Re: Firmware: Scope of non-free-firmware
On Wed, May 11, 2022 at 09:48:56AM +0800, Paul Wise wrote:
> The only exception is things like firmware-sof-signed, which is libre
> firmware except the binaries are built and signed by Intel, so Debian
> can't build the firmware binaries ourselves, unless the approach taken
> with the Secure Boot shim signing is possible. First reproducibly build
> the binaries, then if they match Intel's signature, attach Intel's sig.
> That relies on Intel using the same cross-compiler as Debian though.
You may want to talk to people responsible for that firmware, reproducible
builds sounds like an attainable goal to me.
On the other hand, an update to the compiler can make it produce different
binaries, making the signature invalid. Pinning the exact version of the
compiler would be unpleasant.
> > As examples to consider, do we want to include the following in our
> > practical divergence from software freedom purity?
>
> Since clearly there will always be users with install use-cases that
> aren't covered by main or even main plus non-free/firmware, perhaps we
> should have multiple sets of images for different audiences with
> different sets of non-free things? Each of them would explain what is
> non-free and the consequences of that both on the page itself and in
> prompts within the image itself.
I'd say that closed encrypted signed firmware that you need to load on
every boot is strictly more free than the same firmware burned into ROM.
While you lack the usual Free Software freedoms, you at least can upgrade
to whatever versions the vendor deigns to provide, downgrade to an old
version you prefer, get bug fixes including security fixes, etc. With
firmware burned into ROM the firmware stays broken.
Thus, even though that closed proprietary software continues to be a
problem, people who demand "pure" images are covering their eyes to
not see that evil, reducing their freedom in practice.
I prefer the nasty proprietary thing to be where I can see it.
It's not different from Microsoft "Secure" Boot signature we ship in main
-- a nasty thing that's required to use hardware you paid for.
> Some of the packages (like firmware-siano) are not in any way needed by
> the Debian installation process, despite containing firmware according
> to reasonable definitions of that. They aren't needed for basic
> functionality of a system either, just for specialised things
> (receiving TV signals for eg). So they very likely aren't needed on the
> non-free/firmware images and thus aren't needed in non-free/firmware?
I don't see a reason to single out debian-installer, which is just a
special case of a live CD. We already produce multiple size varieties
of the installer (minimal, netinst, full) that pick which packages to
install.
Meow!
--
⢀⣴⠾⠻⢶⣦⠀ Aryans: split from other Indo-Europeans ~2900-2000BC → Ural →
⣾⠁⢠⠒⠀⣿⡁ Bactria → settled 2000-1000BC in northwest India.
⢿⡄⠘⠷⠚⠋⠀ Gypsies: came ~1000AD from northern India; aryan.
⠈⠳⣄⠀⠀⠀⠀ Germans: IE people who came ~2800BC to Scandinavia; not aryan.
Reply to: