The firefox-esr package in Buster includes the encrypted media
extension
functionality, which relies on library called "wildvine". Source
for
this library is not included in the firefox-esr source package.
This has been an outstanding bug since 2016, but it hasn't been
considered as a
serious issue with the package:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837091
The firefox-esr package uses a mechanism apparently intended to
work around the
requirement to include source code: it downloads the library at
run time. This
implementation detail doesn't change the fact that this is
built-in
functionality of the program, shown in the UI as an option like
"enable
javascript" rather than as an addon or plug-in.
I'm surprised to find this issue in a package in the Debian "main"
archive. Am I
misunderstanding debian policy or this situation?
Thanks,
-- Nat