Nat Tuck writes ("Missing source in firefox-esr: EME module"):
> The firefox-esr package in Buster includes the encrypted media extension
> functionality, which relies on library called "wildvine". Source for
> this library is not included in the firefox-esr source package.
>
> This has been an outstanding bug since 2016, but it hasn't been
> considered as a serious issue with the package:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837091
That bug seems to contradict you.
Firstly, it says that firefox-esr only downloads this proprietary
software after explicit user action. Is that right ?
Secondly, it is indeed tagged as "serious", ie release critical.
I think the behaviour described at the end of that bug is quite
undesirable. I think user action to download non-free sofware should
be more explicit, and not so easily invited.
Overall, in Debian, we do not have a good enough mechanism for user
control over these kind of suggestions. There should be a single
place where a user can say, during installation, what their posture is
for non-free software.
Options should probably include:
0 Never suggest non-free software to me; simply don't mention it.
1 Explicitly confirm for each piece of non-free software.
2 Automatically download and run non-free software whenever
it is likely to be convenient.
We would have to have some kind of argument about JavaScript on web
pages. I don't think the FSF's "librejs" stuff is useful in practice
but we should probably offer it as an option. Something like a ublock
configuration that turns off JS by default and can be fiddled with,
would probably be appropriate for users who select 0 or 1.
Ian.
--
Ian Jackson <ijack...@chiark.greenend.org.uk> These opinions are my own.
If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.
