On Thu, 18 Jun 2009, Boyd Stephen Smith Jr. wrote: > 3. Even if binary blobs *were* the original form of the work and their > author modifies them by twiddling bytes, they still might not be appropriate > for inclusion in Debian main because of the inherent security issues. Most > notably, out inability to audit them.
That's nonsense. First, "our inability to audit" has never figured in any restrictions. Second, the sort of firmware that has no source are microcode to drive state machines in the hardware, and without the full engineering specs you need some *serious* reverse engineering effort to do anything with it anyway. It is also likely to have no security relevance outside of causing that particular hardware to misbehave: nobody uses stuff like this to drive a PCI or RDMA engine (which would be a real cause of concern on boxes without MMU "firewalling"). However, if you say there was an ASM version of the firmware, and it was not just the same binary data in a different container (i.e. it was a higher-level representation of the code), then it indeed belongs in non-free and I stand corrected about it being sourceless microcode. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
