerwald wrote: > > Package: iceweasel > > Version: 29.0.1-1 > > Severity: normal > > Tags: upstream > > > > Dear Maintainer, > > > > Mozilla unfortunately chose to support external DRM plugins by an > > opensource sandbox for EME/CDM plugins[1][2]. > > > > Please keep this open source sandbox code out of Iceweasel builds once it > > becomes available. As for reasons to do so please see [2][3]. > > > > Feel free to close the bug report with a statement of your intent to do > > so. > > > > If its not possible to remove the code easily, please at least disable it. > > The code is not even in http://hg.mozilla.org/mozilla-central/, which > means it's more than 3 months away from possibly reaching unstable. > > There is nothing to disable, nothing to remove, nothing to be seen > regarding what it's going to be. > > Please refrain from using the *Bug* tracking system for currently > entirely hypothetical bugs. Mozilla Foundation is about to introduce a new way to load proprietary and potentially unsafe code within the browser. To me thats a bug. Thats why I open one with upstream as well[1]. Well, I will reopen this bug or open a new one should this code arrives within Firefox. [1] Bug 1011459 - Please do not support EME, do not allow new proprietary CDM code in the browser https://bugzilla.mozilla.org/show_bug.cgi?id=1011459 Thanks, -- Martin 'Helios' Steigerwald - http://www.Lichtvoll.de GPG: 03B0 0D6C 0040 0710 4AFA B82F 991B EAAC A599 84C7 signature.asc Description: This is a digitally signed message part.
Bug#748342: iceweasel: please keep sandbox code for EME/CDM DRM plugins out of Iceweasel builds
Package: iceweasel
Version: 29.0.1-1
Severity: normal
Tags: upstream
Dear Maintainer,
Mozilla unfortunately chose to support external DRM plugins by an opensource
sandbox for EME/CDM plugins[1][2].
Please keep this open source sandbox code out of Iceweasel builds once it
becomes available. As for reasons to do so please see [2][3].
Feel free to close the bug report with a statement of your intent to do so.
If its not possible to remove the code easily, please at least disable it.
Thank you very much,
Martin
[1] Mitchell Baker, DRM and the Challenge of Serving Users, 14th May 2014:
https://blog.mozilla.org/blog/2014/05/14/drm-and-the-challenge-of-serving-users/
[2] Cory Doctorow, Firefox’s adoption of closed-source DRM breaks my heart,
theguardian.com, Wednesday 14 May 2014 18.00 BST:
http://www.theguardian.com/technology/2014/may/14/firefox-closed-source-drm-video-browser-cory-doctorow
[3] FSF condemns partnership between Mozilla and Adobe to support Digital
Restrictions Management
by Free Software Foundation — Published on May 14, 2014 05:23 PM:
http://www.fsf.org/news/fsf-condemns-partnership-between-mozilla-and-adobe-to-support-digital-restrictions-management
-- Package-specific info:
-- Extensions information
Name: Adblock Plus
Location:
/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
Package: xul-ext-adblock-plus
Status: enabled
Name: Deutsch (DE) Language Pack locale
Location:
/usr/lib/iceweasel/browser/extensions/langpack...@iceweasel.mozilla.org.xpi
Package: iceweasel-l10n-de
Status: enabled
Name: DownloadHelper
Location: ${PROFILE_EXTENSIONS}/{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
Status: enabled
Name: DownThemAll!
Location:
/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/{DDC359D1-844A-42a7-9AA1-88A850A938A8}
Package: xul-ext-downthemall
Status: user-disabled
Name: Flashblock
Location:
/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/{3d7eb24f-2740-49df-8937-200b1cc08f8a}
Package: xul-ext-flashblock
Status: user-disabled
Name: Ghostery
Location: ${PROFILE_EXTENSIONS}/fire...@ghostery.com.xpi
Status: enabled
Name: KDE Wallet password integration
Location: ${PROFILE_EXTENSIONS}/kwallet@guillermo.molina
Status: user-disabled
Name: NoSquint
Location: ${PROFILE_EXTENSIONS}/nosqu...@urandom.ca.xpi
Status: enabled
Name: ScrapBook
Location:
/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/{53A03D43-5363-4669-8190-99061B2DEBA5}
Package: xul-ext-scrapbook
Status: enabled
Name: Standard theme
Location:
/usr/lib/iceweasel/browser/extensions/{972ce4c6-7e08-4474-a285-3208198ce6fd}
Package: iceweasel
Status: enabled
-- Plugins information
Name: IcedTea-Web Plugin (using IcedTea-Web 1.5 (1.5-1))
Location: /usr/lib/jvm/java-7-openjdk-amd64/jre/lib/amd64/IcedTeaPlugin.so
Package: icedtea-7-plugin:amd64
Status: enabled
Name: KParts Plugin
Location: /usr/lib/mozilla/plugins/libkpartsplugin.so
Package: kpartsplugin
Status: enabled
Name: Shockwave Flash (11.2.202.346)
Location: /usr/lib/flashplugin-nonfree/libflashplayer.so
Status: enabled
Name: Skype Buttons for Kopete
Location: /usr/lib/mozilla/plugins/skypebuttons.so
Package: kopete
Status: disabled
Name: VMware Client Support Plug-in
Location: /usr/lib/vmware-cip/5.1/np-vmware-client-support.so
Status: enabled
Name: VMware Remote Console Plug-in
Location: /usr/lib/vmware-vmrc/5.1/np-vmware-vmrc-5.1.0-781747-64.so
Status: enabled
Name: X2GoClient Plug-in 4.0.2.0
Location: /usr/lib/mozilla/plugins/libx2goplugin.so
Package: x2goplugin
Status: enabled
-- Addons package information
ii icedtea-7-plug 1.5-1amd64web browser plugin based on OpenJ
ii iceweasel 29.0.1-1 amd64Web browser based on Firefox
ii iceweasel-l10n 1:29.0.1-1 all German language package for Icewe
ii kopete 4:4.12.4-1 amd64instant messaging and chat applic
ii kpartsplugin 20120605-1 amd64Netscape-compatible plugin to emb
ii x2goplugin 4.0.2.0-2amd64X2Go Client (Qt4) as browser plug
ii xul-ext-adbloc 2.6+dfsg-1 all advertisement blocking extension
ii xul-ext-downth 2.0.16-1 all iceweasel extension with advanced
ii xul-ext-flashb 1.5.17-1 all Mozilla extension to block Adobe
ii xul-ext-scrapb 1.5.9-1 all Iceweasel/Firefox extension to sa
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (200, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.15.0-rc5-tp520 (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages iceweasel depends on:
ii debianutils 4.4
ii fontconfig 2.11.0-5
ii libc6 2.18-6
ii libgdk-pixbuf2.0-0 2.30.7-1
ii libglib2.0-02.40.0-3
ii libgtk2.0-0 2.
