On Tue, Apr 19, 2022 at 11:00:23PM +0200, Jonas Smedegaard wrote: > > > > > > > When I install systems, I consider non-free blobs more risky > > > > > > > than other code. > > > > > > Do you consider loadable non-free blobs more risky than their > > > > > > older versions soldered onto the hardware? > > > > > > > > > > > Definitely "more risky" possibly not "less secure" > > > > > > > > > > One of my biggest frustrations is that it's impossible to > > > > > selectively apply "security patches" and companies are wont to > > > > > "smuggle" in feature changes along with security fixes. > > > > [...] > > > > > No, but I do see a benefit in them not being applied > > > > > automatically as part of a standard update. And for something > > > > > like a firmware upgrade for a network card, I might only want to > > > > > install it if there was a security issue that might actually > > > > > impact me or I was having a problem. Otherwise it's hard to > > > > > imagine a scenario where a firmware upgrade can make things > > > > > better but it's easy to imagine it making things much worse. > > > > Then what about hardware that doesn't have soldered firmware, only > > > > loadable one? Would you not use it at all? > > > > > > I notice that you shift the conversation topic from *upgrading* > > > firmware to *introducing* firmware. > > You partially narrowed the topic to upgrading firmware in > > <165037188392.1708.14819384411900940...@auryn.jones.dk>, so yes, I'm > > asking about both sides of the question. I will even say that the > > situation where some perfectly usable firmware is already available on > > the device, and Debian just offers an update to it, is much less > > important (but still very important for e.g. intel-microcode) than the > > situation where the device is not usable without firmware loaded by > > Debian, which is the main usability problem with the status quo. > > Ah, so your view is that newer blob might... I thought I shifted the conversation topic from *upgrading* firmware to *introducing* firmware? I even called this situation "much less important" than the other one.
-- WBR, wRAR
signature.asc
Description: PGP signature