On 5/17/2014 10:34 AM, Mike Hommey wrote:
Hi,
As far as I can tell from what has been said so far on the subject, we
may be opting to download the CDM blob unconditionally, and run it after
user interaction.
As I understand it, the CDM blob is going to be hosted by Adobe. I can
see a privacy issue here. Or at least, I can see that people can be
unconfortable with this, and/or with the unconditional download of
proprietary code (however irrational that is, knowing how many non-free
blobs a browser downloads every day).
The UX has not been finalized yet, and it will likely involve people
from UX, who don't read this list.
Firstly, the CDM will be sandboxed (using Chromium's sandbox, which uses
seccomp-bpf on Linux I believe). So what the CDM can do to snoop on the
users' computers is severely restricted.
Or is your concern that the browser will ping some Adobe server without
the user asking it to?
Secondly, last I heard the plan was to XOR the downloaded blob with some
string to make it non-executable until the user consents.
I trust that we're going to do something sensible for our users, BUT, I
would like that if we're going forward with download first, ask later,
that we incorporate an optional alternative workflow that only downloads
the CDM after the user opts-in, such that redistributors can switch to
that workflow by default if they want
I think that this is similar enough to the case where the "user starts
up Firefox for the first time and immediately loads site requiring CDM
and the CDM hasn't yet completed downloading", that we could support it
with only one extra step in the flow. How hard could it be? ;)
I'm not opposed to us making the pre-download behaviour configurable by
a pref (and setting the pref by a configure flag I guess).
Chris Pearce.
_______________________________________________
dev-media mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-media
