Did Metastream ask for a license to redistribute the binary?
We don't know anything about the conversation with Widevine other than that they wrote, "I'm sorry but we're not supporting an open source solution like this". They clearly are supporting an open source solution like Firefox. So what is the difference, and can Metastream be less "like this" and more like Firefox?
Including the same signing model as castLabs suggests, where the default release is only for UAT and you need to sign production builds (which are only generated on your infra) to decrypt production content? Or did you want to allow downstream open-source users to decrypt production content?
i.e., if they denied you, are there users of castLabs they would have allowed, and what's the distinction between you and them?
I'm not aware of Castlabs fork working without a production build [1]. I don't think there would be a way for open source users to be able to use a production signed release. Still waiting to hear back more from Widevine.
Right, I guess I'm asking what you mean by "open source users".
As far as I know, if you download a Firefox binary from firefox.org, you can use Widevine, and there's no source in that binary that's not open source, but the binary is signed in such a way that you can download the component. If you build Firefox on your own, Widevine won't work. Can you do the same thing with Metastream? Allow users of the Metastream binary from you to get Widevine, but not allow people who build it on their own to get the production EME codec? (I realize this is more frustrating for Metastream dev than Firefox dev because Metastream is primarily about playing videos, but it should still work.)
Or in other words, is Widevine permitting Firefox to do something they're not permitting you to do, or are you trying to be more open than Firefox?
(... That said, apparently Widevine works fine in e.g. Debian's build of Firefox? So what's different?)
I would guess, that they fear, that Metastream could implement a feature, where only one of the users has paid for the content and streams it to his peers.
Those were my initial thoughts, Google misunderstanding how Metastream works. It only sends playback information, no streaming of video/audio content. Each user needs to be logged into their own session on each web service.
They have complete access to the source to verify its function. They just don't because fuck you that's why. What are you going to do about it anyway, cry on HN and Twitter?
Mozilla is Mozilla and can mount a defense so they get a license deal.
Chrome is not an open-source browser. Chromium is, and Chromium doesn't have Widevine support.
Download and sandbox the Widevine binary blob the same way that Firefox does. Done.