- From: <piranna@gmail.com>
- Date: Mon, 10 Jun 2013 23:08:48 +0200
- To: Mark Watson <watsonm@netflix.com>
- Cc: public-restrictedmedia@w3.org
- Message-ID: <CAKfGGh0=6SqQHwf3J0RwtV=ZNC5SC=aE92enJunBJHTeAhmQ_w@mail.gmail.com>
> The intent of EME is not to create an arbitrary plugin API for "binary blobs controlled by Hollywood". It is for User Agents to integrate with specific CDMs of their choice, the properties and functionality of which they know such that they can vouch for their functionality to their users. Or, if the CDM vendors refuse to provide such information to UA implementors the UA can highlight this lack of knowledge to the user or refuse to integrate with the CDM. > So, implicitly, you are saying that this CDMs will not be available to open source browsers because developers will not want to sign NDAs incompatibles with their licenses requiring full access to all the source code by everybody, and CDMs verdors will have the perfect excuse to don't release them because they "can't do it" argumenting intellectual property over their code, patents, commercial secrets, security issues... > I would expect UAs to pay special attention to the APIs that CDMs have access to: whether they have "side-channel" network access, disk access etc. > I expect everybody has a price, specially multi-billion corporates: exclusive contracts, interchange of users data, etc. > To Nikos point, yes, you are right, it is not the same kind of trust in the UA that comes from studying the source code, but that does not meet it is devoid of value to have the UA implementor - who has different incentives from the CDM vendor or content provider - in the loop. It is entirely possible that the UA implementor has seen the CDM source code and makes their representations to their users on that basis. > So, if I want to develop a browser from scratch (a difficult task, but I have the skills to do it), would I have access to the CDM source code as an individual, or since I'm "only one guy" the best alternative I would have is to trust on a guy from Mozilla (or whatever) that nobody warrant me he didn't receive an envelope with money and inject its "certificated" binary blob on my browser code? Honestly, I find this not only it fix anything about the actual situation with Flash or Acrobat but also it's way worst from a trust and transparency point of view...
Received on Monday, 10 June 2013 21:09:15 UTC