-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 05/20/2014 04:03 AM, Henri Sivonen wrote:
> On Thu, May 15, 2014 at 8:39 PM, Majken Connor <maj...@gmail.com> > wrote: > >> A guide similar to the CEO FAQ would be great, as well as having >> people reach out on the Reps-General list to discuss how to talk >> about this and answer questions (not just about information on the >> topic) would be really helpful. > > The FAQ is out now, appended to the Hacks post: > https://hacks.mozilla.org/2014/05/reconciling-mozillas-mission-and-w3c-eme/ One part of this FAQ states: > Mozilla will develop the CDM host and is planning on making its code > open source as is the norm for Mozilla-developed code. However, the > CDM will refuse to work if it finds itself in a host that isn’t > identical to the Mozilla-shipped CDM host executable. How will the CDM be able to tell? If it is properly sandboxed, it should not be able to find out anything about the sandbox (== the host executable) except what the sandbox itself tells it, unless there are channels for it to access the host system which bypass the sandbox. If the CDM's only source for information about the sandbox is what the sandbox tells it, then it should be possible to modify the sandbox to always report what the CDM would expect to find from a "valid" sandbox, regardless of what other changes may in fact have been made. If the CDM has other sources for information about the sandbox, then the CDM is not properly contained within the sandbox. - -- The Wanderer Secrecy is the beginning of tyranny. A government exists to serve its citizens, not to control them. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCgAGBQJTe26qAAoJEASpNY00KDJr7j0QAKUs4GDC0HT0z3YlB9zrTFRR qp0SWsHfDB3GckQyrdXkXtP7sPQKHR1ERBNw2BNczj0+gEGxtQB+QDqbRzcDonjt XRhQjlTsJfP797eQ66Zafb4z3aV8H2NXGIVQXavMDg6PBF9zic81+75kDTwKn3jd xcB1oAvWbrMfEMnzHxANqlkfDlfhV6+/+NSzfp4E6zQr9VjQ0mP7K4g7QHQuDWgp btM5oJ5gDMGyqIn6IzFKKayjxtr2workTLObzPRnYiLEPEe+FRJ78nhcU+pRCHTl x45uq8aozxU0+MLm8wC8NPtZWMJFKmZexQWU2kuyt0ScDC/MOZvBEc2UljqUk9dp MzLKoiNda+TOGHGwJpqw1oEyxYyQ3sa4mq8Jr1Fjtv7rZzIOqdzdzX7pyLRKsrkY rd0aWrziDn0ISwHOn+dnXsIMIvsSq8N0ywX8opn6xnDs90OfCrgORlTgz9ngV89i Tx1eDOU7wwEdQf2PH9NH93wY4o0Ss/+rxXG2Wgoi15Abpcl3PlYoz2isIRr9Qztg FWn+kalsQ/e51XcAS6M5IB1ytYzsEqhamPQopzs6IgMixt2Y+hFF0u9TChvl6NyK CyKFcbv9xaVf8y2PEipt34obm/lKySTcJyTkZh8VxCWd7+u9KtIRP4Z4bnWOdCaI nsu6q6B1a8m3ijzyHMZX =YTI/ -----END PGP SIGNATURE----- _______________________________________________ governance mailing list governance@lists.mozilla.org https://lists.mozilla.org/listinfo/governance
