2) We value being able to build from source when we can. We value
being able to have reproducible builds when we can. We don't want to
take steps backward in those areas in order to get hardware working
better.
As a reminder, firmware does sometimes run on the CPU (microcode, UEFI), sometimes is software, sometimes is more like data.
* Proprietary Nvidia graphics drivers.
Personally I think most if not all of the above are in the same category
as firmware at least in terms of how I think about them and software
freedom.
"Vincent" == Vincent Bernat <bernat@debian.org> writes:
So let's assume that at least all those packages can move to non-free-firmware.
Build Dependencies
==================
Binary Dependencies
===================
It's possible that packages in non-free-firmware could depend on
non-free libraries or downloader tools or whatever.
As examples to consider, do we want to include the following in our
practical divergence from software freedom purity?
* Machine learning models for speech that would make it easier for
people who cannot easily type to use Debian.
Whatever it is, I'd be very appreciative if we could take some time
to come up with guidelines rather than firmware vs not.
❦ 10 May 2022 14:30 -06, Sam Hartman:
2) We value being able to build from source when we can. We valueIs there any firmware that would match this?
being able to have reproducible builds when we can. We don't want to
take steps backward in those areas in order to get hardware working
better.
For backwards compatibility, I think that the firmware component is
going to need to be a subset of non-free; i.e. packages are going to
need to be *copied* not moved from non-free to the firmware component, which means they would be available from both non-free components.
A work around would be to have some automation to check if non-free is activated, and (propose to) update the sources.list automatically to add non-free-firmware. I'd prefer doing this, as having copies of the same package in both non-free and non-free-firmware is (IMO) a mess.
On Tue, 2022-05-10 at 14:30 -0600, Sam Hartman wrote:
So let's assume that at least all those packages can move to
non-free-firmware.
For backwards compatibility, I think that the firmware component is
going to need to be a subset of non-free; i.e. packages are going to
need to be *copied* not moved from non-free to the firmware component,
which means they would be available from both non-free components.
The only exception is things like firmware-sof-signed, which is libre firmware except the binaries are built and signed by Intel, so Debian
can't build the firmware binaries ourselves, unless the approach taken
with the Secure Boot shim signing is possible. First reproducibly build
the binaries, then if they match Intel's signature, attach Intel's sig.
That relies on Intel using the same cross-compiler as Debian though.
As examples to consider, do we want to include the following in our practical divergence from software freedom purity?
Since clearly there will always be users with install use-cases that
aren't covered by main or even main plus non-free/firmware, perhaps we
should have multiple sets of images for different audiences with
different sets of non-free things? Each of them would explain what is non-free and the consequences of that both on the page itself and in
prompts within the image itself.
Some of the packages (like firmware-siano) are not in any way needed by
the Debian installation process, despite containing firmware according
to reasonable definitions of that. They aren't needed for basic
functionality of a system either, just for specialised things
(receiving TV signals for eg). So they very likely aren't needed on the non-free/firmware images and thus aren't needed in non-free/firmware?
You may want to talk to people responsible for that firmware, reproducible builds sounds like an attainable goal to me.
On the other hand, an update to the compiler can make it produce different binaries, making the signature invalid. Pinning the exact version of the compiler would be unpleasant.
A work around would be to have some automation to check if non-free is activated, and (propose to) update the sources.list automatically to add non-free-firmware.
I'd prefer doing this, as having copies of the same package in both
non-free and non-free-firmware is (IMO) a mess.
Quoting Thomas Goirand (2022-05-11 17:14:57)
For backwards compatibility, I think that the firmware component is
going to need to be a subset of non-free; i.e. packages are going to
need to be *copied* not moved from non-free to the firmware component,
which means they would be available from both non-free components.
I think that's a good idea as it wouldn't break any setups. The number of packages in non-free-firmware is probably very small and the package data would
not be duplicated on the mirrors anyways because non-free and non-free-firmware
would both reference the same deb archives in the /pool directory, right?
A work around would be to have some automation to check if non-free is
activated, and (propose to) update the sources.list automatically to add
non-free-firmware. I'd prefer doing this, as having copies of the same
package in both non-free and non-free-firmware is (IMO) a mess.
Maybe I'm lacking imagination but which approach would you take to do this reliably? If you go that route, then a heuristic is not enough. You must not break existing setups and you must also make sure never to get into a situation
where that automation has to bail out or otherwise a system will end up without
non-free-firmware even though it had non-free enabled.
What do you propose?
I'm also curious because I would like to do arbitrary machine-edits of user-supplied apt sources.list files but so far nothing worked reliably enough.
Thanks!
cheers, josch
On Wed, 2022-05-11 at 17:14 +0200, Thomas Goirand wrote:
A work around would be to have some automation to check if non-free is
activated, and (propose to) update the sources.list automatically to add
non-free-firmware.
That isn't feasible, since apt sources are managed external to Debian.
At my workplace we have $foo-apt-config* packages that manage our apt sources, modifying them would cause us conffile prompts and that would
mean that upgrades to our $foo-apt-config* packages would get blocked,
since unattended-upgrades skips packages with conffile prompts.
Other people use configuration management systems that overwrite
modified files and probably manage their apt sources using those
systems, so Debian changes to apt sources would get removed.
Others might be running Debian on read-only squashfs images so they
would never get the apt sources modifications needed to get firmware
from non-free, their image builds could either just fail or maybe
silently fail to install the needed firmware files.
I'd prefer doing this, as having copies of the same package in both
non-free and non-free-firmware is (IMO) a mess.
Having the same package in unstable and testing works fine, I don't
see why it would be different for non-free and non-free/firmware.
It looks like you have non-free firmware package(s) installed in your system, but the non-free-firmware repository doesn't look like present
in your sources.list. Do you wish to add a new file to /etc/apt/sources.list.d/debian-non-free-firmware.list to add this repository?
If protected by a debconf prompt (by default, doing nothing...), all
of your remarks are going away.
On Thu, 2022-05-12 at 16:56 +0200, Thomas Goirand wrote:
If protected by a debconf prompt (by default, doing nothing...), all
of your remarks are going away.
That means that people who only ever upgrade via unattended-upgrades or
other mechanisms that disable debconf/dpkg prompts etc aren't going to
see the prompt. At work we disable them even when upgrading from one
release to the next.
Yeah, of course, but this is because you know what you're doing. If
you do, then you also probably read the release notes, don't you? :)
Here, we're trying to find a way to warn the people who don't know...
I'd say that closed encrypted signed firmware that you need to load on
every boot is strictly more free than the same firmware burned into ROM.
Build Dependencies
==================
As a consequence of options 2-4, non-free-firmware would typically need
to be enabled whenever non-free is enabled.
Binary Dependencies
===================
It's possible that packages in non-free-firmware could depend on
non-free libraries or downloader tools or whatever.
Source Distributions
====================
Yet anyone who cares that much about software freedom is likely to care
about distributing complete source for a work including source for
anything it depends on.
As I understand it, a source package in main can build both binary
packages in main and contrib.
Back to What Goes in Non-free-firmware
======================================
I will admit that I find it fairly hard to define what is firmware and
what isn't. I also find it challenging to really defend that boundary
as the boundary we're willing to cross for practical reasons.
Steve did a good job of summarizing how what it is to be firmware has
gotten more complicated over the years.
As a reminder, firmware does sometimes run on the CPU (microcode, UEFI), sometimes is software, sometimes is more like data.
(And yes, I know that the way in which microcode runs on the CPU is
different than UEFI).
* High quality proprietary voices that can improve accessibility for
screen reader users
* Data for input methods that makes input easier for non-English
environments. (I don't know if this is an area where free
alternatives have caught up)
* Machine learning models for speech that would make it easier for
people who cannot easily type to use Debian.
* Proprietary Nvidia graphics drivers.
Personally I think most if not all of the above are in the same category
as firmware at least in terms of how I think about them and software
freedom.
I'd rather come up with some rules based on other categories than
firmware vs not.
Perhaps something like non-free-firmware is for packages that make it possible to use the system or its hardware where there is no free
alternative providing comparable functionality.
I see what you mean. But nothing of that actually enables the use of a particular hardware.
* Proprietary Nvidia graphics drivers.
This is explicitly code built and run on the main CPU, not firmware.
It also needs firmware running on the device itself.
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 300 |
Nodes: | 16 (2 / 14) |
Uptime: | 25:40:56 |
Calls: | 6,707 |
Calls today: | 1 |
Files: | 12,239 |
Messages: | 5,352,401 |