Re: Firmware - what are we going to do about it?

To: debian-devel@lists.debian.org
Subject: Re: Firmware - what are we going to do about it?
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Thu, 21 Apr 2022 20:08:23 +0200
Message-id: <[🔎] slrnt637cn.8sh.jmm@inutil.org>
References: <[🔎] 20220419002746.GT14939@tack.einval.com>

Steve McIntyre wrote:
> What would I choose to do? My personal preference would be to go with optiob 5:
> split the non-free firmware into a special new component and include that on
> official media.

I fully agree with that (as mentioned before when the discussion came up).
I also believe we can stick with building only the firmware-enriched variant
to reduce complexity in the image build/testing; if anyone is concerned
about the firmware packages tools like vrms can be extended to deal with that.

Having a totally separate archive section apart from non-free (which is not
covered by security support) also allows us to include that new section in
what's supported with security updates (to the extent that is possible with
closed blobs, for some firmware there's simply not enough actionable
information).

But for the cases where it was clear and warranted we did make exceptions in
the past before (e.g. for the various microcode updates needed for Spectre/Meltdown
etc. and a separate archive sections allows for more clarity in that regard.

And since all firmware blobs are required to be fully re-distributable this
would also allow to enable auto-building for that new section (as opposed
to non-free where this is limited).

Cheers,
        Moritz

Reply to:

References:
- Firmware - what are we going to do about it?
  - From: Steve McIntyre <steve@einval.com>

Prev by Date: Re: Firmware - what are we going to do about it?
Next by Date: Re: Keep both images but stop pretending no-free is unofficial
Previous by thread: Re: Firmware - what are we going to do about it?
Next by thread: Re: Firmware - what are we going to do about it?
Index(es):
- Date
- Thread