pkgconf 1.3.9 is out addressing a security problem. a CVE number is forthcoming.
yes, absolutely content companies' lawyers are shit.
but ultimately that doesn't matter because they are the ones who are agreeing to use a DRM scheme that is ultimately a bait and switch -- it is trivial to modify a host browser to use the CDM blobs as a decryption oracle making the CDM itself pointless.
fight DRM if you want to, but honestly at this point it's a pointless fight, nobody is going to sue anybody else over a clone CDM.
it basically comes down to this: reimplement flash or reimplement a CDM. the CDM is far more trivial to implement than flash. everyone already knows that HTML5 DRM is nonsense anyway because the CDM can be used as a decryption oracle, so nobody is going to be suing anybody over it.
this is ultimately tech companies fleecing content companies with ineffective DRM in order to make lawyers happy so that people can *drop flash* for their lawyer's DRM requirement.
you see, my point is that EME is the lesser evil. a libre implementation of the CDM *can* be written: Google's widevine literally is just an implementation of the ISO 'cenc' DRM spec, they even say so explicitly.
if somebody else writes a libre implementation of the ISO spec and implements the custom KX part of widevine (a comms protocol, both are legal to do), then voila you have a widevine clone that is usable as a drop-in replacement.
stop whining, get coding.
it really doesn't affect you, as you wouldn't be able to access that content without proprietary software anyway, now would you?
this is the flawed pipe dream of lies that the FSF and others sell: that somehow if we just reject DRM that the content producers will simply quit using it.
if we derail EME then they will just use flash, silverlight and other proprietary plugins to render the encrypted content instead, and free software users will be unable to access it.
No, the plan is to be pragmatic and understand that some people would like to consume encrypted content, just like they consume encrypted graphics drivers from NVIDIA.
We can say "don't do that," but we are *delusional* to say that those are not problems end users face.
By acknowledging this, we do, in general, give users more computing freedom.
Because if we can actually get critical mass, then we can actually change the way things are. Right now nobody cares about the 1-3% Linux desktop marketshare.
Steam on Linux has nothing to do with pre-existing Linux users and everything to do with Valve having a full platform they control (which will support DRM for video I guarantee it), so don't argue that one please.
EME Show more
You're absolutely right. It's a judgement call.
And for RedHat's main business concern, which isn't playing DVDs or other encrypted media, it's an understandable judgement call.
For people dealing with end *desktop* users, however, other judgement calls make more sense.
It all comes down to risk analysis, and the risk is low here. Maybe not low enough for RedHat and Microsoft (née Attachmate/SuSE), but low enough for others.
EME Show more
Therefore, cloning Widevine CDM is a very low risk proposition to both the developer and end users.
It is not in the interest of Alphabet/Google to initiate litigation over a Widevine-compatible libre CDM implementation. It is a PR losing move (therefore stock price losing move), which will force them to admit EME is a pointless scheme (also a stock price losing move).
Suing over a libre clone is financially irresponsible.
EME Show more
Further, a lawsuit would basically require Alphabet to publicly disclose that Widevine CDM has ineffective security, which would undermine their goals with advancing EME, as nobody would use the EME CDM scheme anymore to protect their content -- going back to proprietary bytecode running on Flash and Moonlight/Silverlight VMs instead.
EME Show more
I infact, did. There is no value to the MPAA in suing even a commercial distribution that includes libdvdcss. It will not stop or cause any further piracy, which is the goal of the MPAA.
Similarly, shipping a libre implementation of ISO/IEC CENC CDM standard, which is what Widevine is (paired with a proprietary comms protocol), will not affect the content piracy rates in any noticeable way.