On Wed, 6 Jul 2022 07:11:50 -0400 LUH LAH <[email protected]> wrote:
> Hello there, > > I am a general supporter of the Free Software movement. I try to do > everything in my power to reflect this ideology. > > However, I have been informed about some troubling aspects of > Linux-Libre. > > So, I will ask the following questions in hopes of having these > worries squashed: > > > 1.) Does Linux-Libre swap out proprietary blobs in the Linux kernel > for fully free pieces of software, with no reliance on the hardware > microcode? Linux-libre makes sure not to redistribute non-free software and blocks the loading of loadable non-free firmwares. The reality is that linux-libre by itself doesn't solve all the problems, instead you need to combine it with other things to get them solved. For instance if you install linux-libre on top of a non-FSDG compliant distribution, you can still end up with non-free software in other parts of the system. And with non-FSDG distributions, this is not a bug. Even Debian that is 100% free software + linux-libre is not sufficient to avoid non-free software inside the distribution because in Debian you have software like Firefox that have (add-on) repositories that contains non-free software, so you might accidentally install non-free software without knowing it. And If you use an FSDG compliant distribution with non-free BIOS or UEFI, linux-libre will run code from that BIOS/UEFI[1]. And if you use Libreboot with non-RYF compliant GPUs, Libreboot and linux-libre will both run nonfree code provided by these GPUs. So if you really want to get rid of non-free software, a RYF compliant laptop combined with an FSDG compliant distribution is a pretty good solution for that. It's not perfect (for instance HDDs and SSDs have firmwares internally) but compared to off the shelf laptops with a Management Engine or equivalent, there is a huge difference. As for microcode updates, the security issues that comes with not applying them only applies to situations where you can't trust the software that is running on your computer. There is a good article about that here[2]. So the solution (beside designing our own hardware) is to avoid running software you can't trust. This means avoiding things like: - Running JavaScript that comes from web pages that you don't trust. - Running non-free software. - Running virtual machines that you don't have control of or who are controlled by people that you don't trust. References: ----------- [1]That code is passed to the kernel through ACPI tables and then run by the kernel. [2]https://jxself.org/afraid.shtml Denis.
pgprMPJhdRn2H.pgp
Description: OpenPGP digital signature
_______________________________________________ linux-libre mailing list [email protected] http://www.fsfla.org/cgi-bin/mailman/listinfo/linux-libre
