Re: How secure is an installation with with no non-free packages?

To: adrelanos <adrelanos@riseup.net>
Cc: debian-security@lists.debian.org
Subject: Re: How secure is an installation with with no non-free packages?
From: Jonathan Perry-Houts <jperryhouts@gmail.com>
Date: Thu, 12 Sep 2013 17:19:54 -0700
Message-id: <[🔎] 52325A2A.6000005@gmail.com>
In-reply-to: <[🔎] 52325160.1000606@riseup.net>
References: <[🔎] 523234F5.1090002@riseup.net> <[🔎] 52325160.1000606@riseup.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

My understanding of the microcode binary blobs is that they provide
updates to your processor / BIOS that usually have no free
alternative. So basically, your BIOS is probably already non-free and
you might as well have the latest version... so yes, installing the
firmware-linux-nonfree package is probably wise.

This page has a little more information on what microcode is and why
these binary blobs are unfortunately often necessary:
https://wiki.archlinux.org/index.php/Microcode

Someone with more specific knowledge should feel free to chime in here
as I am not an expert on this subject.

Cheers,

On 09/12/2013 04:42 PM, adrelanos wrote:
> adrelanos:
>> How secure is a Debian installation packages installed only from
>> main, none from contrib or non-free?
>> 
>> It will lack for example the firmware-linux-nonfree package and
>> the intel-microcode / amd-microcode package. At least the
>> microcode one is security relevant? Are there any other packages
>> which might be important to have installed for security reasons?
>> 
>> I mean, how secure is it in comparison with those packages
>> installed vs not having them installed?
>> 
>> 
> 
> I apologize, I didn't want to start a discussion of Open Source vs 
> closed source. (Feel free to have it, I am delighted to read your 
> thoughts on it, but I'd be also happy about an answer to the
> question I meant to ask but failed to properly state.) Sorry for
> not asking clear in the first place.
> 
> To rephrase my original question:
> 
> How vulnerable is Debian installation without intel-microcode / 
> amd-microcode package?
> 
> Are there other contrib and/or non-free packages, similar to the 
> microcode package, which make the system vulnerable, if not
> installed?
> 
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJSMlooAAoJEGe6xJ1FYRpRi4kH/1FR0n9PB7Sg69Kzw17yDxgB
UiO1P8QzWkNq8oT+lnFf+nZjz/4AxelpiQK6qG5H2tPyUAu9/21F7z7p15KGSTxJ
Sn2fhtCSOfWp8XEqUdCr3/H7TYvhHy0NGUSSyO0yWUKsJeqq+PXmhhuGLG52OZJB
BK5lqnKugSiPQygz9J4fL5+U1aSAsbLZ/dhwU3TR29s9G+TQ7qSCqqu85GiAyVNS
0dH+/5FLSZkjGDwa1M430Z9SM6fJTzZKW7X9AvfeaKV4gdIHVkh1tZCmjH3aDABR
2DtZLEhRpC2cKsIbYC+VM5GJwuUpMQWX8aiYpZPn1KT96Gq8cQUJ3OYJMjHXB+o=
=xeKz
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: How secure is an installation with with no non-free packages?
  - From: Sam Kuper <sam.kuper@uclmail.net>

References:
- How secure is an installation with with no non-free packages?
  - From: adrelanos <adrelanos@riseup.net>
- Re: How secure is an installation with with no non-free packages?
  - From: adrelanos <adrelanos@riseup.net>

Prev by Date: Re: How secure is an installation with with no non-free packages?
Next by Date: Re: How secure is an installation with with no non-free packages?
Previous by thread: Re: How secure is an installation with with no non-free packages?
Next by thread: Re: How secure is an installation with with no non-free packages?
Index(es):
- Date
- Thread