On Fri, Mar 07, 2025 at 11:05:02PM +0530, pandya@disroot.org wrote:

I understand that users need proprietary drivers to run certain
hardware, and Debian should not ignore this reality. That is why I am
not asking Debian to become a fully GNU-endorsed distro like Trisquel,
which rejects all non-free software in every case.

Good! It's also good that you already know about Trisquel and so we can
skip suggesting it.

However, at the same time, Debian should not readily promote non-free >firmware to the point where it loses its philosophical distinction and >becomes just another convenience-focused distribution like Ubuntu or
Linux Mint.

I would like Debian to become more convenience-focused than FSF-focused.

After compromising a byte, our goal should be to find/develop libre >alternatives so that, in the future, Debian users are less (bit)
dependent on non-free firmware.

You could do that in parallel. Please do find/develop those.

Instead, we did the
opposite--compromising more, from a byte to a kilobyte, for the sake
of convenience. If this trend continues, what stops us from reaching a >megabyte of compromise?

Debian's official inclusion of non-free firmware contradicts its
original philosophical values and social contract. Today, Debian
includes a few non-free firmwares; tomorrow, it may include several;
and the day after, many.

Yes please!

I urge Debian to rethink its decision to officially include non-free >firmware and correct the social contract.

There is a procedure for that. Assuming you cannot propose a GR yourself
you may find DDs who will want to do that. However, make sure you both understand that proposing a GR that will definitely fail just wastes time
of people involved.

Instead of making non-free
firmware the default, Debian should ensure that users consciously
choose to install it while being made aware of the implications.

That was option 3, which lost to all options except FD, or maybe
(considering the mood of your email) option 4, *which lost to FD*.

GNU explains: https://www.gnu.org/philosophy/install-fest-devil.html

Imagine hiding the "devil" by making it an official part of Debian.

Debian is Debian--the "devil" should not be an official part of it.

You know what to use if you don't like the current Social Contract of
Debian.


--
WBR, wRAR

-----BEGIN PGP SIGNATURE-----

iQJhBAABCgBLFiEEolIP6gqGcKZh3YxVM2L3AxpJkuEFAmfLOT8tFIAAAAAAFQAP cGthLWFkZHJlc3NAZ251cGcub3Jnd3JhckBkZWJpYW4ub3JnAAoJEDNi9wMaSZLh +LoQAKNpz6+2+JV5vZ7p+7Awc0fW+xfJ2Swj+6MvOxflo/hqhUgFJRyZNn4122ZQ jifr83+JvPX9ihh5ZfnJiwNfWCTmKB+NX/MeLRiIsZzrgwVQ8waHMQdbR+PKiuu7 8qoyiT6SC1os69kcUrJKFAciZsB1utbytLcqChoCpaf3WAtxHlFGUpTFjRz2nM0+ EbWTizbtTPIimcMLLuco5yGJ3gxtyTHvs6VVimr9zDvRh3B7+4kdXSY8AE6R8HFH v00hW6EJvLKbxcDHOitMTXztJh6pu7mBm6RukPFrCw87ZlREWpoxZCMIRFojhMqD iTdWckXEnr+LMffm//eF4yIRwz4zBbOuVmdV13ewjaKO1BCj7dH+ASZ8S5FGaI1g SD1gzetIsrKp3hq0q/Rk4PcQu+Z/z6udHknCc4LDJMdeZareyRd0+8t24fDER/2/ uRIT9tS1RDZk+YZmEwCXpPq8d4aJ7Telv+MKrBMUA2PvwfqxuZ2t8wkYXGctMpye ivqtrezJsKlG/VW2PqsQqOd6GInf3ry+a3e6N11ReEyiM1jwGzJ2OuhsFAXDCsQt VSafduNVPqAIZsTnMw63kifQl3rOTtpwS0d9Ko+5GSlqOZtHdcRJwn+aViWe8xMJ CYId+MfqxH6GfByEAPU5lhln4vkrI5Gnl4BG89FDOyOVHmSy
=MpV2
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2025-03-07 19:33:53 +0100 (+0100), Simon Josefsson wrote:
[...]

The recent AMD Microcode vulnerability is a good case-study on the
dangers of permitting non-free code to run on your CPU:

https://bughunters.google.com/blog/5424842357473280/zen-and-the-art-of-microcode-hacking

There is no way for me as a user to audit that the Debian
installer images is not including vulnerable microcode, since
source code for the firmware is not available.

[...]

Note that there's similarly no way for you as a user to audit the
microcode that shipped with your processor, and without Debian
supplying microcode updates it would be on you to track security
announcements from the hardware vendor and update it yourself with
the same inscrutable blobs (or not update it, I guess that's also a
choice).

In theory, the work required to check that microcode updates
supplied through nonfree-firmware match official vendor checksums
would be roughly the same as if you fetched them from the hardware
vendor to install manually yourself.
--
Jeremy Stanley

-----BEGIN PGP SIGNATURE-----

iQKTBAABCgB9FiEEl65Jb8At7J/DU7LnSPmWEUNJWCkFAmfLU+pfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDk3 QUU0OTZGQzAyREVDOUZDMzUzQjJFNzQ4Rjk5NjExNDM0OTU4MjkACgkQSPmWEUNJ WCl65A/9Evvh2UygkZSizJrhkd+oqWVSFSlwXcDIyMnk6LrBb9Y8z2mB86mFbjxE Fj7dk97Sogv9H5iZ3UOUYGHP1NY/Qz53JvtjMCnj2f/4nnjeGidlwO4RFoPq+0CX mkXa4iJ5qnXwFjlWgNiNDFvqQWjHz1ITVAc9eQf6kcnRdeheHwU7cgS6P7Osjlc0 GI9gd4OoOnFRpe7783JINtMOlTajPyIJc3x9Hnk+EUy02GlBV7ASB5qw7Yti6VoQ sfiMi8nMEjKJQ1JZNPJ1JWKdfG3n1/D2JhFlx+7LYNsj/Jw6mLoHVAT0oBv9O0C7 sO/yNjYupcfzYkD50m7FKGapUO3oMBSeO+MSgo0oXnDyz3dp0VJF4+y9DnqDWuBP IXvrD1CgdEe3gyGZAv9btYjQrrEXrwf4MIOhIoAMO1ueFJOxcpAJHrX6RGY8pCcP 0nX1d+tD3I8CJjuuEZNPq3U3hs9sV3nE9HykSUscHoyy1P2FricoUS7IWrnJSpMb 07usQtI1qlpemL10bxy7ScJSmfnRIXbeECMHXOoqMksfYgSibAEB3uF7aGAripXj ikb4vPK4ddjhNjfIODrzQn7IipeI1//lAK13ll4Yo4QpMApEWiOS9REhZMSjDgos 8aTieFZ81wfH2Q/5Fe9w935WSL03OObB7fnIO/m4/IrmosOSFzk=
=ENW+
-----END PGP SIGNATURE-----

--- SoupGate-Win32

XPost: linux.debian.project

Le Fri, Mar 07, 2025 at 07:33:53PM +0100, Simon Josefsson a �crit :

pandya@disroot.org writes:

I urge Debian to rethink its decision to officially include non-free firmware and correct the social contract. Instead of making non-free firmware the default, Debian should ensure that users consciously
choose to install it while being made aware of the implications.

I agree and would personally come back to use Debian on some of my
laptops if there was a supported way to install Debian from official installer images that did not promote non-free software by including
firmware on them.

The recent AMD Microcode vulnerability is a good case-study on the
dangers of permitting non-free code to run on your CPU:

https://bughunters.google.com/blog/5424842357473280/zen-and-the-art-of-microcode-hacking

Do not fall for the marketing. What was broken was the DRM which
forbid you to fix the firmware on your own CPU. This is no more a
vulnerability than letting you boot your own OS.

Cheers,
--
Bill. <ballombe@debian.org>

Imagine a large red swirl here.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sat, Mar 08, 2025 at 02:51:29PM +0100, Johannes Schauer Marin Rodrigues wrote:

If you don't trust the vendor, then it makes no difference whether or not new >official firmware/microcode can be uploaded/flashed or not. If you don't trust >the vendor, then the initial microcode that came with your device might already
be doing things that go against your interests.

Of course we cannot have much confidence in a piece of microcode of which we do
not have the source code. But we also cannot have much confidence in a piece of
hardware with non-flashable firmware of which we don't have the vhdl/verilog >sources. So what is the difference?

This is an old argument that didn't work for people holding this opinion before and do I wouldn't expect it to work now. I don't expect that
people's opinions on this matter can be changed.


--
WBR, wRAR

-----BEGIN PGP SIGNATURE-----

iQJhBAABCgBLFiEEolIP6gqGcKZh3YxVM2L3AxpJkuEFAmfMTPAtFIAAAAAAFQAP cGthLWFkZHJlc3NAZ251cGcub3Jnd3JhckBkZWJpYW4ub3JnAAoJEDNi9wMaSZLh CGwP/itdKTW4mLHi6qFZyoOAw6FqCokt2zcf80zzPK6S2dfVOB5arMxBUVVPkIbv f/ypOLyWqFgNuMTsT70uU5q5J14MFLzBEWDGzW/+Kx26tVKQWmEBYIyccvtrzhWd lcGM97dmtfOzSkg/qxhl+wNTlrm+e1Q5NlXY8M8Ab4PZAPsW8RwiIiAHUkcNTUCf ySAkNdfVaF5SJ4OyK+vi+VbYrTXrlPC0jNuRAQyQpVHan8mOwn8iZ7zC6RdvRVnI UvKJdQ/fGWqRdZPFx3h46YVQ2al02FtSIUMKsvhrNBjgV7/ROjXjIotcyRtTQF1f K9bc4y4rdrqikrtzZE4MAS8ZRWqRNcM09s5ZBDqTc6kDgniIfvdEx80WvATLuv34 iL0SvnkNYsJWW3c63pG6pqxYPzYEGX7OjqY1eC3X8tuAl4kEe8XB6AEgSoGK0zZy Z5AtiJ6YJiNJwm5u5ajjG02JwBOsLxxFZltUfVsUUw3qz9bxaFUG30EEhU6oMmQL M603XjGFsC3Qol3/v4+wMKomi1uG3CVINhlW1CC5lVdyyhjWvoqryRVQZgioGSAi 0TMj7g0VvQlX7+NfG06gwWRntb8lrezKyXv/+meksk+Jc+MqAQIqVzJCyJ0FukEs 4sKjdhsDk6qdRNSCRBxHbP2KzGztqBx4zqwuVJVohc4j+q2o
=v5/c
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: linux.debian.project

On Sat, Mar 08, 2025 at 02:51:29PM +0100, Johannes Schauer Marin Rodrigues wrote:

Hi,

Quoting Simon Josefsson (2025-03-08 13:43:26)

My point was that there is no reasonable way to gain confidence about security properties of any piece of non-free microcode. Everyone can now produce AMD microcode that corrupts your machine in advanced ways that evade
detection, but we don't know if such malicious corruption is included in the
official microcode. Having source code for the microcode would help gain confidence in it, and is the reasonable request. If the request is denied, I
would consider the vendor not trustworthy and look into options.

I do not understand something about this argument.

If you don't trust the vendor, then it makes no difference whether or not new official firmware/microcode can be uploaded/flashed or not. If you don't trust
the vendor, then the initial microcode that came with your device might already
be doing things that go against your interests.

Trust in wendors (actually also their trustworthiness) is a function of
time. Remember when Github was bought by Microsoft? Remember when Twitter
was bought by -- uh -- whatever?

Cheers
--
t

-----BEGIN PGP SIGNATURE-----

iF0EABECAB0WIQRp53liolZD6iXhAoIFyCz1etHaRgUCZ8xk3gAKCRAFyCz1etHa Rjl/AJ9BXn9CSZNWmhKxwUlAK0tGnAEBGgCeKUAW8WSv6dTJ3hayC/LrYUNXqZU=
=hEuT
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Le Fri, Mar 07, 2025 at 11:42:10AM -0700, Soren Stoutner a �crit :

In the original GR, one of the options that lost was for Debian to host two sets of installer
images, one with non-free firmware and one without, and for users to be able to make an
informed decision before downloading the installer.

https://www.debian.org/vote/2022/vote_003#textc

This option did not prevail in the vote, but it would have been my preferred choice (I was
not a Debian Developer at the time and so did not vote, but I did follow the discussion).

True, but the GR does not prevent Debian of providing a second set of
installer images. What is required is someone to do the work, as usual.

Cheers,
--
Bill. <ballombe@debian.org>

Imagine a large red swirl here.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sat, Mar 08, 2025 at 06:59:45PM +0000, Bill Allombert wrote:

Le Fri, Mar 07, 2025 at 11:42:10AM -0700, Soren Stoutner a �crit :

In the original GR, one of the options that lost was for Debian to host two sets of installer
images, one with non-free firmware and one without, and for users to be able to make an
informed decision before downloading the installer.

https://www.debian.org/vote/2022/vote_003#textc

This option did not prevail in the vote, but it would have been my preferred choice (I was
not a Debian Developer at the time and so did not vote, but I did follow the discussion).

True, but the GR does not prevent Debian of providing a second set of installer images. What is required is someone to do the work, as usual.

For anyone interested - others will happily provide instructions as
needed but may not wish to carry out the work involved themselves,
having already done this for some years:

Please feel free to pick up the code and generate the second set of
installer images, maintaining the code to exclude non-free-firmware.
Don't forget to also do this for debian live media images and
coordinate this for all architectures,while ensuring that these are reproducible.

Please also be prepared to deal with the number of users who complain
that the installer doesn't work for them because they no longer have
sound, WiFi or whatever. Please be prepared to help them install
tarballs of non-free firmware as appropriate to solve each issue raised.
Don't forget to coordinate wiki and Debian web site edits accordingly.

Please also be prepared to carry out release testing for each image that
is not including firmware per point release every couple of months -
I'm assuming you'll be more than happy to check twenty or thirty tests of images yourself.
[This last should only take about four hours if you can persuade others to
help but may take longer if you are working on your own].

Thank you for volunteering to carry out these tasks.

With every good wish, as ever,

Andy Cater
(amacater@debian.org)

Cheers,
--
Bill. <ballombe@debian.org>

Imagine a large red swirl here.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sat, Mar 08, 2025 at 11:16:40PM +0100, Simon Josefsson wrote:

Aurélien COUDERC <libre@coucouf.fr> writes:

Le 8 mars 2025 21:09:00 GMT+01:00, Simon Josefsson <simon@josefsson.org> a écrit :

I read this outcome as fairly clear message that, no, Debian does not >>want to provide a second set of installer images, and is not interested >>in contributions to make them.

Hi Simon,

The voting round this issue had nuance, as you can see.

In many ways, this reflected the relative difficulty of continuing
to do things as we had been doing. Nobody was keen to continue
duplicating effort for the sake of duplicate effort and the wording
reflected this. There had been a *lot* of discussion over approximately
two years, a couple of Debconfs about the fact that some things
could not be achieved without non-free firmware potentially even at
early stage in the installer.

What the GR says is that you cannot dump that work on the shoulders of
the people currently maintaining the installer, coordinating the releases…

Absolutely.

I would be happy if my perception of the situation is wrong, and that
fully free official debian installer images was a welcome contribution.
Is that really the case?

We had a "fully free" installer and a large non-free archive from which
many people pulled firmware to make their hardware work fully. Non-free-firmware being pulled out of the rest of non-free was a
recognition of that fact and a distancing of firmware from the rest
of non-free.

Andy Cater's post is hard to parse for me. Andy, did you intend it as a sarcastic comment about something that has been beating to death too
many times already and has no chance of becoming reality? Or was it a
real invitation for discussion and accept contributions? My earlier interactions about this issue were stuck on a deal-breaker:

It is slighttly sarcastic, yes, but it also outlines exactly what is
involved if you want to pursue a fully free installer (again).
Having been involved in explaining the difference between the installer
and the unofficial installer containing firmware far too many times,
it was difficult to justify an idealogical separation that made it
hard for people to install Debian (or impossible if you were
visually impaired, potentially).

Maintaining two sets of images would be hard. Testing two sets of
images at point release time was also hard.

Andy Cater:

Please feel free to pick up the code and generate the second set of installer images, maintaining the code to exclude non-free-firmware.

If I understand what you imply here correctly, this is still a problem. Proper fully free images cannot be generated by going through an
intermediate step that involve non-free software.

You can build an image that contains no firmware.

You can build an image that contains only free firmware.

You can build an image that contains non-free firmware.

Each of these can be built from the code in the Debian archive.
The scripts to produce each of these are slightly different: you would
need to satisfy yourself that every time you regenerate images you
have not inadvertently included inappropriate firmware somewhere along
the line.

I'd suggest a long read through the mailing list archives and watching
a couple of the videos from Sledge. It is harder than it looks and
relies on a *lot* of effort to do this.

With every good wish, as ever,

Andy Cater
(amacater@debian.org)

/Simon

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sun, Mar 09, 2025 at 01:32:47PM +0100, Matthias Urlichs wrote:

Another way to look at this outcome, and the one I personally prefer
by a wide margin, is that it'd be very cool to have them, but at this
time their utility is … questionable, given that I personally own zero
(out of umpteen) computers that would work with such an image.

And because if someone wants to avoid non-free firmware they can install
on a computer that doesn't require it--meaning that no non-free firmware can/will be loaded. So the entire benefit of this exercise is to not
have "icky non-free firmware" sitting unused on the install media. That
seems like an utterly trivial result which can't possibly justify the
level of effort involved.

As when this came up originally, I do not understand how it can be
considered "freer" to actively prevent people from having an option,
when those who don't want that option can simply not use it.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sun, Mar 09, 2025 at 03:58:59PM +0100, Simon Josefsson wrote:

Agreed. However none of that hardware require me to load non-free
firmware from my operating system, which is my point. That situation is sufficient for me to accept to use the hardware and install an operating system built without non-free software on it.

Simon,

Installing using the Debian installer doesn't *require* you to carry on
with the firmware. You can readily remove it - especially if you use the
expert install - you are not required to enable the repository in your /etc/apt/sources.list and so on. The installer does list the firmware
suggested for install to enable all devices - you don't have to take
that suggestion.

So - if you don't *see* the need for firmware expressed and firmware is
already in the machine you install on, that's fine?

We've *had* this argument and the Project as a whole decided by a slim
margin that the effort to maintain an installer relatively free of
firmware (but including free firmware) AND an installer containing
non-free firmware to aid installation of Debian was too much effort.

To everyone wishing for this: If you want to make a Trisquel-ised Debian installer with a linux-libre kernel and no firmware, fine - happy for you
and relatively happy to see you succeed.

At that point there will no longer be a need for the Trisquel fork of
Debian to continue on that basis and that will represent a consolidation
of effort where Trisquel developers can then concentrate on Debian and
stop being downstream of a downstream.
.
In the interim: That makes *lots* more effort for the Debian Project,
lots more space needed for media and so on, as outlined earlier in the
thread. Please feel free to step up and contribute significant effort
yourself to see all of this come to pass.

Andy Cater
(amacater@debian.org)

/Simon

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sun, Mar 09, 2025 at 03:40:37PM +0000, Andrew M.A. Cater wrote:

Installing using the Debian installer doesn't *require* you to carry on
with the firmware. You can readily remove it - especially if you use the >expert install - you are not required to enable the repository in your >/etc/apt/sources.list and so on. The installer does list the firmware >suggested for install to enable all devices - you don't have to take
that suggestion.

And if you don't, none of the evil code ever gets loaded or installed,
it just sits there on the media, right?

Greetings
Marc, who likes Debian to run on the hardware people have - it saves me
time to explain why Debian doesn't run.

-- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2025-03-09 17:17:52 +0100 (+0100), Simon Josefsson wrote:
[...]

Right, in the sense that they embed non-free software in the
hardware.

None of those machines require them to be loaded by me as a user
for them to be useful to me.

This distinction is important to me.

[...]

For me there are several reasons for wanting this, which ought to
be understandable for anyone reading this thread. The
supply-chain security trust concern of non-free firmware is a hot
topic right now.

[...]

Isn't there also a similar concern for keeping security
vulnerabilities patched, even if they occur in the embedded non-free
firmware that shipped on your hardware? Do you patch such vulnerable
firmware manually when you happen to spot a news article about it,
or just try to ignore vulnerabilities in firmware along with
ignoring the presence of firmware?

If you patch your firmware, do you find the process of doing so
manually simple enough not to warrant assistance from your operating
system?

Note that if you don't trust your operating system to not install
compromised firmware, then perhaps consider looking a different
operating system you do trust. Your operating system has the
capacity to install new firmware behind your back regardless of
whether or you're personally okay with it doing so.
--
Jeremy Stanley

-----BEGIN PGP SIGNATURE-----

iQKTBAABCgB9FiEEl65Jb8At7J/DU7LnSPmWEUNJWCkFAmfNw7FfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDk3 QUU0OTZGQzAyREVDOUZDMzUzQjJFNzQ4Rjk5NjExNDM0OTU4MjkACgkQSPmWEUNJ WCm4+Q//eoiU3Q2/gz3MNjeGmWkDEyMP75EUwG8KYHIV8QShgAZNgcReqEV5DGCH poC9Fot9oIRNAyFsY/thcdnOCtOWoLyW4TmHbMmMAlc9EyahlaWh5nAM+Ldnj9pi ZT+G0bmtWtdAag9EDpUAShGpuI+j7uGxYX6O5QN3rolYlHO07R0RmBHfWDyHklJb 6BtJIh5dI+WEqDaNOOOqE/eWYRsA0hsghja0yOU9DtT59vxR+JOTO+cj4+dWrSxP nC3CPutFSOSTy0pKwULE9XX4UFI6GaD0q4ieSzIWqQhxwgJLWBgd0z4U4pN8XzI6 JGusJYJNJib4yZFnmKXPrre8OlPDJl64kxEoQb6juCqbBhxyIvW2XQngNnHDiEwe LM92u89S0B6CsSNIIhNqzLWH5ALmlFZFvEEIrySYbauPx/c5/1/rkip5f9PX1Wl3 xW+4lWdXGCdzHhDUahMaTUZhLkgOStAXss88q8X4QUDNJkOQztOZIM1aaX5G6FPj dqsR5t+XSoSDpAoPxchhWRkhEM3qqIbFQlDmd0hySWi9ct2EYj5YEw4GJM4eo7q1 U68QEyO31odNZRk8rbLs+Wg0mbjWt45zyQnwsovojxK67OhZEs2mBUXambC4fBi1 WU7NV0ODV0Ybw4Ka2D6Gn9pi39tkaxFYmxE+3xHZ7/MtUVa/GEU=
=5dku
-----END PGP SIGNATURE-----

--- SoupGate-Win32

On Sun, Mar 09, 2025 at 05:31:02PM +0100, Simon Josefsson wrote:

My hope is that the sentiments
towards fully free installer images will change in the Debian project
and that they eventually may be official again.

I don't see sentiments towards fully free isntaller images. There is
just nobody who wants to build them. I THINK that they might become
official some day if somebody steps up, does the work and shows that
they are willing to do that for at least one release cycle.

Until nobody is there who is willing to do the work, it is moot to
discuss whether those images could be official or not. If they don't
exist, they won't be official. Easy.

I still haven't heard arguments why people refuse to use an installer
that comes with non-free firmware, asks whether this firmware should be
used, and if answered "no", none of this non-free firmware ends up in
the installed system. The resulting system is free regardless whether
there was non-free firmware on the installation images.

Greetings
Marc


-- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sat, Mar 08, 2025 at 06:58:08PM +0500, Andrey Rakhmatullin wrote:

If you don't trust the vendor, then it makes no difference whether or not new >>official firmware/microcode can be uploaded/flashed or not. If you don't trust
the vendor, then the initial microcode that came with your device might already
be doing things that go against your interests.

Of course we cannot have much confidence in a piece of microcode of which we do
not have the source code. But we also cannot have much confidence in a piece of
hardware with non-flashable firmware of which we don't have the vhdl/verilog >>sources. So what is the difference?

This is an old argument that didn't work for people holding this
opinion before and do I wouldn't expect it to work now. I don't expect
that people's opinions on this matter can be changed.

See?

--
WBR, wRAR

-----BEGIN PGP SIGNATURE-----

iQJhBAABCgBLFiEEolIP6gqGcKZh3YxVM2L3AxpJkuEFAmfOxgItFIAAAAAAFQAP cGthLWFkZHJlc3NAZ251cGcub3Jnd3JhckBkZWJpYW4ub3JnAAoJEDNi9wMaSZLh yPYQAIY5Z3lehEEy7J3Kqp9V290TaW6Zz8weCwPzBk4TySLYB0ozf6hKndoobZrM q1cq2BoIwSxpxTA9n5zoM39+wKFiT0LdyfjwwnjNwiQYnUb/yhSjVjqITVDN8igq x46QNBi4YIxyzCcA4ZPzrsFDs9b/an35VGLiRmOYPDjf/W9LgTzaZ4kYeIc5j1U4 JkH3FNrfsnI903eILDxzvEpsKsQhRaTI/mdvefPj9uXgSkSNywGyOpplcs0YGVlb vqH//03aujzO6fg0uqkP+4qKXWLsfLb+HYLZjKrtKiO3TK7vSNX0ni2CKiQkGm8Y DTRygkbptN2eqkY1EynX8qYG4IXoZcl14ic53dJ/es/ys2nxOcPDmZJiqSxQuDkQ Tm4MuHi5sX5sUlxREPVL9SxB0uwWgA91w5zUh1SC+DLzIgwPGGqB2GOL/qA5Hblx jU5UvC3YpDal+aKS81C1hQiOjIgrHwORp9uGmt5eGfhsyZYzAgiGb2ryfRDqZ1rP fLJMTz7jQnj/CWVoKM9vw21xuX9DeulW6yCsgUhFJyD2bR1SOSx7ikW850w4Qt3d EU1fMdTp4cvigt2DqPkPlxVsLe0AVqgH2ySWXyIoeJT/PSNyCUhTHNORD4WHjCQO 12EbV8GlREoL5d1K9DoMZSXl1pO1StNKwAE6lZlHvq/gubYo
=vPuc
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, Mar 10, 2025 at 08:36:45PM +0900, Simon Richter wrote:

The current state where we have free software drivers for a lot of
hardware is the result of a lot of people investing a lot of time into >creating them.

In the same way, we need to do both: support our current users by
allowing them to use non-free firmware with their current hardware,
*and* push for new devices to have free firmware.

Part of that push is informing users that what we do wrt firmware is >best-effort, support for their hardware can be dropped at any point
and the free software community cannot put them in control of their >computing experience.

We're not obligated to validate their questionable choices in buying >hardware that ships with non-free firmware, or apologize for the bad >experience they have when upstream changes something they don't like.
It is not our duty as volunteers to compensate for the shortcomings of >companies, especially companies that use our volunteer time without >compensation -- we're the *free* software community, not the *gratis* >software community.

This is also an old argument. Some rebuttals included "this didn't work so far", "good luck getting fully open firmware in sectors where it's
literally impossible" and "please don't call things users have no choice
over "questionable choices"".

--
WBR, wRAR

-----BEGIN PGP SIGNATURE-----

iQJhBAABCgBLFiEEolIP6gqGcKZh3YxVM2L3AxpJkuEFAmfOz94tFIAAAAAAFQAP cGthLWFkZHJlc3NAZ251cGcub3Jnd3JhckBkZWJpYW4ub3JnAAoJEDNi9wMaSZLh 7S8P+QEVnBWKHnaPQJ9GWyZnEWC2vrXx4A0G3O9hq6WrTEJAiIIhwynH4PvdqzG+ AXfJJHelSWUmVpRQrQ027yQCo6cekeuUfjgenqYC9LEDC9ItwRGIUKbi7ziRM/wK JMKfFySd+ZWjvC2REPruf57uf0/6Wp7DpQ1ddh4Ezm2/mgsEuWqMFKX/JVDK9Yk8 QIkmZBFfOew+XCGLV4QWuDnVfQftIMWL3DEeB9rXpgc09sIdgDW5j3bkyh5yRUxI dAQ5vMHPgMedUnRAaS0WkGpdm6nV4NTCt4lZgwAN3PgKxBErjH4ohmnDGw9oDmDP r28O8Afq9SYU776bXN/mt/3ZuffEyKBkBHy6O7piHP9VgBoe4+4p41v0XM1s+hgt I2pk3UikT+iWWNOIzu1pZYkIYAvUfnfbztGyB73oGir97C2sTyLOFIlm1noxjp2P 0NoIQLci43Cj4apu15x3J82MEzpqT4CajRQxW4d3S6hqZZqa/LkWMsHZqPqR+fcw lpnUXA9HXwUs7SMqKQ6xE8z4v11Ido5AvXOhuY1PpunW0OEVP4V1bxRWGQG70R2j 4j5oneQr/3MUK2qTbNNQBulTHrXBjXqZ/HhQQc/UWh8BTXuKxFMaDrVITJV1cZd4 d9wz7O8/BNxzh0nR69Lnlzj98NI4CAZWI1GyvJ3Eun1UxgbB
=FdRF
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, Mar 10, 2025 at 09:33:55PM +0900, Simon Richter wrote:

We've reached the point where people are shitting on nV for the
quality of their drivers, and a kernel that has closed-source drivers
loaded is "tainted", and the last release in which we shipped
ndiswrapper was buster.

That happened because those solutions were all incredibly painful,
depending on the kernel version in use, losing compatibly during every
second kernel upgrade, and didn't work cross-architecture. Users hated
that.

non-free firmware is silent and painless. Users don't care.

tl;dr: The situation is totally different, we should not compare apples
and peaches here.

Greetings
Marc

-- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, Mar 10, 2025 at 03:41:50PM +0100, Bjørn Mork wrote:

Simon Richter <sjr@debian.org> writes:

their questionable choices in buying hardware that ships with non-free
firmware

Is there hardware that ships with free firmware? Seriously.

Yeah, I think that should read "requires", not "ships with". Shipping with
is, as explained in other emails, is good.

--
WBR, wRAR

-----BEGIN PGP SIGNATURE-----

iQJhBAABCgBLFiEEolIP6gqGcKZh3YxVM2L3AxpJkuEFAmfO+uEtFIAAAAAAFQAP cGthLWFkZHJlc3NAZ251cGcub3Jnd3JhckBkZWJpYW4ub3JnAAoJEDNi9wMaSZLh BrMP/RM24wzoSquBHy5muGsiOsXOENApsNg4IOzfFhCs4egat9iu47Plj9b3BT+C xZFHq+41vJuHGvBgo36+pik30aRL8JBU55udenB+D3GHEYP+Xs89W0wX/HmWD0DI 6IWhVPWgiJ30iFCp45yOyTTY+mAnYrBFksdL/i5lZACawV4UxT3Gbma/yIbz1ucR nVJcyzhp7yVH6RwvK6HUigf5c0wOTNkBNcvJpNgDRc4rJeofDbilRyNV02Oklmto wfThjtAwwj2G/4HUmiJgX//qETzXtvVzCD897s66X4ljpKIEN2lHS+ThbpjOfwcV 2SnTqp6rHc2GOXKZEWzeetgPItcKROamQ6hTpTuA4c+IMBBOp7bdDLWBsfKv58AA vmDido4roq9alEhLwlcljcBKk8Q6NwO0VMFfidt8swBoOnAID0jl5qWGyyu/80F4 Y923fuIh6QyFCFLghmwPI98jYj/WmAvYw1K8fbWahsrBBDWy4WKjn6Hac7uLM1r5 N+VpCdAtHrbGmADP6Q/BnVxCO5vJeZtOTCv20W8Bcykxqzf+1u10AOHG5SOLaH0R RmeM9TeW6KFOpIg/VSSh5HH969qDAcL5qt3tnDGYHhkbPA1AfwaPQSQ9TQng6vCh QOssohCUCHBNFH24c/qje1BRMNI+iG4QDzpRavaVUFZ9sPj3
=gmfy
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, Mar 10, 2025 at 08:36:45PM +0900, Simon Richter wrote:

We're not obligated to validate their questionable choices in buying
hardware that ships with non-free firmware

There are a lot of competing priorities here, and it's the height of
arrogance to be so certain that one's own opinion is best as to try to
prevent other people from making their own decisions by hiding even the existence of a mechanism to install debian on their machine.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

We're not obligated to validate their questionable choices in buying hardware that ships with non-free firmware

There are a lot of competing priorities here, and it's the height of arrogance to be so certain that one's own opinion is best as to try to prevent other people from making their own decisions by hiding even the existence of a mechanism to install debian on their machine.

Simon,


Do know that is OK that there are differences in view, opinion,
standpoint, approaches, ideas and whatever.


And do know that the best thing to get the holy installer,
is to (start to) building it.



Groeten
Geert Stappers
Debian Developer,
Voted for 'Lets stop with telling "With the non-free-firmware ISO
would have your install through WIFI succesed"'
--
Silence is hard to parse

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, Mar 10, 2025 at 11:56:28AM +0100, Simon Josefsson wrote:

I still haven't heard arguments why people refuse to use an installer
that comes with non-free firmware, asks whether this firmware should
be used, and if answered "no", none of this non-free firmware ends up
in the installed system. The resulting system is free regardless
whether there was non-free firmware on the installation images.

https://www.gnu.org/distros/optionally-free-not-enough.html

https://www.gnu.org/philosophy/install-fest-devil.html

I've missed the second link initially, so I'll quote it for people who
missed it too or decided not to click:

"""
My new idea is that the install fest could allow the devil to hang
around, off in a corner of the hall, or the next room. (Actually, a
human being wearing sign saying “The Devil,” and maybe a toy mask or horns.) The devil would offer to install nonfree drivers in the user's
machine to make more parts of the computer function, explaining to the
user that the cost of this is using a nonfree (unjust) program.

The install fest would tolerate the devil's presence but not officially sponsor the devil, or publicize the devil's availability. Therefore, the
users who accept the devil's deal would clearly see that the devil
installed the nonfree drivers, not the install fest. The install fest
would not be morally compromised by the devil's actions, so it could
retain full moral authority when it talks about the imperative for
freedom.

Those users that get nonfree drivers would see what their moral cost is,
and that there are people in the community who refuse to pay that cost.
They would have the chance to reflect afterwards on the situation that
their flawed computers have put them in, and about how to change that situation, in the small and in the large.
"""



--
WBR, wRAR

-----BEGIN PGP SIGNATURE-----

iQJhBAABCgBLFiEEolIP6gqGcKZh3YxVM2L3AxpJkuEFAmfPL8AtFIAAAAAAFQAP cGthLWFkZHJlc3NAZ251cGcub3Jnd3JhckBkZWJpYW4ub3JnAAoJEDNi9wMaSZLh 3a4P/Ar/mJLCMW8rEnsZkTdFlXrLn7dufjP1UARBHpY7pDhcaAkyA4VuHrIRjLpc 6SYc6mnlCRpxYeW9Dh68E3ZCCpBNAz+tOYrptMCE+mqRWiGF0blE/tLxmRzJJ7UC wffsKKIOYnwxSNk2y9F1MenqQ0TecZpveZileQbMJl4670TouR9F8jmamxh0jkqD 0L2JkzlfMqRcYhdxgB5So3yfCX/2vNMdtJr7B1fMy6o8feI51cu0Yfrozb71tw+b W6ZtzjnfHJq9VJwSpm9uw2DpBxXyOTgQSRWjY13B2FmsMvZTiE3HeyZiiC0/Z++L nhE6r3BSQpRtAXzuffKAN3HP0hgEsugmg+k8UF8pJCgz4AOHQOnJx1fo+Q1b3zka xCI/JgatcnJ4kRPr+2OWiSAAuPmAs/NztueF21PF8q7egB52jfa4Ae/W5PWLt4bZ FD2l9rdrQWvvxiq7Xsh1hOv4eQP9WcNWokxzuXoG8yMCtqiREA8gwhNoO4xGv7TC WPUwZW7yudOI4fgAwaZkyMrT4/ZLAoo+Ucer1mtWx4MYxumfuNXlPZ5SDbQZVAGA VgqFzJ3NChqmOwaDgMFbFnj0FGDvWHb4Gigbf8w5b1hdoYj+/Qf5/7s4X/5nHvhf YQWnp6PLZd8Gv9vHNWCPm3MR9aW1Gz2vm/tUFuLIsesc9oV8
=qKkO
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, Mar 11, 2025 at 04:29:24PM +0100, Simon Josefsson wrote:

However if Debian dismiss those ideas, the argument that the fully free >installer doesn't exist because "nobody is working on this, go create
them and it will happen" does not seem valid to me. My reading is that
these images doesn't exist because Debian had a vote saying they should
not exist. I hope this will change in the future. Creating them won't >change the decision, but it may be input to renewed discussion.

Debian had a vote where we made it clear that we were ok with making use
of limited project + developer resources and only testing + shipping an installer which also includes the non-free-firmware component. It wasn't
"this should not exist" it was "we're not trying to double your
workload, images team".

I've not seen _anyone_ suggest that the project would try and stop
someone from going off any building CD images that didn't include non-free-firmware, just that we don't expect the existing images team to
have to expend more effort to make that happen.

J. - Bored of this argument going round in circles.

--
] https://www.earth.li/~noodles/ [] I'm out of bed and dressed. What [
] PGP/GPG Key @ the.earth.li [] more do you want? [
] via keyserver, web or email. [] [
] RSA: 4096/0x94FA372B2DA8B985 [] [

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Fri, Mar 07, 2025 at 08:33:50PM +0100, Michael Biebl wrote:

I wonder if we get a reply from the OP or if this was just an attempt
to trigger a flame war. We will see...

Yup.


--
WBR, wRAR

-----BEGIN PGP SIGNATURE-----

iQJhBAABCgBLFiEEolIP6gqGcKZh3YxVM2L3AxpJkuEFAmfQYAEtFIAAAAAAFQAP cGthLWFkZHJlc3NAZ251cGcub3Jnd3JhckBkZWJpYW4ub3JnAAoJEDNi9wMaSZLh Q7AP/j484BQTmoiuH0ZERoFvebLHLciVz+BXXky8PkGPycHyv//ln0NCZMlgPqwy 41Woogu6geM6W9lTfDvVQYji1tfgXad6+a+waiPYZplib7EW9AVe7AgDmhJ0x0FR Zwae0AGLsoBVnPVKZ/9/rAj8yq2UdpoqdJwiLbuzhpD6EQvUk/I4to0kP4rJdriM Wa+dRtReLTy/0nConCFIzXYrW3xSihcNvkbYUmmTi2YVeILTSkqKQy3TuL1ezX6k bbgYK9r7+LMKOE1SQIuErNb8ARb2LpzNyDP7JfqDvubRL9rDgjK+HTwBAkmriPZf rH7EsaU820C480Iwjs3mhJ1/SmII8vATyOPbh7ExCJSibrqBkMPY9xXkk1F51CD5 OYp59HwAzUT1gOjjRkRnzPTY0AWhte4AIXS5DgebL3xyfHDIZF0YIUDr88GELdZR fXa9+NULrFKJL5nT6OVggvw9EOTjhqdPNY6BbNpBmnBCwBE0ERmOq39h6rxMCTVH B/59ZMh6oRagsxuDFqlGuRa5Qxy6gi9FDEUXg1OuWTs2+4eElwnO3EtOy2X/3Wqz CEVroGHqHwfjPQ6ziYhf2TGRxfX4itthQreKZxZ924HW0bMEpnStBIcclayd1EKD eEJtzETWRq8WDrwWIAbaYsL9In3NCUCFMe8aAb1NLp5hSnhW
=LaTz
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, Mar 11, 2025 at 05:18:49PM -0700, Soren Stoutner wrote:

To a certain degree, promoting official installer images without non-free firmware next to
installer images with non-free firmware can raise awareness of the problem. To another
degree, it probably wouldn’t do anything right now except confuse some subset of users
and require extra effort from those generating the images. Debian is simply too small of
an organization to make a very big splash by such a move.

You don't really need to generate those images, as they are equally
unusable to most users whether they exist or not. Unless I guess you want people to try them to learn a lesson that their hardware is not working without non-free firmware?

As has already been mentioned, nothing of substance has changed since Debian held a GR
on this issue. However, if down the road open hardware with free firmware became more
widely available (I’m looking at you, RISC-V, although I understand that the most likely
short-term outcome is that companies will produce non-free firmware for their RISC-V
processors), then it might be worth reopening the issue for consideration.

That's just processors though, and processors usually contain their
non-free firmware anyway. The original issue was about hardware that
doesn't contain firmware but wants it loaded from the OS.


--
WBR, wRAR

-----BEGIN PGP SIGNATURE-----

iQJhBAABCgBLFiEEolIP6gqGcKZh3YxVM2L3AxpJkuEFAmfRM6ktFIAAAAAAFQAP cGthLWFkZHJlc3NAZ251cGcub3Jnd3JhckBkZWJpYW4ub3JnAAoJEDNi9wMaSZLh 1/YP/0FmRgIQpFKU+jx16wbVeBfhg5/VVVS5fjeE/tfhcRQ7lJNagKzaxrNf0RlF KOUalFcpQQR1eX1Vp63JA1l9MuSbNFPZ66rNM1Hsy16BsgSkRd81hqBknij+cFQs GtStZiruiT/rBfcVKKAvnkAsY/I6hjA0F2nHidueGGVLfEgOk0fnq34GPakbQ+cG 3LfGGvJx/NjNWj4Bwdy80xytgrsQpcP3gN2ZwEOQCBuhhpFsbgiO8DpPN2eOShkp 7JsuRvnPYAfnuOgpmXUFmahtANwHmqKUaCAukzQZOePRRw0rYaS9TFAEHWZFWvOp AmfsUabGNQsTucmMwYcWwz9RT0qANQNOSS/7uHqJ+EN4mDopcFVS7XlSJ93rq5BU VpXK+5OfaINGhMVRjDu3OdRQQYxv7QONxf+lDhqZ5tWOLSd4eJoVo9R9/dX05I05 VzVH/+sk3Kc5OPBuvj6FvJAHXlYvYrm6dljWO5j9IISWnlj6auQIwY9V3sjbZew4 zaXphHOJiuMdl+VmwbeudLTqqRg1fHzvFalseO6BH3UVnPZRsHJyDBksH8Im1UA/ chUk7SVqhUFEF5gjYVj5FZP75JtuiXl05zd/+nA41/hLgGU1EgZSF/74GGvSK1EG WzSTRkUpUaA34qZ8L2kHUxnACKDPKlbj8kzw5wK5n1fO99ZL
=RA2E
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)