Re: Automatic downloading of non-free software by stuff in main
On Fri, Dec 01, 2017 at 01:53:22PM +0000, Ian Jackson wrote:
> (Dropping the crossposts. The stuff I want to reply to is probably
> material for -project.)
Thanks, crossposts are bad!
> Adam Borowski writes ("Re: Automatic downloading of non-free software by stuff in main"):
> > On Thu, Nov 30, 2017 at 01:52:18PM +0000, Ian Jackson wrote:
> > > I would like to establish a way to prevent this. (There are even
> > > whole Debian derivatives who have as one of their primary goals,
> > > preventing this.
> > No, those derivatives are damage. While their hearts are in the right
> > place, they cause data loss and security holes by at least making people on
> > Intel and AMD machines use known-buggy microcode.
> I think it's very rude to call something damage just because you
> disagree with someone's political stance with respect to the software
> they un on their own computer.
While their _intent_ is good, they are telling others to run software with
known severe bugs. Microcode itself has data loss and local exploits (such
as an unprivileged user of an unprivileged VM taking over the host machine),
then often comes in one bunch with IME updates that close remote holes.
And once remote holes come into play, it's no longer a matter of just what's
running on your own computer.
> Also, if you care so much about this you should probably worry about
> Debian's current default approach to microcode.
> > The biggest reason for me
> Debian ought to be a good upstream for everyone, not just "me"
> (whoever me is).
I'm talking about explanations, not options Debian provides to users.
It looks like we two are in agreement that all non-free software is bad,
even if we differ wrt how acceptable using it is. But we disagree about
the reason _why_:
* I say that the primary reason is that a person not blessed by the upstream
has no way to fix problems. You can't debug Windows Update to see why
your aunt's computer hangs during it. You can't print a cheat sheet of a
GFDLed manual without the cover and invariant sections. To me, every
part of DFSG (other than 4.) solves a real _practical_ problem.
* the distributions you're talking about state this as a moral issue.
⢀⣴⠾⠻⢶⣦⠀ Mozilla's Hippocritic Oath: "Keep trackers off your trail"
⣾⠁⢰⠒⠀⣿⡁ blah blah evading "tracking technology" blah blah
⠈⠳⣄⠀⠀⠀⠀ (same for all links)