On 2025-03-09 17:17:52 +0100 (+0100), Simon Josefsson wrote: [...]
Right, in the sense that they embed non-free software in the hardware.None of those machines require them to be loaded by me as a user for them to be useful to me.This distinction is important to me.
[...]
For me there are several reasons for wanting this, which ought to be understandable for anyone reading this thread. The supply-chain security trust concern of non-free firmware is a hot topic right now.
[...]Isn't there also a similar concern for keeping security vulnerabilities patched, even if they occur in the embedded non-free firmware that shipped on your hardware? Do you patch such vulnerable firmware manually when you happen to spot a news article about it, or just try to ignore vulnerabilities in firmware along with ignoring the presence of firmware?
If you patch your firmware, do you find the process of doing so manually simple enough not to warrant assistance from your operating system?
Note that if you don't trust your operating system to not install compromised firmware, then perhaps consider looking a different operating system you do trust. Your operating system has the capacity to install new firmware behind your back regardless of whether or you're personally okay with it doing so.
-- Jeremy Stanley
signature.asc
Description: PGP signature
