Bug#769716: iceweasel: OpenH264 back in 37, breaks H.264 playback
Christoph Anton Mitterer
calestyo at scientia.net
Thu Apr 2 23:20:25 UTC 2015
On Fri, 2015-04-03 at 07:13 +0900, Mike Hommey wrote:
> If you manually remove the gmp-gmpopenh264 directory somewhere in
> $HOME/.mozilla, it should get back to normal for you.
>
> With that being said, either with openh264 or without, iceweasel 37
> plays h264 just fine here (and strangely doesn't even use openh264 when
> i do enable it).
More important than the question of whether H264 playback works or not
is however the question of whether binary code from 3rd party sources is
injected into a debian system and this thereby potentially compromised.
That the source of openh264 is somewhere open doesn't help if we take
binaries from Cisco for which Debian didn't check reproducibility.
And reproducibility seems to still not work for it, AFAICT, and as
AFAICS we don't do such test builds in our infrastructure, hardcode some
sums in the packagages and have these checked after download.
And even if we'd do this would effectively still be like a downloader
package, and make such packages work securely is a quite tricky task.
Didn't version 37 also start to include code for MSE? And wasn't that
also binary proprietary code?
So can't we just patch out everything of that cruft from the Debian
source package?
Iceweasel should neither container proprietary code, nor blobs or
downloaded blobs (whether sources may be open for them or not).
Best wishes,
Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5313 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-mozilla-maintainers/attachments/20150403/a40c67d6/attachment-0001.bin>
More information about the pkg-mozilla-maintainers
mailing list