[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Reconsidering Debian’s Inclusion of Non-Free Firmware - A Call for Discussion



On Friday, March 7, 2025 11:33:53 AM MST Simon Josefsson wrote:

> pandya@disroot.org writes:

> > I urge Debian to rethink its decision to officially include non-free

> > firmware and correct the social contract. Instead of making non-free

> > firmware the default, Debian should ensure that users consciously

> > choose to install it while being made aware of the implications.

>

> I agree and would personally come back to use Debian on some of my

> laptops if there was a supported way to install Debian from official

> installer images that did not promote non-free software by including

> firmware on them.

>

> The recent AMD Microcode vulnerability is a good case-study on the

> dangers of permitting non-free code to run on your CPU:

>

> https://bughunters.google.com/blog/5424842357473280/zen-and-the-art-of-microco

> de-hacking

>

> There is no way for me as a user to audit that the Debian installer

> images is not including vulnerable microcode, since source code for the

> firmware is not available.

>

> My perception is that the Debian developer community rejected this, and

> I'm not sure people are ready to reconsider just yet (the trend seems to

> be the opposite way).  Fortunately there are good libre alternatives in

> Trisquel and Guix available for recommendation meanwhile.


In the original GR, one of the options that lost was for Debian to host two sets of installer images, one with non-free firmware and one without, and for users to be able to make an informed decision before downloading the installer.


https://www.debian.org/vote/2022/vote_003#textc


This option did not prevail in the vote, but it would have been my preferred choice (I was not a Debian Developer at the time and so did not vote, but I did follow the discussion).


As mentioned above, I don’t think most people’s feelings have changed enough to warrant reopening this discussion, but I can imagine the day in the future where Debian moves towards this option.


--

Soren Stoutner

soren@debian.org

Attachment: signature.asc
Description: This is a digitally signed message part.


Reply to: