On Friday, March 7, 2025 11:33:53 AM MST Simon Josefsson wrote:
> pandya@disroot.org writes:
> > I urge Debian to rethink its decision to officially include non-free
> > firmware and correct the social contract. Instead of making non-free
> > firmware the default, Debian should ensure that users consciously
> > choose to install it while being made aware of the implications.
>
> I agree and would personally come back to use Debian on some of my
> laptops if there was a supported way to install Debian from official
> installer images that did not promote non-free software by including
> firmware on them.
>
> The recent AMD Microcode vulnerability is a good case-study on the
> dangers of permitting non-free code to run on your CPU:
>
> https://bughunters.google.com/blog/5424842357473280/zen-and-the-art-of-microco
> de-hacking
>
> There is no way for me as a user to audit that the Debian installer
> images is not including vulnerable microcode, since source code for the
> firmware is not available.
>
> My perception is that the Debian developer community rejected this, and
> I'm not sure people are ready to reconsider just yet (the trend seems to
> be the opposite way). Fortunately there are good libre alternatives in
> Trisquel and Guix available for recommendation meanwhile.
In the original GR, one of the options that lost was for Debian to host two sets of installer images, one with non-free firmware and one without, and for users to be able to make an informed decision before downloading the installer.
https://www.debian.org/vote/2022/vote_003#textc
This option did not prevail in the vote, but it would have been my preferred choice (I was not a Debian Developer at the time and so did not vote, but I did follow the discussion).
As mentioned above, I don’t think most people’s feelings have changed enough to warrant reopening this discussion, but I can imagine the day in the future where Debian moves towards this option.
--
Soren Stoutner
soren@debian.org
Attachment:
signature.asc
Description: This is a digitally signed message part.