Alexandre Oliva <lxol...@fsfla.org> wrote .. > It certainly sounds odd. But, honestly, right now I'm more > concerned that updates for PureOS seem to have been published in a > non-free repo. Specifically, non-free microcode for CPUs affected > by Spectre. Surely we don't mean to endorse distros that do that, > do we? Purism's messaging seems to attempt to distance their new > nonfree repos and dists from PureOS, but... I fail to see the > difference between that and what Debian does. But then, I haven't > looked very closely. Am I missing something?
> https://puri.sm/posts/purism-patches-meltdown-and-spectre-variant-2-both-included-in-all-new-librem-laptops/ > https://deb.puri.sm/pureos/dists/purism-nonfree/> > https://deb.puri.sm/pureos/pool/non-free/i/intel-microcode/>> > Thoughts? It seems similar in some ways and dissimilar in others. My understanding is that the challenge with Debian's non-free stuff is "the repository is hosted on many of the project's main servers, and people can readily find these nonfree packages by browsing Debian's online package database and its wiki." (To quote from the common distros page.) Purism seems to avoid at least some of this this by having it on a different domain, and I don't seem to find information at http://pureos.net about installing the proprietary software. So in some ways maybe it could be seen as similar to RPM Fusion? On the other hand, my understanding is that RPM Fusion is operated by a third party. I'm not sure how Purism being the folks behind this repo will change anything. We know that Debian's method was deemed not acceptable and the RPM Fusion method was since it was on a different site run by different people but Purism's method seems somewhere in between these two cases. And in the case of RPM Fusion that "separate domain" wasn't the domain of the primary driving force behind the distro who also made made news posts about how to set it up. It would be good to get clarification from the FSF on this on how this all fits in FSDG-wise. Another problematic point seems their statement that "all new laptop shipments include Meltdown and Spectre patches, as they will have the latest PureOS image (that includes the Meltdown patch) preloaded" I realize that, in the FSF's announcement of endorsing PureOS, they said that it wasn't "a certification of any particular hardware shipping with PureOS" although some people might buy Purism's computers thinking that they're getting an FSF-endorsed distro along with it that doesn't have any proprietary junk when -- by Purism's own announcement -- they're shipping with it included.