If you do make a spin just to please GNU, I suggest you call it "GNU/Fedora" ;) On Mon, Sep 8, 2008 at 2:10 AM, Gregory Maxwell <gmaxwell@xxxxxxxxx> wrote: > On Sun, Sep 7, 2008 at 3:54 PM, Andrew Haley <aph@xxxxxxxxxx> wrote: >> Gregory Maxwell wrote: >> >>> The notion that firmware ought to be free isn't absurd: It doesn't >>> take much effort to find examples of firmware imposing unreasonable >>> limits on users, or firmware containing nasty hidden security bugs. >> >> Just to get away from the ethics flame^H^H^H^H^Hdiscussion for a >> moment... >> >> This makes me think of a really interesting question: security- >> critical organizations presumably have to make use of commercially >> available computers just like the rest of us. Someone somewhere >> must have thought about the issues of binary firmware blobs for >> video and network hardware and their potential to leak data, >> either deliberately or accidentally. One of the many nice things >> about free software is the fact that it's reasonably easy to inspect >> it for security analysis; binary blobs weaken that. > > There are two broad classes of 'security-critical organizations', real > ones and pretenders. Most are pretenders, they fail to consider issues > like this, then when it fails they show that they tried really hard > and thus it isn't their fault. Real ones consider these issues, and > demand manufacturers comply with various security standards which > validate the security of the hardware/firmware. Manufacturers often > fail to actually do a good job of this, and can get away with it > because bad security looks just like good security. ... so then when > it fails the security-critical organization points to the standards > that were violated, thus demonstrating the breech was not their fault. > :) :) > > I've found two blobs I use on my systems, one of them very obviously > is a FPGA image, another one is appears to be software for a small > micro-controller. I'm not so sure that the FSF would consider the > FPGA image software, but I don't know that they've considered this > issue in the context of OS-shipped blobs (in fact, I've heard FPGAs != > software from them in the past), I think the vast majority of the > blobs distributed in fedora are software for an embedded general > purpose CPU and not FPGA images (generally FPGAs are enough of an > additional per-unit cost thet you don't see them in mass market > devices). (RME hammerfall firmware is the FPGA image, incidentally). > > As was pointed out here, a spin could be created easily enough. It > would make the FSF happy, as well as some number of other people (it > would make me happy, if for no other reason than I'd get a better > understanding of which of these blobs I'm actually using). > > -- > fedora-devel-list mailing list > fedora-devel-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-devel-list > > -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
