Russ Allbery wrote: >Jonas Smedegaard <jo...@jones.dk> writes: > >In other words, rather than having to do what one does now and choose >between the free installer and the non-free installer, my understanding of >option #5 is that there would be one install image, but there could then >be a prompt asking you whether you want to install non-free firmware. We >could even offer a few different options (with the caveat that options >tend to confuse users, so we may not want to add too many or gate them >behind an advanced mode): > >1. Purely free installation. >2. Enable non-free firmware in the installer but don't put it on the > installed system. (Not sure how useful this is, but I could see > needing non-free firmware to bootstrap from wifi but the running system > may eventually not use the non-free firmware.) >3. Enable non-free firmware and install it on the system but pin it so > that it's never upgraded by default. >4. Enable non-free firmware and enable normal upgrades, similar to adding > the non-free archive area today but only adding the firmware archive > area. > >I think 1 and 4 are the most useful options, and I'm not sure how many >people really want 2 or 3, but if there are enough people who want them, I >don't see any technical barriers to adding them.
Nod, exactly. We can add those options via boot flags and menu options, with later d-i screens too to allow the choice (maybe in advanced mode). That's probably the easiest way to manage it. Now, the *default* is going to be the hard choice for us to make. With the example of blind people using d-i, we'll want to make an easy option for those people to boot the installer with all firmware enabled and installed - see the firmware-sof-signed package that they'll need to get audio prompts during installation. >I feel professionally obligated to argue that Debian should, *by default*, >upgrade anything that it installs, since from a security standpoint that >is the least risky default configuration (with, as always, the caveat that >there are special cases with different security models for which this >default isn't appropriate). But that doesn't rule out a prompt or >allowing a user to turn this off if they want to. Yup. >> I agree that we should make it easier for our users to choose to trust >> black magic "stuff" that they need to enable their devices. > >> I do not think that we should impose on our users to trust black magic >> by default, though. > >I think this is a somewhat different question than whether we put the >firmware on the default installation media so that it's *available* if >users want it. Nod. -- Steve McIntyre, Cambridge, UK. st...@einval.com "We're the technical experts. We were hired so that management could ignore our recommendations and tell us how to do our jobs." -- Mike Andrews