On Sat, May 17, 2014 at 02:03:18PM +1200, Chris Pearce wrote: > On 5/17/2014 10:34 AM, Mike Hommey wrote: > >Hi, > > > >As far as I can tell from what has been said so far on the subject, we > >may be opting to download the CDM blob unconditionally, and run it after > >user interaction. > > > >As I understand it, the CDM blob is going to be hosted by Adobe. I can > >see a privacy issue here. Or at least, I can see that people can be > >unconfortable with this, and/or with the unconditional download of > >proprietary code (however irrational that is, knowing how many non-free > >blobs a browser downloads every day). > > The UX has not been finalized yet, and it will likely involve people from > UX, who don't read this list. > > Firstly, the CDM will be sandboxed (using Chromium's sandbox, which uses > seccomp-bpf on Linux I believe). So what the CDM can do to snoop on the > users' computers is severely restricted. > > Or is your concern that the browser will ping some Adobe server without the > user asking it to?
Yes. Essentially, Adobe would receive a ping from all Firefox users on a recent version. That doesn't sound very appealing. > Secondly, last I heard the plan was to XOR the downloaded blob with some > string to make it non-executable until the user consents. I'm not convinced that would satisfy the concerns of the people who don't want to have anything to do with proprietary software. It's completely irrational, as, like I said, a browser will already download proprietary blobs all the time, but that's a point a lot of people are already doing. > >I trust that we're going to do something sensible for our users, BUT, I > >would like that if we're going forward with download first, ask later, > >that we incorporate an optional alternative workflow that only downloads > >the CDM after the user opts-in, such that redistributors can switch to > >that workflow by default if they want > > I think that this is similar enough to the case where the "user starts up > Firefox for the first time and immediately loads site requiring CDM and the > CDM hasn't yet completed downloading", that we could support it with only > one extra step in the flow. How hard could it be? ;) > > I'm not opposed to us making the pre-download behaviour configurable by a > pref (and setting the pref by a configure flag I guess). I would be happy with this. But I don't think there is a need for a configure flag. Redistributors can easily set custom prefs. BTW, are there bugs on file around those issues? Cheers, Mike _______________________________________________ dev-media mailing list [email protected] https://lists.mozilla.org/listinfo/dev-media
