Bug#769716: iceweasel: downloads Cisco's OpenH264 video codec
Christoph Anton Mitterer
calestyo at scientia.net
Sat Dec 6 23:38:19 UTC 2014
On Fri, 2014-12-05 at 19:17 +0100, Andrey Gursky wrote:
> > b) everyone knows what's actually contained in that binary blob, since
> > it's built from open source code, and the build is (supposed to be)
> > reproductible.
>
> Yes, "supposed to be": "there are ongoing efforts to allow
> reproducible builds which will then allow verification of the blob."
> [1]
Even if it was reproducible (and I didn't manage to),... it wouldn't
really help afterwards, once a system would have been compromised an
attacker could have wiped all his traces.
I still think it's quite problematic that this slipped through, but even
more problematic is IMHO the position of Mozilla which clearly had said
goodbye to some important principles of FLOSS and freedom of users.
Cheers,
Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5313 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-mozilla-maintainers/attachments/20141207/9391b076/attachment.bin>
More information about the pkg-mozilla-maintainers
mailing list