On Wed, Dec 26, 2018 at 10:27:35PM +0100, Cyril Brulebois wrote: >Steve McIntyre <st...@einval.com> (2018-12-26): >> >Philipp Kern <pk...@debian.org> (2018-12-26): >> >> I'm not sure, though, if there is some philosophical objection here in >> >> that fwupd downloads non-free blobs and/or that Debian does not actually >> >> ship the blobs themselves. >> > >> >FWIW both parts seem unacceptable to me, esp. in a default installation. >> >> They're not all necessarily non-free, but it's a useful service for >> people to make safe firmware updates easy. > >How do we know those blobs are safe, and that they won't change all of a >sudden if they aren't hosted on Debian infrastructure?
We *don't* directly, but they blobs are signed and placed online by the vendors. LVFS (the online backend) is a good Free Software-friendly service. This is a major step forwards from the old Windows-only ot "boot a DOS floppy" style of firmware updates. -- Steve McIntyre, Cambridge, UK. st...@einval.com "Because heaters aren't purple!" -- Catherine Pitt