Jonas Smedegaard <jo...@jones.dk> writes: > Quoting Russ Allbery (2022-04-19 19:29:09)
>> We need some way to clearly label non-free firmware packages so that >> you can apply whatever installation or upgrade policy locally that you >> want to apply, but solution #5 provides that by keeping the non-free >> firmware in a separate archive area (which apt calls "components") to >> which you can apply different apt policy. > The issue I have with option 5 is that non-free blobs are then enabled > by default. I just re-read option 5 and I don't see where it says that. My understanding of the proposal is that the firmware would be on the image and thus available to the installer. That doesn't imply that it will be automatically enabled, either in the installer or on the installed system. That could still be gated by a prompt. In other words, rather than having to do what one does now and choose between the free installer and the non-free installer, my understanding of option #5 is that there would be one install image, but there could then be a prompt asking you whether you want to install non-free firmware. We could even offer a few different options (with the caveat that options tend to confuse users, so we may not want to add too many or gate them behind an advanced mode): 1. Purely free installation. 2. Enable non-free firmware in the installer but don't put it on the installed system. (Not sure how useful this is, but I could see needing non-free firmware to bootstrap from wifi but the running system may eventually not use the non-free firmware.) 3. Enable non-free firmware and install it on the system but pin it so that it's never upgraded by default. 4. Enable non-free firmware and enable normal upgrades, similar to adding the non-free archive area today but only adding the firmware archive area. I think 1 and 4 are the most useful options, and I'm not sure how many people really want 2 or 3, but if there are enough people who want them, I don't see any technical barriers to adding them. I feel professionally obligated to argue that Debian should, *by default*, upgrade anything that it installs, since from a security standpoint that is the least risky default configuration (with, as always, the caveat that there are special cases with different security models for which this default isn't appropriate). But that doesn't rule out a prompt or allowing a user to turn this off if they want to. > I agree that we should make it easier for our users to choose to trust > black magic "stuff" that they need to enable their devices. > I do not think that we should impose on our users to trust black magic > by default, though. I think this is a somewhat different question than whether we put the firmware on the default installation media so that it's *available* if users want it. -- Russ Allbery (r...@debian.org) <https://www.eyrie.org/~eagle/>
