On Fri, Mar 7, 2025 at 3:42 PM Soren Stoutner <so...@debian.org> wrote: > > On Friday, March 7, 2025 11:33:53 AM MST Simon Josefsson wrote: > > > pan...@disroot.org writes: > > > > I urge Debian to rethink its decision to officially include non-free > > > > firmware and correct the social contract. Instead of making non-free > > > > firmware the default, Debian should ensure that users consciously > > > > choose to install it while being made aware of the implications. > > > > > > I agree and would personally come back to use Debian on some of my > > > laptops if there was a supported way to install Debian from official > > > installer images that did not promote non-free software by including > > > firmware on them. > > > > > > The recent AMD Microcode vulnerability is a good case-study on the > > > dangers of permitting non-free code to run on your CPU: > > > > > > https://bughunters.google.com/blog/5424842357473280/zen-and-the-art-of-microco > > > de-hacking > > > > > > There is no way for me as a user to audit that the Debian installer > > > images is not including vulnerable microcode, since source code for the > > > firmware is not available. > > > > > > My perception is that the Debian developer community rejected this, and > > > I'm not sure people are ready to reconsider just yet (the trend seems to > > > be the opposite way). Fortunately there are good libre alternatives in > > > Trisquel and Guix available for recommendation meanwhile. > > > In the original GR, one of the options that lost was for Debian to host two > sets of installer images, one with non-free firmware and one without, and for > users to be able to make an informed decision before downloading the > installer. > > > https://www.debian.org/vote/2022/vote_003#textc > > > This option did not prevail in the vote, but it would have been my preferred > choice (I was not a Debian Developer at the time and so did not vote, but I > did follow the discussion). > > > As mentioned above, I don’t think most people’s feelings have changed enough > to warrant reopening this discussion, but I can imagine the day in the future > where Debian moves towards this option. > > > -- > > Soren Stoutner > > so...@debian.org
I think it's good to have more alternatives, despite more work to take care of these ISOs for stable and testing mainly. So I wouldn't disagree with that either, as in the past there were both and the firmware was considered unofficial. -- Cheers, Leandro Cunha
