In <[🔎] 20090717175900.GA16501@khazad-dum.debian.net>, Henrique de Moraes Holschuh wrote: >On Thu, 18 Jun 2009, Boyd Stephen Smith Jr. wrote: >> 3. Even if binary blobs *were* the original form of the work and their >> author modifies them by twiddling bytes, they still might not be >> appropriate for inclusion in Debian main because of the inherent >> security issues. Most notably, out inability to audit them. > >That's nonsense. > >First, "our inability to audit" has never figured in any restrictions. Not true. The security team wants this, although it is not a strict requirement. Unless security support can be provided in a different manner, this will cause packages to be removed from main/stable, or rather main/testing just before release. I think the last such program was flash- installer or somesuch. With the microcode in the Linux kernel and the X.org tree this is generally not a problem if the manufacturer of the device is providing security support since the updated microcode can generally be backported. That would require a manufacturer to commit to supporting the microcode throughout the security lifetime of a Debian release. >However, if you say there was an ASM version of the firmware, and it was > not just the same binary data in a different container (i.e. it was a > higher-level representation of the code), then it indeed belongs in > non-free and I stand corrected about it being sourceless microcode. Even microcode is rarely developed as a guru/wizard sitting down and writing out raw machine code. -- Boyd Stephen Smith Jr. ,= ,-_-. =. bss@iguanasuicide.net ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/ \_/
Attachment:
signature.asc
Description: This is a digitally signed message part.