[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Firmware - what are we going to do about it?

Jonas Smedegaard <jonas@jones.dk> writes:
> Quoting Russ Allbery (2022-04-19 19:29:09)

>> We need some way to clearly label non-free firmware packages so that
>> you can apply whatever installation or upgrade policy locally that you
>> want to apply, but solution #5 provides that by keeping the non-free
>> firmware in a separate archive area (which apt calls "components") to
>> which you can apply different apt policy.

> The issue I have with option 5 is that non-free blobs are then enabled 
> by default.

I just re-read option 5 and I don't see where it says that.  My
understanding of the proposal is that the firmware would be on the image
and thus available to the installer.  That doesn't imply that it will be
automatically enabled, either in the installer or on the installed
system.  That could still be gated by a prompt.

In other words, rather than having to do what one does now and choose
between the free installer and the non-free installer, my understanding of
option #5 is that there would be one install image, but there could then
be a prompt asking you whether you want to install non-free firmware.  We
could even offer a few different options (with the caveat that options
tend to confuse users, so we may not want to add too many or gate them
behind an advanced mode):

1. Purely free installation.
2. Enable non-free firmware in the installer but don't put it on the
   installed system.  (Not sure how useful this is, but I could see
   needing non-free firmware to bootstrap from wifi but the running system
   may eventually not use the non-free firmware.)
3. Enable non-free firmware and install it on the system but pin it so
   that it's never upgraded by default.
4. Enable non-free firmware and enable normal upgrades, similar to adding
   the non-free archive area today but only adding the firmware archive
   area.

I think 1 and 4 are the most useful options, and I'm not sure how many
people really want 2 or 3, but if there are enough people who want them, I
don't see any technical barriers to adding them.

I feel professionally obligated to argue that Debian should, *by default*,
upgrade anything that it installs, since from a security standpoint that
is the least risky default configuration (with, as always, the caveat that
there are special cases with different security models for which this
default isn't appropriate).  But that doesn't rule out a prompt or
allowing a user to turn this off if they want to.

> I agree that we should make it easier for our users to choose to trust 
> black magic "stuff" that they need to enable their devices.

> I do not think that we should impose on our users to trust black magic
> by default, though.

I think this is a somewhat different question than whether we put the
firmware on the default installation media so that it's *available* if
users want it.

-- 
Russ Allbery (rra@debian.org)              <https://www.eyrie.org/~eagle/>
Reply to: