Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.devel > #104171
| From | Luca Boccassi <bluca@debian.org> |
|---|---|
| Newsgroups | linux.debian.devel |
| Subject | Re: Firmware - what are we going to do about it? |
| Date | 2022-04-19 11:40 +0200 |
| Message-ID | <EdSuZ-9KPr-9@gated-at.bofh.it> (permalink) |
| References | <EdJUJ-9Fwt-1@gated-at.bofh.it> |
| Organization | linux.* mail to news gateway |
[Multipart message — attachments visible in raw view] - view raw
On Tue, 2022-04-19 at 01:27 +0100, Steve McIntyre wrote: > What would I choose to do? My personal preference would be to go with option 5: > split the non-free firmware into a special new component and include that on > official media. This is a great write-up and proposal, thank you very much for working on it! Personally, I'd even go for option 4, so that other drivers are covered too (the general advice that can be found on the internet for users with nvidia hardware seems to be: "avoid Debian, go Ubuntu/Mint/etc", which is just a sad state of affairs). But option 5 is already a great improvement upon the status quo. One thing about the write-up, did you consider mentioning explicitly the security angle in the rationale for the change? For packages like intel-microcode, not only is the non-free "firmware" necessary, but an old copy is "embedded", which means by default Debian users run with outdated and insecure microcode, exposing them to very real and very dangerous security vulnerabilities, unless they go out of their way to enable the non-advertised non-free repository. I don't know for certain, but I think there are other cases like this, with hardware that ships a full updatable firmware in flash storage, that gets security fixes and updates. -- Kind regards, Luca Boccassi
Back to linux.debian.devel | Previous | Next — Previous in thread | Next in thread | Find similar
Firmware - what are we going to do about it? Steve McIntyre <steve@einval.com> - 2022-04-19 02:30 +0200
Re: Firmware - what are we going to do about it? Ansgar <ansgar@43-1.org> - 2022-04-19 08:40 +0200
Re: Firmware - what are we going to do about it? Devin Prater <r.d.t.prater@gmail.com> - 2022-04-19 10:00 +0200
Re: Firmware - what are we going to do about it? Marco d'Itri <md@Linux.IT> - 2022-04-19 10:30 +0200
Re: Firmware - what are we going to do about it? parodper <parodper@disroot.org> - 2022-04-19 10:40 +0200
Re: Firmware - what are we going to do about it? Andrey Rahmatullin <wrar@debian.org> - 2022-04-19 10:50 +0200
Re: Firmware - what are we going to do about it? Steve McIntyre <steve@einval.com> - 2022-04-19 12:00 +0200
Re: Firmware - what are we going to do about it? Luca Boccassi <bluca@debian.org> - 2022-04-19 11:40 +0200
Re: Re: Firmware - what are we going to do about it Steven Robbins <steve@sumost.ca> - 2022-04-23 20:40 +0200
Re: Firmware - what are we going to do about it Steve McIntyre <steve@einval.com> - 2022-04-24 01:30 +0200
Re: Firmware - what are we going to do about it Luca Boccassi <bluca@debian.org> - 2022-04-25 09:40 +0200
Re: Firmware - what are we going to do about it? Christian Kastner <ckk@debian.org> - 2022-04-19 12:00 +0200
Re: Firmware - what are we going to do about it? Andrey Rahmatullin <wrar@debian.org> - 2022-04-19 12:10 +0200
Re: Firmware - what are we going to do about it? Jonas Smedegaard <jonas@jones.dk> - 2022-04-19 12:50 +0200
Re: Firmware - what are we going to do about it? intrigeri <intrigeri@debian.org> - 2022-04-19 13:40 +0200
Re: Firmware - what are we going to do about it? Jonas Smedegaard <jonas@jones.dk> - 2022-04-19 14:40 +0200
Re: Firmware - what are we going to do about it? Andrey Rahmatullin <wrar@debian.org> - 2022-04-19 14:50 +0200
Re: Firmware - what are we going to do about it? Jonas Smedegaard <jonas@jones.dk> - 2022-04-19 16:20 +0200
Re: Firmware - what are we going to do about it? Tim Woodall <debiandevel@woodall.me.uk> - 2022-04-19 17:50 +0200
Re: Firmware - what are we going to do about it? Andrey Rahmatullin <wrar@debian.org> - 2022-04-19 18:10 +0200
Re: Firmware - what are we going to do about it? Timothy M Butterworth <timothy.m.butterworth@gmail.com> - 2022-04-19 18:30 +0200
Re: Firmware - what are we going to do about it? Jonas Smedegaard <jonas@jones.dk> - 2022-04-19 19:00 +0200
Re: Firmware - what are we going to do about it? Ansgar <ansgar@43-1.org> - 2022-04-19 19:10 +0200
Re: Firmware - what are we going to do about it? Andrey Rahmatullin <wrar@debian.org> - 2022-04-19 20:00 +0200
Re: Firmware - what are we going to do about it? Jonas Smedegaard <jonas@jones.dk> - 2022-04-19 23:10 +0200
Re: Firmware - what are we going to do about it? Ansgar <ansgar@43-1.org> - 2022-04-20 08:10 +0200
Re: Firmware - what are we going to do about it? Andrey Rahmatullin <wrar@debian.org> - 2022-04-20 08:20 +0200
Re: Firmware - what are we going to do about it? Tim Woodall <debiandevel@woodall.me.uk> - 2022-04-19 19:00 +0200
Re: Firmware - what are we going to do about it? Russ Allbery <rra@debian.org> - 2022-04-19 19:30 +0200
Re: Firmware - what are we going to do about it? Jonas Smedegaard <jonas@jones.dk> - 2022-04-19 23:40 +0200
Re: Firmware - what are we going to do about it? Russ Allbery <rra@debian.org> - 2022-04-20 00:00 +0200
Re: Firmware - what are we going to do about it? Jonas Smedegaard <jonas@jones.dk> - 2022-04-20 11:10 +0200
Re: Firmware - what are we going to do about it? Steve McIntyre <steve@einval.com> - 2022-04-20 18:20 +0200
Re: Firmware - what are we going to do about it? Ansgar <ansgar@43-1.org> - 2022-04-20 18:30 +0200
Re: Firmware - what are we going to do about it? Steve McIntyre <steve@einval.com> - 2022-04-20 18:50 +0200
Re: Firmware - what are we going to do about it? Russ Allbery <rra@debian.org> - 2022-04-20 20:00 +0200
Re: Firmware - what are we going to do about it? Sam Hartman <hartmans@debian.org> - 2022-04-21 02:10 +0200
Re: Firmware - what are we going to do about it? Steve McIntyre <steve@einval.com> - 2022-04-21 15:50 +0200
writing good GR ballots (Re: Firmware - what are we going to do about it?) Holger Levsen <holger@layer-acht.org> - 2022-04-22 12:00 +0200
Re: Firmware - what are we going to do about it? Luca Boccassi <bluca@debian.org> - 2022-04-20 00:30 +0200
Re: Firmware - what are we going to do about it? Christian Kastner <ckk@debian.org> - 2022-04-19 14:10 +0200
Re: Firmware - what are we going to do about it? Jonathan Dowland <jmtd@debian.org> - 2022-04-20 12:50 +0200
Re: Firmware - what are we going to do about it? Paul Wise <pabs@debian.org> - 2022-04-20 09:30 +0200
Re: Firmware - what are we going to do about it? Timo Röhling <roehling@debian.org> - 2022-04-19 12:10 +0200
Re: Firmware - what are we going to do about it? Jeremy Stanley <fungi@yuggoth.org> - 2022-04-19 14:40 +0200
Re: Firmware - what are we going to do about it? Bastian Blank <waldi@debian.org> - 2022-04-19 23:10 +0200
Re: Firmware - what are we going to do about it? Jeremy Stanley <fungi@yuggoth.org> - 2022-04-20 01:00 +0200
Re: Firmware - what are we going to do about it? Steve McIntyre <steve@einval.com> - 2022-04-20 17:40 +0200
Keep both images but stop pretending no-free is unofficial Sam Hartman <hartmans@debian.org> - 2022-04-19 16:30 +0200
Re: Keep both images but stop pretending no-free is unofficial Marc Haber <mh+debian-devel@zugschlus.de> - 2022-04-19 19:00 +0200
Re: Keep both images but stop pretending no-free is unofficial Sam Hartman <hartmans@debian.org> - 2022-04-19 22:10 +0200
Re: Keep both images but stop pretending no-free is unofficial Bastian Blank <waldi@debian.org> - 2022-04-19 23:10 +0200
Re: Keep both images but stop pretending no-free is unofficial Pirate Praveen <praveen@onenetbeyond.org> - 2022-04-20 09:30 +0200
Re: Keep both images but stop pretending no-free is unofficial Andrey Rahmatullin <wrar@debian.org> - 2022-04-20 09:50 +0200
Re: Keep both images but stop pretending no-free is unofficial Pirate Praveen <praveen@onenetbeyond.org> - 2022-04-20 10:00 +0200
Re: Keep both images but stop pretending no-free is unofficial Andrey Rahmatullin <wrar@debian.org> - 2022-04-20 10:10 +0200
Re: Keep both images but stop pretending no-free is unofficial Polyna-Maude Racicot-Summerside <debian@polynamaude.com> - 2022-04-20 14:30 +0200
Re: Keep both images but stop pretending no-free is unofficial Andrey Rahmatullin <wrar@debian.org> - 2022-04-20 15:10 +0200
Re: Keep both images but stop pretending no-free is unofficial Ansgar <ansgar@43-1.org> - 2022-04-20 10:30 +0200
Re: Keep both images but stop pretending no-free is unofficial Samuel Thibault <sthibault@debian.org> - 2022-04-20 16:30 +0200
Re: Keep both images but stop pretending no-free is unofficial Ansgar <ansgar@43-1.org> - 2022-04-20 16:40 +0200
Re: Keep both images but stop pretending no-free is unofficial Marco d'Itri <md@Linux.IT> - 2022-04-19 23:10 +0200
Re: Keep both images but stop pretending no-free is unofficial Gunnar Wolf <gwolf@debian.org> - 2022-04-21 20:20 +0200
Re: Keep both images but stop pretending no-free is unofficial Hakan Bayındır <hakan@bayindir.org> - 2022-04-21 20:30 +0200
Re: Keep both images but stop pretending no-free is unofficial Gunnar Wolf <gwolf@debian.org> - 2022-04-21 21:20 +0200
Re: Firmware - what are we going to do about it? Diederik de Haas <didi.debian@cknow.org> - 2022-04-19 21:40 +0200
Re: Firmware - what are we going to do about it? Paul Wise <pabs@debian.org> - 2022-04-20 09:40 +0200
Re: Firmware - what are we going to do about it? Paul Wise <pabs@debian.org> - 2022-04-21 08:20 +0200
Re: Firmware - what are we going to do about it? Pirate Praveen <praveen@onenetbeyond.org> - 2022-04-20 09:50 +0200
Re: Firmware - what are we going to do about it? Devin Prater <r.d.t.prater@gmail.com> - 2022-04-20 12:10 +0200
Re: Firmware - what are we going to do about it? Polyna-Maude Racicot-Summerside <debian@polynamaude.com> - 2022-04-20 14:40 +0200
Re: Firmware - what are we going to do about it? Steve McIntyre <steve@einval.com> - 2022-04-20 17:50 +0200
Re: Firmware - what are we going to do about it? Polyna-Maude Racicot-Summerside <debian@polynamaude.com> - 2022-04-20 14:40 +0200
Re: Firmware - what are we going to do about it? Samuel Thibault <sthibault@debian.org> - 2022-04-20 14:50 +0200
Re: Firmware - what are we going to do about it? Polyna-Maude Racicot-Summerside <debian@polynamaude.com> - 2022-04-20 15:10 +0200
Re: Firmware - what are we going to do about it? Samuel Thibault <sthibault@debian.org> - 2022-04-20 15:20 +0200
Re: Firmware - what are we going to do about it? Jonathan Dowland <jmtd@debian.org> - 2022-04-20 15:40 +0200
Re: Firmware - what are we going to do about it? Devin Prater <r.d.t.prater@gmail.com> - 2022-04-20 17:00 +0200
Re: Firmware - what are we going to do about it? Steve Langasek <vorlon@debian.org> - 2022-04-20 18:40 +0200
Re: Firmware - what are we going to do about it? Devin Prater <r.d.t.prater@gmail.com> - 2022-04-20 20:00 +0200
Re: Firmware - what are we going to do about it? Andrey Rahmatullin <wrar@debian.org> - 2022-04-20 21:20 +0200
Re: Firmware - what are we going to do about it? Steve McIntyre <steve@einval.com> - 2022-04-21 16:00 +0200
Re: Firmware - what are we going to do about it? Andrey Rahmatullin <wrar@debian.org> - 2022-04-20 19:20 +0200
Re: Firmware - what are we going to do about it? Jonathan Dowland <jmtd@debian.org> - 2022-04-20 12:50 +0200
Re: Firmware - what are we going to do about it? Simon Richter <sjr@debian.org> - 2022-04-21 22:10 +0200
Re: Firmware - what are we going to do about it? Russell Stuart <russell-debian@stuart.id.au> - 2022-04-20 13:40 +0200
Re: Firmware - what are we going to do about it? Paul Wise <pabs@debian.org> - 2022-04-20 14:40 +0200
Re: Firmware - what are we going to do about it? Steve McIntyre <steve@einval.com> - 2022-04-20 18:00 +0200
Re: Firmware - what are we going to do about it? Steve Langasek <vorlon@debian.org> - 2022-04-20 21:30 +0200
Re: Firmware - what are we going to do about it? nervuri <nervuri@disroot.org> - 2022-04-20 22:20 +0200
Re: Firmware - what are we going to do about it? Paul Wise <pabs@debian.org> - 2022-04-21 08:00 +0200
Re: Firmware - what are we going to do about it? Hakan Bayındır <hakan.bayindir@tubitak.gov.tr> - 2022-04-21 09:30 +0200
Re: Firmware - what are we going to do about it? Hakan Bayındır <hakan@bayindir.org> - 2022-04-21 10:00 +0200
Re: Firmware - what are we going to do about it? Andrey Rahmatullin <wrar@debian.org> - 2022-04-21 10:20 +0200
Re: Firmware - what are we going to do about it? Hakan Bayındır <hakan@bayindir.org> - 2022-04-21 12:50 +0200
Re: Firmware - what are we going to do about it? Andrey Rahmatullin <wrar@debian.org> - 2022-04-21 18:40 +0200
Re: Firmware - what are we going to do about it? Andrey Rahmatullin <wrar@debian.org> - 2022-04-21 10:00 +0200
Re: Firmware - what are we going to do about it? Russ Allbery <rra@debian.org> - 2022-04-21 19:20 +0200
Re: Firmware - what are we going to do about it? Andreas Tille <andreas@an3as.eu> - 2022-04-22 07:20 +0200
Re: Firmware - what are we going to do about it? Hakan Bayındır <hakan@bayindir.org> - 2022-04-22 08:40 +0200
Re: Firmware - what are we going to do about it? IOhannes m zmölnig <umlaeute@debian.org> - 2022-04-22 09:40 +0200
Re: Firmware - what are we going to do about it? Marc Haber <mh+debian-devel@zugschlus.de> - 2022-04-23 12:20 +0200
Re: Firmware - what are we going to do about it? Thomas Goirand <zigo@debian.org> - 2022-04-21 09:40 +0200
Re: Firmware - what are we going to do about it? Mattias Wadenstein <maswan@acc.umu.se> - 2022-04-21 11:30 +0200
Re: Firmware - what are we going to do about it? Paul Wise <pabs@debian.org> - 2022-04-21 11:50 +0200
Re: Firmware - what are we going to do about it? Hakan Bayındır <hakan@bayindir.org> - 2022-04-21 11:40 +0200
Re: Firmware - what are we going to do about it? Moritz Mühlenhoff <jmm@inutil.org> - 2022-04-21 20:10 +0200
Re: Firmware - what are we going to do about it? Leandro Cunha <leandrocunha016@gmail.com> - 2022-04-22 00:30 +0200
Re: Firmware - what are we going to do about it? Philip Hands <phil@hands.com> - 2022-04-22 11:20 +0200
shim-signed (was: Firmware - what are we going to do about it?) Marc Haber <mh+debian-devel@zugschlus.de> - 2022-04-23 12:30 +0200
Re: shim-signed (was: Firmware - what are we going to do about it?) Ansgar <ansgar@43-1.org> - 2022-04-23 14:00 +0200
Re: shim-signed (was: Firmware - what are we going to do about it?) Marc Haber <mh+debian-devel@zugschlus.de> - 2022-04-26 16:10 +0200
Re: shim-signed (was: Firmware - what are we going to do about it?) Ansgar <ansgar@43-1.org> - 2022-04-26 17:00 +0200
Re: shim-signed (was: Firmware - what are we going to do about it?) Steve McIntyre <steve@einval.com> - 2022-04-23 19:30 +0200
Re: shim-signed (was: Firmware - what are we going to do about it?) Paul Wise <pabs@debian.org> - 2022-04-24 04:40 +0200
Re: shim-signed (was: Firmware - what are we going to do about it?) Marc Haber <mh+debian-devel@zugschlus.de> - 2022-04-26 16:20 +0200
Re: shim-signed (was: Firmware - what are we going to do about it?) Steve McIntyre <steve@einval.com> - 2022-04-26 18:40 +0200
Re: shim-signed (was: Firmware - what are we going to do about it?) Bastian Blank <waldi@debian.org> - 2022-04-26 21:10 +0200
Re: shim-signed (was: Firmware - what are we going to do about it?) Paul Wise <pabs@debian.org> - 2022-04-27 00:10 +0200
Re: shim-signed The Wanderer <wanderer@fastmail.fm> - 2022-04-27 00:40 +0200
Re: shim-signed Steve McIntyre <steve@einval.com> - 2022-04-28 18:20 +0200
Re: shim-signed The Wanderer <wanderer@fastmail.fm> - 2022-04-27 00:40 +0200
Re: shim-signed Tollef Fog Heen <tfheen@err.no> - 2022-04-28 06:30 +0200
Re: shim-signed Steve McIntyre <steve@einval.com> - 2022-04-28 18:30 +0200
Re: shim-signed Tollef Fog Heen <tfheen@err.no> - 2022-04-24 09:00 +0200
Re: shim-signed Hanno 'Rince' Wagner <wagner@debian.org> - 2022-04-24 09:20 +0200
Re: shim-signed Tollef Fog Heen <tfheen@err.no> - 2022-04-28 06:30 +0200
Re: shim-signed Steve McIntyre <steve@einval.com> - 2022-04-28 18:30 +0200
Re: Firmware - what are we going to do about it? Holger Levsen <holger@layer-acht.org> - 2022-04-22 11:50 +0200
Re: Firmware - what are we going to do about it? Paul van der Vlis <paul@vandervlis.nl> - 2022-04-23 15:30 +0200
Re: Firmware - what are we going to do about it? Andrey Rahmatullin <wrar@debian.org> - 2022-04-23 16:10 +0200
Re: Firmware - what are we going to do about it? Paul van der Vlis <paul@vandervlis.nl> - 2022-04-23 23:00 +0200
Re: Firmware - what are we going to do about it? Iustin Pop <iustin@debian.org> - 2022-04-23 23:10 +0200
Re: Firmware - what are we going to do about it? Simon Richter <sjr@debian.org> - 2022-04-24 05:10 +0200
Re: Firmware - what are we going to do about it? Andrey Rahmatullin <wrar@debian.org> - 2022-04-24 09:50 +0200
Re: Firmware - what are we going to do about it? Timothy M Butterworth <timothy.m.butterworth@gmail.com> - 2022-04-23 23:20 +0200
Re: Firmware - what are we going to do about it? Andrey Rahmatullin <wrar@debian.org> - 2022-04-23 23:30 +0200
Re: Firmware - what are we going to do about it? Paul van der Vlis <paul@vandervlis.nl> - 2022-04-25 18:10 +0200
Re: Firmware - what are we going to do about it? Andrey Rahmatullin <wrar@debian.org> - 2022-04-25 18:50 +0200
Re: Firmware - what are we going to do about it? Hakan Bayındır <hakan@bayindir.org> - 2022-04-25 22:50 +0200
Re: Firmware - what are we going to do about it? Ansgar <ansgar@43-1.org> - 2022-04-26 08:20 +0200
Re: Firmware - what are we going to do about it? Hakan Bayındır <hakan@bayindir.org> - 2022-04-26 09:50 +0200
Re: Firmware - what are we going to do about it? Ansgar <ansgar@43-1.org> - 2022-04-26 10:40 +0200
Re: Firmware - what are we going to do about it? Hakan Bayındır <hakan@bayindir.org> - 2022-04-26 11:00 +0200
Re: Firmware - what are we going to do about it? Andrey Rahmatullin <wrar@debian.org> - 2022-04-26 11:10 +0200
Re: Firmware - what are we going to do about it? Hakan Bayındır <hakan@bayindir.org> - 2022-04-26 11:50 +0200
Re: Firmware - what are we going to do about it? Hans <hans.ullrich@loop.de> - 2022-04-26 11:50 +0200
Re: Firmware - what are we going to do about it? Helmut Grohne <helmut@subdivi.de> - 2022-04-30 14:10 +0200
csiph-web