Package: iceweasel Version: 38.0.1-5 Severity: normal
Hi. Iceweasel still shows places of the blob pluing OpenH264 at several places: 1) All the downloading code and options seems to be still present, as is the plugin entry in Tools/Add-Ons in the menu (even though disabled). As far as I understood, the long term plan was to either properly package OpenH264 and/or rely on other system libs for H264 decoding. Therefore I'd kindly ask the maintainers to consider removing the whole downloader facilites. If the decoder is properly packaged, than the downloader-facilities are at best useless and at worst get accidentally used/enabled somehow and download execute possibly malicious code as it has already happened before. 2) Going to about:plugins still shows the plugin being there (just disabled) and even gives a path where it would exist: /home/user/.mozilla/firefox/profile/gmp-gmpopenh264/1.1 which is however not even existing but confusing. So at least this would be nice to be fixed. 3) /home/user/.mozilla/firefox/profile/gmp seems to be still created here?! This whole blob downloading seems to get more and more of an issue,... just these days it was found out that Chromium is doing the same. Many people choose open source for security, trust and verifiability reasons, thus it would be nice if (at the Debian level) more pro-active measurements could be taken to preven these things from even remotely happening again. Especially when it comes to package which are known for having such "habits". Cheers, Chris. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
