First of all, thanks everyone for working on this. It's much needed. On Tue, Aug 23, 2022 at 10:22:39PM +0200, Bart Martens wrote: > Do we need to recommend one above the other? I'd rather use some short > explanation per installer to help the user choose. My main concern is that users should end up with a good system after installing. This means two things: - The install must succeed and (all) the hardware must be usable. For that, non-free firmware is often required. - If non-free firmware is used, it must be updated along with the rest of the system. It is important to me that those things are not only possible, but that they will happen without any mental effort from the user. I'm all for users who like to think, but if they don't do that, they should still end up with a good system. This means the default installer needs to contain the non-free firmware. In fact, I am not sure if there are any real world examples of modern machines that would work properly without such firmware. Are there any machines on the market nowadays that do not require cpu microcode and do not require firmware in their network card? And if that is true for less than 1% of modern computers, do we really want to tell more than 99% of our potential users that they must read up on the details of their hardware and understand what "non-free firmware" means, before they can be confident that they chose the right installer? My point is: "giving people a choice" has a cost: that people need to spend time on making that choice. This is acceptable if there is no good default for most people, or if the amount of time spent is small. In this case, neither of those things is true: there is a good default for the overwhelming majority of people (at least I think so, but I'm interested to hear numbers about this), and it takes serious effort to understand the subject so a choice can be made. I think forcing users to choose would be a very bad outcome, and because of that I like Steve's proposal: include the non-free firmware on installation *BY DEFAULT* and automatically keep it updated. People who are not interested in studying the details should get a system they will be happy with. Which means their hardware should be supported, which means the non-free firmware must be installed. While I'm not against presenting a totally free installer, it needs to be done in such a way that absolutely nobody will think that they NEED the installer without the non-free firmware. I'll note that this argument can also be made for non-free drivers (like those from nVidia), but I don't think we should install those with our main installer. The main difference is that their drivers are not as important to the users: without cpu microcode updates, the user is vulnerable to security issues. Without wifi firmware, many people cannot connect to the internet. For many people this means they may as well not have the computer. Without the non-free nVidia drivers, they can still do everything, but the newest games won't work as smoothly (or at all). That is something that can be solved later (by installing the non-free drivers, hopefully after being informed of why those aren't in Debian). And people who need them are capable of doing that. Finally, I want to make some comparisons: 1. We don't tell people that they must not buy devices that contain a ROM chip with non-free firmware. I believe that moving the code from the ROM to RAM, thus requiring it to be sent by the OS, should not make any difference. We should still not tell people that those devices are bad, and we should support uploading the firmware to the device. 2. We don't enforce the DFSG on art. It's not uncommon that art is generated and thus has source code. Or at least that the version that was used (for example: a PNG image) is not the version that the artist works on. Their "source" version may be using a non-free editor. For code, that would mean the build system cannot be in main and thus the package should go in contrib. While some people (including me) have in the past argued for this, it's obvious that we don't have the same rules for art that we do for our programs. While not completely identical, I believe it is reasonable to consider firmware blobs to be more like art (in the sense that they are not running in our OS). Thanks, Bas
Attachment:
signature.asc
Description: PGP signature