[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: NEW handling: About rejects, and kernels

(I already asked you to please stop Cc'ing me on every reply, what else
do I need to do?)

On Mar 27, Thomas Bushnell BSG <tb@becket.net> wrote:

> > We are unable to fix security bugs in hardware with non-modifiable
> > firmware and modifiable but permanently stored firmware too. Should we
> > drop support for these devices too?
> In that case, we are not responsible for shipping them the buggy
> software in the first place.
This looks like a very weak argument. Considering that users need anyway
the drivers for these devices (it's not like there is any choice for
e.g. DVB receivers and USB DSL modems), I think it's quite obvious that
they prefer to have them in Debian.
If at some point in the future it will be discovered in a firmware a
security bug so egregious that it makes distributing it unacceptable,
then we will consider removing it from the distribution.
Doing it preemptively only harms users.

Have we moved from freedom for freedom's sake to security for security's


Attachment: signature.asc
Description: Digital signature

Reply to: