Re: Reconsidering Debian’s Inclusion of Non-Free Firmware - A Call for Discussion

To: pandya@disroot.org, debian-devel@lists.debian.org
Cc: debian-project@lists.debian.org
Subject: Re: Reconsidering Debian’s Inclusion of Non-Free Firmware - A Call for Discussion
From: Soren Stoutner <soren@debian.org>
Date: Fri, 07 Mar 2025 11:42:10 -0700
Message-id: <[🔎] 2718863.BddDVKsqQX@soren-desktop>
In-reply-to: <[🔎] 8734folmge.fsf@josefsson.org>
References: <[🔎] 4b3bca17fdf044818615500cf5dbde85@disroot.org> <[🔎] 8734folmge.fsf@josefsson.org>

On Friday, March 7, 2025 11:33:53 AM MST Simon Josefsson wrote:

> pandya@disroot.org writes:

> > I urge Debian to rethink its decision to officially include non-free

> > firmware and correct the social contract. Instead of making non-free

> > firmware the default, Debian should ensure that users consciously

> > choose to install it while being made aware of the implications.

> I agree and would personally come back to use Debian on some of my

> laptops if there was a supported way to install Debian from official

> installer images that did not promote non-free software by including

> firmware on them.

> The recent AMD Microcode vulnerability is a good case-study on the

> dangers of permitting non-free code to run on your CPU:

> https://bughunters.google.com/blog/5424842357473280/zen-and-the-art-of-microco

> de-hacking

> There is no way for me as a user to audit that the Debian installer

> images is not including vulnerable microcode, since source code for the

> firmware is not available.

> My perception is that the Debian developer community rejected this, and

> I'm not sure people are ready to reconsider just yet (the trend seems to

> be the opposite way). Fortunately there are good libre alternatives in

> Trisquel and Guix available for recommendation meanwhile.

In the original GR, one of the options that lost was for Debian to host two sets of installer images, one with non-free firmware and one without, and for users to be able to make an informed decision before downloading the installer.

https://www.debian.org/vote/2022/vote_003#textc

This option did not prevail in the vote, but it would have been my preferred choice (I was not a Debian Developer at the time and so did not vote, but I did follow the discussion).

As mentioned above, I don’t think most people’s feelings have changed enough to warrant reopening this discussion, but I can imagine the day in the future where Debian moves towards this option.

Soren Stoutner

soren@debian.org

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to:

Follow-Ups:
- Re: Reconsidering Debian’s Inclusion of Non-Free Firmware - A Call for Discussion
  - From: Leandro Cunha <leandrocunha016@gmail.com>
- Re: Reconsidering Debian’s Inclusion of Non-Free Firmware - A Call for Discussion
  - From: Mario Limonciello <superm1@gmail.com>
- Re: Reconsidering Debian’s Inclusion of Non-Free Firmware - A Call for Discussion
  - From: Bill Allombert <ballombe@debian.org>

References:
- Reconsidering Debian’s Inclusion of Non-Free Firmware - A Call for Discussion
  - From: pandya@disroot.org
- Re: Reconsidering Debian’s Inclusion of Non-Free Firmware - A Call for Discussion
  - From: Simon Josefsson <simon@josefsson.org>

Prev by Date: Re: Reconsidering Debian’s Inclusion of Non-Free Firmware - A Call for Discussion
Next by Date: Re: Reconsidering Debian’s Inclusion of Non-Free Firmware - A Call for Discussion
Previous by thread: Re: Reconsidering Debian’s Inclusion of Non-Free Firmware - A Call for Discussion
Next by thread: Re: Reconsidering Debian’s Inclusion of Non-Free Firmware - A Call for Discussion
Index(es):
- Date
- Thread