[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Going ahead with non-free-firmware

On 09/01/16 23:22, Philippe Cerfon wrote:
> For non-open, the definition is quite clear: all or some of the
> sources are no available.

If the question you're trying to answer is "is this safe?", then I don't
think source-available (and hence auditable) vs source-unavailable (and
hence not auditable) is necessarily the interesting distinction to make.

<https://tracker.debian.org/pkg/doom-wad-shareware> is certainly not
source-available - we don't have the source files from which it was
compiled - but it's as safe to use as any other non-executable data package.

<https://tracker.debian.org/pkg/firmware-iwlwifi> contains firmware that
isn't source-available, but doesn't run on the main CPU (and hopefully
can't DMA out the main RAM).

Conversely, <https://tracker.debian.org/pkg/flashplugin-nonfree>
contains only Free Software (and is necessarily also source-available),
hence it's in contrib; but its entire purpose is to download executable
code that is not auditable, and based on historical experience, not safe
either.

    S
Reply to: