Nat Tuck writes ("Missing source in firefox-esr: EME module"): > The firefox-esr package in Buster includes the encrypted media extension > functionality, which relies on library called "wildvine". Source for > this library is not included in the firefox-esr source package. > > This has been an outstanding bug since 2016, but it hasn't been > considered as a serious issue with the package: > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837091
That bug seems to contradict you. Firstly, it says that firefox-esr only downloads this proprietary software after explicit user action. Is that right ? Secondly, it is indeed tagged as "serious", ie release critical. I think the behaviour described at the end of that bug is quite undesirable. I think user action to download non-free sofware should be more explicit, and not so easily invited. Overall, in Debian, we do not have a good enough mechanism for user control over these kind of suggestions. There should be a single place where a user can say, during installation, what their posture is for non-free software. Options should probably include: 0 Never suggest non-free software to me; simply don't mention it. 1 Explicitly confirm for each piece of non-free software. 2 Automatically download and run non-free software whenever it is likely to be convenient. We would have to have some kind of argument about JavaScript on web pages. I don't think the FSF's "librejs" stuff is useful in practice but we should probably offer it as an option. Something like a ublock configuration that turns off JS by default and can be fiddled with, would probably be appropriate for users who select 0 or 1. Ian. -- Ian Jackson <ijack...@chiark.greenend.org.uk> These opinions are my own. If I emailed you from an address @fyvzl.net or @evade.org.uk, that is a private address which bypasses my fierce spamfilter.