[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#809705: general: let people use non-free software but opt-out of non-open software

Hey Niels

On Mon, Jan 4, 2016 at 8:45 AM, Niels Thykier <niels@thykier.net> wrote:
> Philippe Cerfon:
> Your second item has been brought up before with different
> focus/rationale/purpose.  At least I remember there being an interest in
> splitting "non-free" into "non-free/firmware" vs. various other non-free
> sub components.

Well, I think splitting of just the firmware sounds far less appealing.
Actually in some cases having a non open firmware may not be *that*
big security issues, e.g. when it's used to be loaded in some external
device (something like ColorHug) and for many other firmwares there is
simply no alternative (or e.g. one won't have networking).
So while it would make of course to split of the non-open firmware
packages as well, the whole effort seems to rather only make sense if
really everything non-open is split off.


> On your first item, I would have to agree with Christian.  It is not
> actionable and much less by Debian.  At best we could stop packaging
> such software or disabling such features, but both have their disadvantages:
>
>  * Even if we stop shipping them, people will still download them.
>    Except your average user will probably be worse off because most of
>    them do not verify their downloads.
>  * If we disable the functionality, we would "cripple" the software to
>    many people.  If this annoys people, we will end up in a situation
>    where people will advise /against/ using the Debian package because
>    it is "crippled", which leads to the situation above.  Or we could
>    get badly unpopular with upstream (see the "Debian vs. Ruby" issue
>    from a couple of years ago).

Removing the software is probably not going to work out, as one would
loose such big things like FF (though when looking at certain parts of
it, I wonder whether this woulnd't be quite good for
security/privacy).
So the only alternative seems to be to allow people to disable such
functionalities.
When I first stumbled over such packages, I was quite surprised that
no one had seriously complained about that before, but looking deeper
I found a number of tickets, but it seems these were usually not
accepted or just ignored :-(

The best thing would be if there was kind of a master-kill-switch,
that allows people to say yes or no to externally downloaded software.

Sincerely,
Philippe
Reply to: