On 19/4/22 10:27, Steve McIntyre wrote:
5. We could split out the non-free firmware packages into a new
non-free-firmware component in the archive, and allow a specific exception
only to allow inclusion of those packages on our official media. We would
then generate only one set of official media, including those non-free
firmware packages.
The motivation here for splitting non-free firmware into a separate component is so we can install Debian on modern hardware. That's a good reason, but I've always thought there was at least one other good reason.
It doesn't belong in Debian.Unlike everything else, we usually don't have the source, which neuters many of the nice security properties inherent with open source. We don't compile it, because even if we did have the source it's probably for a CPU & silicon we don't support. Ergo reproducible builds are out of the question: it could literally contain, copy or do anything the hardware allows and none of us would be the wiser. Peculiarly, we don't care about the licence, beyond being allowed to distribute it in the first place.
One of Debian's foundations is the DFSG but when it comes to this stuff, freedoms? We don't even have the freedom to avoid it. I'm genuinely surprised the project has managed to be in denial and pretend it had a choice for this long.
In short non-free packages we have the source for is one thing. These binary opaque blobs are quite another. They should be in a different component. Non-free-firmware sounds far too innocent to me. How about "not-debian", or "under-sufference".
Attachment:
OpenPGP_0xF5231C62E7843A8C.asc
Description: OpenPGP public key
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature