Re: Fedora not "free" enough for GNU?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, Sep 7, 2008 at 3:54 PM, Andrew Haley <aph@xxxxxxxxxx> wrote:
> Gregory Maxwell wrote:
>
>> The notion that firmware ought to be free isn't absurd: It doesn't
>> take much effort to find examples of firmware imposing unreasonable
>> limits on users, or firmware containing nasty hidden security bugs.
>
> Just to get away from the ethics flame^H^H^H^H^Hdiscussion for a
> moment...
>
> This makes me think of a really interesting question: security-
> critical organizations presumably have to make use of commercially
> available computers just like the rest of us.  Someone somewhere
> must have thought about the issues of binary firmware blobs for
> video and network hardware and their potential to leak data,
> either deliberately or accidentally.  One of the many nice things
> about free software is the fact that it's reasonably easy to inspect
> it for security analysis; binary blobs weaken that.

There are two broad classes of 'security-critical organizations', real
ones and pretenders. Most are pretenders, they fail to consider issues
like this, then when it fails they show that they tried really hard
and thus it isn't their fault.  Real ones consider these issues, and
demand manufacturers comply with various security standards  which
validate the security of the hardware/firmware.  Manufacturers often
fail to actually do a good job of this, and can get away with it
because bad security looks just like good security. ... so then when
it fails the security-critical organization points to the standards
that were violated, thus demonstrating the breech was not their fault.
 :) :)

I've found two blobs I use on my systems, one of them very obviously
is a FPGA image, another one is appears to be software for a small
micro-controller.  I'm not so sure that the FSF would consider the
FPGA image software, but I don't know that they've considered this
issue in the context of OS-shipped blobs (in fact, I've heard FPGAs !=
software from them in the past), I think the vast majority of the
blobs distributed in fedora are software for an embedded general
purpose CPU and not FPGA images (generally FPGAs are enough of an
additional per-unit cost thet you don't see them in mass market
devices). (RME hammerfall firmware is the FPGA image, incidentally).

As was pointed out here, a spin could be created easily enough.  It
would make the FSF happy, as well as some number of other people (it
would make me happy, if for no other reason than I'd get a better
understanding of which of these blobs I'm actually using).

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux