- From: Mark Watson <watsonm@netflix.com>
- Date: Tue, 14 May 2013 08:26:39 -0700
- To: Alastair Campbell <alastc@gmail.com>
- Cc: Henri Sivonen <hsivonen@iki.fi>, public-restrictedmedia@w3.org
- Message-ID: <CAEnTvdC25iBi+10KaBOqaKS+2E-r0eYi8THirtmF-uC9CX0LDg@mail.gmail.com>
On Tue, May 14, 2013 at 6:33 AM, Alastair Campbell <alastc@gmail.com> wrote: > Henri Sivonen wrote: > >> So the browser taken together with the CDM wouldn't be Open Source in >> the sense of coming with the downstream freedoms associated with Open >> Source, then. Open Source isn't just about source disclosure. Source >> disclosure is a mere prerequisite for enabling the downstream >> freedoms. >> > > So Mozilla would not be able to produce a build of Firefox that includes a > CDM? > > It sounds like EME provides some separation, but not enough for a (fully) > open source browser. I assume Google gets around this by using webkit/blink > as the rendering engine, but the rest of the browser is not open source. > > I also assume that having the CDM outside of the browser would mean we're > back in plugin territory? > As I mentioned, there are two ways that a browser that did not wish to ship closed source code could integrate with a CDM. One would be for the case where the necessary DRM functions are included within the platform with published APIs. Indeed Mozilla have proposed that platform APIs of this nature that are available to one browser must be available to all browsers. That seems like a good idea to me but we will have to wait and see if such published APIs are forthcoming. The other option is to ship a mechanism that will download, verify and load specific UA-vendor-supported CDMs. This would enable the UA-vendor to offer some of the security and privacy protection that they typically offer (though not as far as "here is the code" unless through the admittedly challenging obfuscating compiler route described by Henri). I would point out that even the most open-source of systems relies on plenty of closed source code. There are device drivers, code in the GPU, microcode in the CPU, never mind the hardware itself, which is just code compiled with chip fabrication plant. So, I wonder if the concerns about closed-source CDMs are more to do with the functionality of those than the fact that they are closed-source. ...Mark > > Kind regards, > > -Alastair > > > >
Received on Tuesday, 14 May 2013 15:27:11 UTC