On 23/12/14 12:54, Luke Bratch wrote:
> 1. An unverified binary blob being downloaded and marked as executable
> is not OK, *especially without the user being informed and/or asked*.
What exactly do you mean by "unverified"?
I very much hope that there are mechanisms by which the blob is
confirmed to be a genuine one (either by hash or signing or pinned
HTTPS). If there are not, that's a bug. Can anyone confirm either way?
The aim is to provide reproducible (deterministic) builds, so that it
will no longer be unverified that the blob you get with the magic Cisco
patent license pixie dust is identical to the one you can build yourself.
This was part of the original promise of how this would work, so I hope
it has not been forgotten.
I can't immediately find a bug number for this work: does anyone have one?
> 2. The initial Mozilla blog post [2] on the subject stated that the blob
> would be downloaded "when needed", whereas in fact it happens
> automatically upon browser load.
Would you be significantly happier if it were downloaded the first time
a user hit a WebRTC-using page?
> 4. The download even happens in safe mode.
Hmm. That does sound like a bug, or at least arguably a wrong behaviour.
Would you care to file it?
> 5. The behaviour of point 2 means that running "cfx run" (for instance
> when developing extensions) means that the blob is downloaded over and
> over again, consuming significant network resources.
That also sounds like a bug which should be filed.
> 6. The preferences to disable the downloading are numerous (there seem
> to be at least three required) and hidden in about:config.
Do you have more specific information?
> 7. The only way to set those preferences by default requires local
> administrative access. (And may disappear in the future!? [3])
The proper method used by admins isn't marked as "may be removed".
> Please note - I'm not after a point-by-point debate regarding the above
> points, I only listed them all to convey the breadth of issues to people
> who haven't encountered the bug report yet.
But one bug report cannot deal with such a breadth of issues, and a bug
report which says "this has problems, back it out" will quite rightly be
WONTFIXed. If the individual issues concern you (and some certainly
should) then please file bugs on them. If your actual aim is to get
Mozilla's decision to support H.264 reversed, then I'm afraid that's not
going to happen. The market forces which led to this sad decision are
still exactly the same.
> What I'm really after is some reassurance that Mozilla does recognise
> the issues introduced by this binary blob. I refer to both the ethical
> issues (of embracing H.264 and of distributing untrusted binaries to
> Firefox users) and the practical issues (of prompting/informing users in
> advance and offering an easier way to disable).
You don't think the acres of anguished debate at the time the decision
was taken are evidence enough that Mozilla is not particularly happy
about its need to support H.264? (I don't think "embrace" is a fair word.)
It also depends what you mean by "untrusted" binaries. People who
download Firefox have to trust Mozilla. Now, if there is opportunity for
the OpenH264 blob to be interfered with between our build servers and
you, that's clearly a bug which should be fixed. If not, then it's as
trusted as the Firefox binary the user downloaded in the first place.
If you actually mean "not open source", that's a different question with
a different answer. The OpenH264 code is open source. Unless your
position is that no-one should ever use any patented technology. We
don't like software patents, but we live in a world where they exist.
> In the same vein, my understanding of Mozilla's stance on plugins has
> been muddied by the introduction of GMP. The introduction of both
> plugin blocklists and automatic Click to Play were signs to me that
> Mozilla were moving away from plugins, but this new plugin framework
> seems like a regression back towards embracing plugins.
You use the word "embrace" a lot. :-) Mozilla is trying very hard to
eliminate generic NPAPI plugins (as is Chrome). We have had to replace
them with something much more specific in two cases - OpenH264 and EME
CDMs. Both of these cases are, everyone agrees, non-ideal. This is not
the same, though, as "embracing plugins".
Gerv