Re: Debian on Pine64 H64B?
On 2021.09.07 18:36, lkcl wrote:
On September 7, 2021 4:16:27 PM UTC, Pete Batard <pete@akeo.ie> wrote:
And my point is that, since we are dealing with non free systems, it
makes little difference whether the non-free blobs reside in an EEPROM
or on boot media.
it makes ALL the difference in the world.
not only is it deeply unethical to support non-free firmware, in the instance where such firmware contained spying backdoors that resulted in a user system being compromised, DEBIAN DEVELOPERS COULD BE HELD LEGALLY LIABLE.
No. Not when Debian are *NOT* the ones providing said non-free blobs.
Somehow I get the feeling that some people here are misconstruing the Pi
3 and Pi 4 installation process as: "Debian is in charge of providing
the non free blobs along with the Debian installation files".
This is not the case
The process is as follows:
1. The user downloads the UEFI Firmware and non-free blobs (that are use
SOLELY for UEFI bringup) FROM A THIRD PARTY that has no direct
association with Debian. And let me be 100% clear on that, NOONE here
is or has been even remotely asking that Debian should provide these
files. NOONE.
2. Separately, the user downloads the vanilla installation ISO from Debian.
3. User extracts all of this content on a single installation media (or
separate media if they are of the idea that having both contents reside
on the one media somehow taints it) .
So you're going to have to explain to me how Debian developers, who had
no involvement in the above process, and aren't providing any of the
firmware blobs, are supposed to be held liable. If anything, it's the
user choosing to place content from two independent project that are
governed by two separate licenses, that is liable for the end result of
what their own action of mixing the content entails (though, in the boot
process we're talking about, I also don't see a liability in having
binaries governed by different licenses when the handoff process between
executables governed by these licenses is the same as the handoff
process between non GPL UEFI and GPL Debian)
In other words, your assertion is exactly like saying that, if someone
happens to download malware from a third party on a Debian OS, then
"DEBIAN DEVELOPERS COULD BE HELD LEGALLY LIABLE".
That makes absolutely zero sense.
I do understand that you have strong objection to the Pi Foundation
blobs, but that's not a reason for magically extrapolating liability of
a process that does *NOT* involve Debian providing said blobs. Please
bear in mind that we are talking about a process that is very *NOT*
talking about a process that involves pre-built images, as the whole
goal is to work with vanilla Debian ISOs, and guide the user into what
preliminary, non-Debian related steps (since these steps can just as
well apply to Windows or FreeBSD) they can take to achieve that.
As I tried to explain earlier, these blobs are associated with the UEFI
firmware, not with Debian, in the same manner as x86 proprietary blobs
are associated with the UEFI firmware and not Debian. And I am certainly
not seeing anyone throwing a hissy fit at x86 UEFI requiring said
proprietary blobs, or pretending that, because Debian boot relies on
them, as part of the pre-Debian UEFI boot, Debian devs can be held
legally liable. Therefore, it makes no sense to pretend that it should
be any different for the Raspberry Pi, when the principle (UEFI early
boot relies on proprietary blobs, that are consumed by UEFI and become
completely irrelevant, apart from the fact that some of them may reside
in memory, to the rest of the boot process after UEFI handoff) is the same.
And yes, it is also possible to use this blobs to boot a Linux kernel
directly, but that is *NOT* at all what we are discussing here.
if however the Pi Foundation wishes to distribute such unethical firmware to individuals, then they have engaged in a Contract of Sale with those individuals and THEY are legally liable for any damage or harm caused, under various Sale of Goods Acts or equivalent in the respective country.
It is your right to refuse to use a system that relies on proprietary
blobs. I therefore am going to assume that you are not using any modern
x86 PC, because, even if you use CoreBoot, you will find that they are
unavoidable.
likewise with a PC *that you bought* you did *NOT* buy that PC from a Debian Developer, you bought it from a PC distributor and your Contract of Sale is with THEM.
Yup, and in the case of the Raspberry Pi process we are describing here,
the firmware blobs and UEFI firmware that you used were not provided by
a Debian developer, but obtained from a third party (mostly EDK2 +
Raspberry Pi Foundation) and whatever you want to pretend is a contract
of sale is also with THEM, not Debian.
That these blobs and UEFI firmware are being provided on SD or USB media
rather than an EEPROM does not change this picture.
if you want a Debian Developer to enter into a Contract to provide you with a preinstalled nonfree firmware blob
That is NOT AT ALL what I want.
Worst, that is not even remotely implied in any of the guides I linked to.
Thus, it looks to me like you are "debating" a completely mistaken idea
of what the RPi installation process entails, and who is supposed to
provide what.
NOBODY is asking Debian to provide preinstalled nonfree firmware blobs
for Pi boot, just like nobody is asking Debian to provide nonfree EEPROM
x86 UEFI firmware that they can flash on their specific system. That's
what I went great length to try to describe as orthogonal to the Debian
boot process earlier, because it genuinely is.
The whole point (at least for the guides I linked to) is to keep these
entirely outside of the scope of what Debian has to provide.
That firmware blobs and UEFI firmware (provided by a non Debian related
third party) and Debian installation content (extracted from
*UNMODIFIED* vanilla Debian ARM64 ISO) happen to end up on the same
media, if you *choose* to use a single media, is the result of a user
operation that Debian has had no involvement with. So, again, I'm hard
pressed how you can find a liability for Debian there.
you should pay them adequate amounts of money so that they can take out the requisite Liability and Indemnity Insurance.
if you are not prepared to do that please do not complain because your life is made more "inconvenient".
There again, you are asserting that somebody is somehow complaining that
Debian should provide nonfree blobs for convenience.
I'm sorry but, CLEARLY, you have not read or understood the points I've
been trying to make earlier, or looked at the installation guides I
linked to.
The goal of the Pi Foundation has always been to provide the cheapest
platform they could, and eliminating the need of an Flash EEPROM for
platform bringup is one effective way to do that.
indeed. thus, that places the product firmly in EXACTLY the same category as a non-free WIFI product that requires non-free firmware.
by forcing YOU to download that nonfree firmware, YOU take responsibility for that action.
Yup. Nobody is suggesting that Debian is supposed to provide the Pi
nonfree blobs. And that is exactly the way it should be.
WHEN the Pi Foundation realise the seriousness of their laziness and provide an on-board EEPROM or SPI NOR Flash IC just like every x86 PC has done since the late 1980s THEN it will be possible for debian to support their products because Debian Developers will not find themselves in the situation of being legally liable for distribution of potentially dangerous firmware.
Irrelevant, since, again, you are asserting that someone here has been
suggesting that Debian should distribute firmware, which is *NOT* the case.
i am ESPECIALLY getting fed up of people not fully and properly understanding the realities of the situation
Amen! Especially people who seem to be following an ill-placed
misconception that somebody here is even remotely asking that Debian
should provide nonfree firmware, when that provision is being entirely
assumed by a non Debian third party, just as it is for x86 PC.
please therefore have a little more understanding and appreciation for what Debian Developers are doing, and why they are doing it, and the difficult (spongeing) circumstances and obligations they are under.
I have appreciation for them. That's why I made sure to write guides
that describe a Raspberry Pi installation process that does NOT require
Debian to provide anything but the vanilla installation ISOs.
Regards,
/Pete
Reply to: