Free Software DVD contains non-free firmware
Hello Debian CD Images team. I decided to switch to the latest version (12.1.0), and encountered the following issues: 1) Looks like this DVD image: https://cdimage.debian.org/debian-cd/current/amd64/iso-dvd/ https://cdimage.debian.org/debian-cd/current/amd64/iso-dvd/debian-12.1.0-amd64-DVD-1.iso which is supposed to be Free Software only, actually contains 3rd party non-free firmware. The way I discovered it was that my 6th gen Lenovo ThinkPad x1 carbon wifi card started working, while with 11.6 and prior it didn't have the firmware and was disabled because of that. This image is labeled as "Debian GNU/Linux 12.1.0 _Bookworm_ - Official amd64 DVD Binary-1 with firmware 20230722-10:49". Was there some kind of mistake when publishing the images? 2) Also, when I tried to download this disk [DVD-1] using jigdo, I ended up getting an image of the first disk that wasn't bootable. Thanks and Regards, John Amirov.
Re: Free Software DVD contains non-free firmware
Additionally,
I've just checked the DVDs of 12.1.0 and 11.6.0, and it looks like all the
DVDs of 12.1.0 are labeled like the following:
`Debian GNU/Linux 12.1.0 _Bookworm_ - Official amd64 DVD Binary-{X} with
firmware 20230722-10:49`, where X is the DVD number.
---
However, the releases of 11.6.0 are labeled as the following:
`Debian GNU/Linux 11.6.0 _Bullseye_ - Official amd64 DVD Binary-{X}
20221217-10:40`, where X is the DVD number.
Notice how there is no string "with firmware" in these labels.
At the same time, when looking at a community version of 11.6.0 DVD, which
contains non-free firmware, that's exactly how it's labeled:
`Debian GNU/Linux 11.6.0 _Bullseye_ - Unofficial amd64 DVD Binary-1 with
firmware 20221217-10:46`.
Notice that the string "with firmware" is present in the label of the DVD
with non-free firmware.
---
I'm still trying to understand what that's supposed to mean.
Are you `Officially` non-free software now, or is it some insider attack
trying to compromise your integrity?
Do you have an `Official` way to de-poison your release, and if so, is it
published as a document?
Regards, John.
On Sun, Aug 27, 2023 at 4:12 PM Birzhan Amirov
wrote:
> Hello Debian CD Images team.
>
> I decided to switch to the latest version (12.1.0), and encountered the
> following issues:
>
> 1) Looks like this DVD image:
> https://cdimage.debian.org/debian-cd/current/amd64/iso-dvd/
>
> https://cdimage.debian.org/debian-cd/current/amd64/iso-dvd/debian-12.1.0-amd64-DVD-1.iso
> which is supposed to be Free Software only, actually contains 3rd party
> non-free firmware.
> The way I discovered it was that my 6th gen Lenovo ThinkPad x1 carbon wifi
> card started working, while with 11.6 and prior it didn't have the firmware
> and was disabled because of that.
>
> This image is labeled as
> "Debian GNU/Linux 12.1.0 _Bookworm_ - Official amd64 DVD Binary-1 with
> firmware 20230722-10:49".
> Was there some kind of mistake when publishing the images?
>
> 2) Also, when I tried to download this disk [DVD-1] using jigdo, I ended
> up getting an image of the first disk that wasn't bootable.
>
> Thanks and Regards, John Amirov.
>
Re: Free Software DVD contains non-free firmware
Hello, Thank you for your quick and detailed reply. > I suppose that we could provide a tool that would be able produce an image with no non-free data on it ... but the effort required to build and test such a tool would have to be diverted from other tasks. > ... to contribute to such an effort, then I'm sure the Debian-CD team will be glad to explain what would be involved. Just curious, is my understanding correct, that you had such a tool at the time of 11.6.0, but not anymore? Regards, John. On Mon, Aug 28, 2023 at 7:17 AM Philip Hands wrote: > "Andrew M.A. Cater" writes: > > > On Sun, Aug 27, 2023 at 04:38:58PM -0700, Birzhan Amirov wrote: > ... > >> Do you have an `Official` way to de-poison your release, and if so, is > it > >> published as a document? > >> > > > > You can pass various parameters to the installer: you can also uninstall > the > > non-free firmware after installation - a record of what is installed is > recorded > > Andy seems to have given you something of a politician's answer there, > so I'll try giving a more direct one: > > No, not as far as I know (if by "de-poison" you mean get to the point > where the resulting image file has no trace of the firmware on it). > > However, it is possible to instruct the installer to not take any notice > of the firmware, nor even try to detect if it might be needed: > > > https://wiki.debian.org/Firmware#How_to_disable_detection_and_use_of_non-free_firmware > > which will provide you with exactly the same experience as would have > been achieved by using media that did not include the firmware in the > first place. > > I suppose that we could provide a tool that would be able produce an > image with no non-free data on it (by replacing relevant portions of the > images with NUL characters, say) but the effort required to build and > test such a tool would have to be diverted from other tasks (e.g. > getting the media to work at all, on currently unsupported hardware). > > If you feel that such a tool should be written, and have the skills to > contribute to such an effort, then I'm sure the Debian-CD team will be > glad to explain what would be involved. > > Cheers, Phil. > -- > Philip Hands -- https://hands.com/~phil >
Re: Free Software DVD contains non-free firmware
Also, should this wikipedia article be updated? https://en.wikipedia.org/wiki/Debian_Free_Software_Guidelines On Mon, Aug 28, 2023 at 9:55 AM Birzhan Amirov wrote: > Hello, > > Thank you for your quick and detailed reply. > > > I suppose that we could provide a tool that would be able produce an > image with no non-free data on it ... but the effort required to build and > test such a tool would have to be diverted from other tasks. > > ... to contribute to such an effort, then I'm sure the Debian-CD team > will be > glad to explain what would be involved. > > Just curious, is my understanding correct, that you had such a tool at the > time of 11.6.0, but not anymore? > > Regards, John. > > On Mon, Aug 28, 2023 at 7:17 AM Philip Hands wrote: > >> "Andrew M.A. Cater" writes: >> >> > On Sun, Aug 27, 2023 at 04:38:58PM -0700, Birzhan Amirov wrote: >> ... >> >> Do you have an `Official` way to de-poison your release, and if so, is >> it >> >> published as a document? >> >> >> > >> > You can pass various parameters to the installer: you can also >> uninstall the >> > non-free firmware after installation - a record of what is installed is >> recorded >> >> Andy seems to have given you something of a politician's answer there, >> so I'll try giving a more direct one: >> >> No, not as far as I know (if by "de-poison" you mean get to the point >> where the resulting image file has no trace of the firmware on it). >> >> However, it is possible to instruct the installer to not take any notice >> of the firmware, nor even try to detect if it might be needed: >> >> >> https://wiki.debian.org/Firmware#How_to_disable_detection_and_use_of_non-free_firmware >> >> which will provide you with exactly the same experience as would have >> been achieved by using media that did not include the firmware in the >> first place. >> >> I suppose that we could provide a tool that would be able produce an >> image with no non-free data on it (by replacing relevant portions of the >> images with NUL characters, say) but the effort required to build and >> test such a tool would have to be diverted from other tasks (e.g. >> getting the media to work at all, on currently unsupported hardware). >> >> If you feel that such a tool should be written, and have the skills to >> contribute to such an effort, then I'm sure the Debian-CD team will be >> glad to explain what would be involved. >> >> Cheers, Phil. >> -- >> Philip Hands -- https://hands.com/~phil >> >
Re: Free Software DVD contains non-free firmware
I just want to use this chance to thank the entire Debian Images Team for many years of releasing DVDs that actually had 0 bytes of closed-source code. I have been following the project since "Jessie", and always admired your strict and puristic approach. Allow me to wish you the best of luck growing your user base. Regards, John. On Mon, Aug 28, 2023 at 1:17 PM Philip Hands wrote: > Birzhan Amirov writes: > > > Hello, > > > > Thank you for your quick and detailed reply. > > > >> I suppose that we could provide a tool that would be able produce an > > image with no non-free data on it ... but the effort required to build > and > > test such a tool would have to be diverted from other tasks. > >> ... to contribute to such an effort, then I'm sure the Debian-CD team > > will be > > glad to explain what would be involved. > > > > Just curious, is my understanding correct, that you had such a tool at > the > > time of 11.6.0, but not anymore? > > No - it used to be that 2 sets of images were produced, and which then > had to be independently tested, thus expending a lot of overlapping > effort. > > It is also the case that many people would download the "Official" > images, and discover that they could not actually achieve an install on > the hardware that they had to hand, and then would either abandon Debian > never to return, or would be forced to learn arcane facts about how we > do things before then downloading the non-free unofficial image. > > That may seem like it's not too bad if one is on cheap high-bandwidth > link, but if one is in one of the less well connected bits of the world, > it might be a significant cost to do that wasted download. > > Also, we're a volunteer organisation, and those lost users could well be > people who would have become active contributors if they'd not fallen at > the first fence, which is bad for the future health of the project. > > One could blame the users for getting hold of the wrong hardware, and > tell them to go and buy themselves some RYF-certified hardware instead, > but again that is rather descriminatory, as one might be talking to > someone for whom the only computer they can afford is the one that was > donated to them, and they had no say in the nature of the WiFi chipset > (even if they'd known enough to have an opinion) > > =-=-= > > To answer the question in the other mail about DFSG: No. > > The non-free firmware is still not part of Debian proper, we just happen > to distribute it alongside Debian as a service to those users who would > otherwise be deprived of the chance to run Debian if we did not. > > We've had a non-free section on our mirror network for decades for the > same reason. See points 4 & 5 of the Debian Social Contract: > > https://www.debian.org/social_contract > > It is of course possible to argue this the other way, and we do have > downstream derivatives that ensure that no non-free software gets > anywhere near their distribution, so if that's more to your taste you > might want to consider one of them. > > On the other hand, there are real security issues that have been dealt > with in updates to the (non-free) microcode for the CPUs that run the > vast majority of machines, so many consider it rather unwise to shun > every last scrap of non-free software, even if we find that distasteful. > > Cheers, Phil. > -- > Philip Hands -- https://hands.com/~phil >
Re: Free Software DVD contains non-free firmware
> If you actually want the level of purity-over-practicality that your mail suggests ... that is effectively an abuse of our users **Just pointing out the fact that at the time of 11.6.0 you didn't have a problem releasing both free and non-free version.** Important part ^ Also, it feels like in your reply you're trying to hide or obfuscate this fact, probably because if this fact is not mentioned, your reasoning starts to work (e.g. I quote: "that is effectively an abuse of our users"). You've provided more questionable reasoning in your previous emails, responding to which I find grossly counterproductive. Just for the record, let me explain you what I mean exactly, because it might not have penetrated. What I did - is read the DFSG, and IMO it follows from this document that you should have at least one official release that doesn't have closed-source, just as you did at the time of 11.6.0. And let me break it down for you, the way I'm reading it: 1. Debian <https://en.wikipedia.org/wiki/Debian> Project uses *Debian Free Software Guidelines* (*DFSG*) to determine whether a software license is a free software license <https://en.wikipedia.org/wiki/Free_software_license>; 2. This, in turn is used to determine whether a piece of software can be included in Debian. 3. and guideline #2 is: Inclusion of source code. IMO a natural conclusion from this guideline is that if you get a release of Debian, it should be all open source software. Your reply to that was: "The non-free firmware is still not part of Debian proper, we just happen to distribute it alongside Debian". And that's fine if you happen to distribute anything alongside whatever you want, and you're not called Official Debian. The only problem with that is for some reason now you still call those releases "Official distributions" and don't provide pure free software releases anymore. (Memo: earlier releases with non-free software were called "Unofficial"). But honestly, call them what you want, as long as you provide a pure free software release, just like you should, judging from your own manifesto. You might have stronger reasons than those you've officially acknowledged to compromise your releases with code that you can't vouch for and you can deny knowledge of what it does exactly; but the way I see it - that's your issue and I'm not going to speculate or blame. Maybe at some point somebody more responsible will restart proper releases in accordance with DFSG, I'll keep my hope for that. And given the quality of your demonstrated argument and reasoning I intend to discontinue my participation in this thread, for the purpose of saving my time for more productive activities. Again, thank you for 11.6.0 and earlier releases. Regards, John. On Tue, Aug 29, 2023 at 1:04 AM Philip Hands wrote: > Birzhan Amirov writes: > > > I just want to use this chance to thank the entire Debian Images Team for > > many years of releasing DVDs that actually had 0 bytes of closed-source > > code. > > I have been following the project since "Jessie", and always admired your > > strict and puristic approach. > > Allow me to wish you the best of luck growing your user base. > > If you actually want the level of purity-over-practicality that your > mail suggests, people have been providing it long before you took an > interest in Debian -- the FSF keeps a list of candidates: > > https://www.gnu.org/distros/free-distros.html > > [ Oh, I see gNewSense is dead :-/ , and Trisquel is now (... erm, since > 2007 ... obviously wasn't paying attention) based on Ubuntu, which > doesn't seem like the most obvious way of doing that, but whatever. ] > > and while the FSF now criticises Debian primarily on the basis of > this (IMO rather minor) change in installer policy: > > https://www.gnu.org/distros/common-distros.html#Debian > > they've always been critical of Debian, for pretty-much exactly the same > reason as this policy change occurred -- a willingness to let users > obtain a working Debian system by providing them with the chance to get > hold of non-free software as well as Debian, if that's their only choice: > > > https://web.archive.org/web/20220211101539/https://www.gnu.org/distros/common-distros.html#Debian > > so if you were expecting FSF levels of purity[1], then you probably haven't > been paying close enough attention from the start. > > While looking at the FSF site, I noticed this somewhat amusing method > for reconciling these two stances: > > https://www.gnu.org/philosophy/install-fest-devil.html > > but I'm afraid I've no idea how one could implement something equivalent > in the medium of downloadable images. > > I'
