[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian is supported on many arm platforms

On September 12, 2021 2:47:38 PM UTC, "Andrew M.A. Cater" <amacater@einval.com> wrote:

nice summary, Andy. a couple of things that i feel are important to add.  first (i accidentally trimmed context) is about debian package distribution.

for those people unfamiliar with it, who have been used to other package management being distributed via "trusted" website download (node, pypi, Mozilla B2G), debian CRITICALLY DOES NOT rely on or trust web sites or SSL Certificates in any way, shape or form.

debian's distribution validation is *fundamentally* tied to the web-of-trust GPG keyring, which is itself signed and distributed as a debian package.

if you are of the belief that the debian *website* or *domain* are the sole exclusive trust authority then you have left yourself open and vulnerable to attacks of many different varieties, too numerous to list here.

please, therefore: trust and check the *GPG signatures*.

>4. Other platforms may have more/less support: this is not for want of
>and a unified approach would be really very helpful. [This might need a
>more standard approach to boot methods/co-operation from manufacturers 
>and is not something to be solved immediately].

second, is about this.  sad to say, any expectations of collaboration from manufacturers is expecting far too much.

shockingly, LG's Lawyers for example actually consider it to be a failure *on their part* if you even *notice* that LG's TV products have been criminally infringing copyright law for decades.

Allwinner Chinese employees are paranoid about IP Theft by Westerners because they themselves do it all the time, and therefore expect Westerners to "punish" them by stealing or hacking their networks at their offices.

yes, really.

i was invited to visit the Allwinner offices a few years ago and the Chinese staff treated me like I was there to commit Industrial Espionage. i felt so unsafe as a result, i could not dare consider a return visit.

from a product perspective, products involving ARM SoCs are *NOT* designed for user programmability "convenience".  they're not even designed for the *OEM's* convenience!

both Mediatek and LG have a policy of designing products *entirely on behalf* of OEMs.  they design it, they program it, they deliver it.  LG even *make* the damn products: the first time the OEM ever sees it is when it turns up at the Customs port!

i am basically painting a picture here of the realities of ARM SoCs, which is that the Fabless Semi Companies are ACTIVELY HOSTILE to the entire Free Software Community.

we are a THREAT to them.

how DARE we reverse-engineer THEIR products and steal all THEIR secret commercial information!

never mind the fact that without Free Software they wouldn't even be able to sell one single product: in their minds, one tiny change to one single header file is sufficient justification to flagrantly and blatantly ignore the fundamental tenets of Copyright Law.

even those Companies that understand Copyright Law *still* do not wish to cooperate or collaborate because (a) it costs money to do so (b) it reveals commercially confidental information (c) it doesn't help sell product that (d) is *specifically designed for non-end-user-programmability in the first place*!

much as i and everyone else is terribly frustrated with how badly the Free Software Community is treated by the Fabless Semi companies, expecting *any* type of cooperation from them *or from ARM* is unfortunately completely unrealistic.

Roger spent considerable time kindly explaining how long it took to get Linaro established. Linaro is about the limit of what ARM can do, only working with *willing* participatory Fabless Semi companies to create standards.  given the sheer massive diversity with literally thousands of ARM licensees, any attempt at "restrictive" standardisation is going to result in pushback and resultant loss of business for ARM.

it's a shitty sutuation but important to understand the context, so that we do not, as a community, spend too much of our time either complaining or fighting or unrealistically wishing things were different.

personally i am so absolutely fed up with seeing so much of *our* (collective) personal money going into "fixing" the mess that Fabless Semi companies leave behind that i concluded that the only way to properly fix it is to *become* a Fabless Semiconductor ASIC designer, and create an actual SoC that actually properly respects Software Libre to the bedrock (http://libre-soc.org)

unfortunately, due to ARM's licensing model, it can't be an ARM-compatible design. we picked Power ISA instead.


Reply to: