(I already asked you to please stop Cc'ing me on every reply, what else do I need to do?) On Mar 27, Thomas Bushnell BSG <tb@becket.net> wrote: > > We are unable to fix security bugs in hardware with non-modifiable > > firmware and modifiable but permanently stored firmware too. Should we > > drop support for these devices too? > In that case, we are not responsible for shipping them the buggy > software in the first place. This looks like a very weak argument. Considering that users need anyway the drivers for these devices (it's not like there is any choice for e.g. DVB receivers and USB DSL modems), I think it's quite obvious that they prefer to have them in Debian. If at some point in the future it will be discovered in a firmware a security bug so egregious that it makes distributing it unacceptable, then we will consider removing it from the distribution. Doing it preemptively only harms users. Have we moved from freedom for freedom's sake to security for security's sake? -- ciao, Marco
Attachment:
signature.asc
Description: Digital signature