On Fri, Dec 29, 2017 at 07:18:57PM +0100, Adam Borowski wrote: > On Fri, Dec 29, 2017 at 05:57:21PM +0000, Dr. Bas Wijnen wrote: > > So we need to decide what we want. I think there probably is consensus about: > > > > - We want people with non-free hardware to install Debian if they want to. > > - We want people with non-free firmware installed to get updates for it. > > > > I'm not entirely sure, but think there is also consensus that: > > > > - We want to recommend people to use as little non-free software as reasonably > > possible. > > > > I am planning to propose a GR that will clarify our position about this, and > > that should result in enabling contrib and non-free in the default installer > > image until non-free-firmware is somehow selectable for installation without > > also enabling other non-free software. > > I got the impression that the idea of having two installers for download, > side to side, received least hate of what was proposed. It doesn't get hate from me, but I do think it's suboptimal. As I explain below, I think we should recommend the image including non-free firmware to pretty much everyone. This means that if we design the website properly, the image without the firmware is very hard to find. > Having no purely free installer, or having it play second fiddle to the > non-free one, would sacrifice too much of our principles in my opinion. Therefore it should indeed play second fiddle, if it should play at all. If the hardware supports firmware updates and those are available in non-free form only, I think it would be irresponsible of us to withhold them from our users. So that means that if such hardware is present, we need to enable updates for non-free firmware. With the current repository layout, that means enabling all of non-free. Especially for new users, having two options where one has limitations (using it may leave you with an insecure system, depending on your hardware) and the other one doesn't (they've always used non-free software, continuing to do so doesn't feel like a problem for them) will lead to many of them choosing the installer which includes the non-free firmware. So I don't think it's really possible to avoid the free installer being almost unused. Personally I think it doesn't really add any value to have an installer without the non-free firmware. As long as the installer doesn't install it on the system unless it is needed, that is. The value of having an installer image that doesn't include the firmware is much lower than the value of users being able to install a good system. This is similar to how RMS originally used non-free Unix systems to work on GNU. As long as the non-free parts are required, they can (and should) be used. I would very much like to not enable all of non-free, but the proper solution for that is splitting off the firmware parts so they can be selectively enabled (or some other way to selectively enable part of an apt source) and that requires work. I don't have the time to do this work, so while I mention that it should be done, I'm not proposing that it will be done. That's not the sort of thing that a GR or mailing list discussion can do. However, I believe that the problem of our users being unable to install secure systems, or being unable to install at all, is serious and deserves to be solved. Even if that means enabling all of non-free for every new install. > Yet having such a "tainted" installer to its right/bottom would also > satisfy the need of users with bad hardware. The main issue is that the free image somehow needs to detect that non-free updates are required to keep the machine secure, and then (request to) enable non-free if they are. My guess is that this can easily be done. Enabling the non-free repository is technically easy, but I expect disagreement over whether this should be allowed. > Would this be acceptable to you without employing all the hassle of a GR? The reason I think a GR is useful is that this discussion comes up again and again. I'd prefer if we had consensus about it, and this may be the case. However, nobody seems to know, so a GR would clearly record our opinion. That seems to be a good thing. Just to clarify: my purpose of a GR isn't to "win" anything. It's to clarify what the project wants, so that people can work on this without too many protests, and installing Debian can be a better experience for our users. Thanks, Bas
Attachment:
signature.asc
Description: PGP signature