Re: GStreamer xwidget

[Alexandre Garreau <galex-713@galex-713.eu>]

Le Thursday, 25 November 2021, 09:13:06 CET Po Lu a écrit :
> Richard Stallman <rms@gnu.org> writes:
> >   > As GStreamer doesn't load plugins by yourself, you do so by making
> >   > sure
> >   > to only pass good plugin names to the element factory.
> > 
> > We're starting to close in on the crucial point.
> > 
> > Can you show me the code Emacs would use to control which plug-ins are
> > permitted?  In other words, how does a program "pass plug-in names"
> > to the element factory?
> 
> In the function call to `gst_element_factory_make'.  We would have to
> verify that the first argument, a C string, names a plugin included in
> `gst-plugins-base' or `gst-plugins-good'.

> > I'm trying to do a kind of security analysis of this.  Does passing
> > the right list of plug-in names depend on the cooperation of other
> > projects?
> 
> The GStreamer developers, who overlap greatly with other Freedesktop.org
> projects.

> We would have to trust them to place only free plugins in
> `gst-plugins-good' and `gst-plugins-base', and to document the plugins
> correctly.

Wait, it’s not needed to trust anyone.  There aren’t millions of plugins, 
maximum hundreds: it would be perfectly feasible to include the list of 
all of them into emacs.  The question is whether to *delegate* that work 
to GNOME, and the issue would then be when that list changes, what about 
updates, etc.

Btw, why whitelisting good and base, instead of blacklisting bad and ugly?  
Do we want to blacklist any unknown plugins?  GNU software, through 
configure for instance, has been known to ease not only classical hacking, 
by distros and full forks, but also by individual users, private 
configurations, etc. and still have all software interactions working…

Isn’t there a way to tell the license of the plugin inside each of him? if 
I remember well, GCC had some sort of a such thing (something to declare 
explicitely the plugin is under GPLv3 or GPLv3+), and I guess emacs too, 
right? It would be bad, I believe, if any individual programs a gst plugin 
for themselves (to begin, before to publish it), and cannot use it into 
emacs, even though it’s free… and neither a friend of them can, although 
they would be a free license to make the friend free…  it would mean to 
centralize the decision of “what plugins can run” into GNOME’s hand, and 
it’s actually, I believe, some sort of free-software, weak (*because* it’s 
free-software, then modifiable (btw it would be even better if that 
checking was done in lisp, or had some kind of configuration option for 
it: afaiu it’s illegal to distribute software with incompatible licenses, 
but not using one so, so an individual could still use emacs with some 
plugin that’s not juridically free-software because it has no license and 
the author is the only person to possess a copy of that plugin)) DRM…

On the other hand, the main risk here is if a distribution includes bad or 
ugly, then emacs would use proprietary software, not that the user 
programs or download one plugin, and that, by disfortune, the plugin the 
user chose is possibly proprietary, right? because since the user choose, 
well they can just as well choose a free software, and the 4 categories 
(good, base, bad, ugly) established by GNOME are outside of that…