Bug#1003973: Should we pull in fwupd by default for most systems?
On Tuesday, 18 January 2022 20:13:14 CET Steve McIntyre wrote: > At the moment, fwupd will only be installed by default on systems > installed to use a Gnome desktop (checked for Buster, Bullseye and > Sid). On Gnome, yes, but not other DE or systems where no DE is installed: $ apt-cache rdepends fwupd fwupd Reverse Depends: fwupd-amd64-signed fwupd-unsigned fwupd-tests plasma-discover-backend-fwupd gnome-software gnome-firmware fwupdate (I removed the duplicates and :arm64 entries from that list) It's direct dependency list is also rather large and I don't know how to retrieve its transitive dependency list, but seeing the following items, I expect a LOT of GLib and other Gnome software will be dragged in: libgusb2, libjson-glib-1.0-0, libpolkit-gobject-1-0 Not a problem on Gnome DE systems as I assume they'll get them anyway, but others may not want those. And then there are the (transitive) recommendations. > We should probably pull it in and enable it by default for most > systems (i.e. all desktops and servers) For me it's primarily useful on my Thinkpad *laptop* as I'm lucky that Lenovo supports fwupd (for Thinkpads (at least?)). On my PC/servers I've only gotten an update once for my Logitech Unifying Receiver, but most are still on BIOS or hybrid. When updating my laptop, I always verify that I have a working Live (rescue) CD/disk because M$ bootloader usually gets enabled by default, so I have to use a Live disk and then through chroot reinstall GRUB, so I can boot into Debian again. So for me it's not an entirely smooth experience, which I think it should be if enabled for everyone. > - it's the primary way expected to drive updates to UEFI system firmware > and the DBX list. I really do like the project/initiative btw and I hope many more companies will provide their updates through that system. But it would be a stretch to say that we're there yet (or even close). > Maybe just for UEFI installations? I would recommend to at least restrict it to those installations as UEFI seems to be assumed (or even required?). Given the above *I* would not be in favor of installing it for everyone (just yet). But I am just one person. My 0.02 signature.asc Description: This is a digitally signed message part.
Bug#1003973: Should we pull in fwupd by default for most systems?
How to unsubscribe from this newsletter? Em ter., 18 de jan. de 2022 às 16:39, Osmario Avila escreveu: > How to unsubscribe from this newsletter? > > > Em ter., 18 de jan. de 2022 às 16:15, Steve McIntyre > escreveu: > >> Source: tasksel >> Severity: normal >> Tags: security >> >> Hi, >> >> At the moment, fwupd will only be installed by default on systems >> installed to use a Gnome desktop (checked for Buster, Bullseye and >> Sid). >> >> We should probably pull it in and enable it by default for most >> systems (i.e. all desktops and servers) - it's the primary way >> expected to drive updates to UEFI system firmware and the DBX >> list. Maybe just for UEFI installations? >> >> -- System Information: >> Debian Release: 10.11 >> APT prefers oldstable-updates >> APT policy: (500, 'oldstable-updates'), (500, 'oldstable-debug'), (500, >> 'oldoldstable'), (500, 'oldstable') >> Architecture: amd64 (x86_64) >> Foreign Architectures: i386 >> >> Kernel: Linux 5.10.0-0.bpo.9-amd64 (SMP w/4 CPU cores) >> Kernel taint flags: TAINT_CPU_OUT_OF_SPEC >> Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), >> LANGUAGE=en_GB:en (charmap=UTF-8) >> Shell: /bin/sh linked to /usr/bin/dash >> Init: systemd (via /run/systemd/system) >> LSM: AppArmor: enabled >> >> -- debconf information excluded >> >>
Bug#1003973: Should we pull in fwupd by default for most systems?
How to unsubscribe from this newsletter? Em ter., 18 de jan. de 2022 às 16:15, Steve McIntyre escreveu: > Source: tasksel > Severity: normal > Tags: security > > Hi, > > At the moment, fwupd will only be installed by default on systems > installed to use a Gnome desktop (checked for Buster, Bullseye and > Sid). > > We should probably pull it in and enable it by default for most > systems (i.e. all desktops and servers) - it's the primary way > expected to drive updates to UEFI system firmware and the DBX > list. Maybe just for UEFI installations? > > -- System Information: > Debian Release: 10.11 > APT prefers oldstable-updates > APT policy: (500, 'oldstable-updates'), (500, 'oldstable-debug'), (500, > 'oldoldstable'), (500, 'oldstable') > Architecture: amd64 (x86_64) > Foreign Architectures: i386 > > Kernel: Linux 5.10.0-0.bpo.9-amd64 (SMP w/4 CPU cores) > Kernel taint flags: TAINT_CPU_OUT_OF_SPEC > Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), > LANGUAGE=en_GB:en (charmap=UTF-8) > Shell: /bin/sh linked to /usr/bin/dash > Init: systemd (via /run/systemd/system) > LSM: AppArmor: enabled > > -- debconf information excluded > >
Bug#1003973: Should we pull in fwupd by default for most systems?
Source: tasksel Severity: normal Tags: security Hi, At the moment, fwupd will only be installed by default on systems installed to use a Gnome desktop (checked for Buster, Bullseye and Sid). We should probably pull it in and enable it by default for most systems (i.e. all desktops and servers) - it's the primary way expected to drive updates to UEFI system firmware and the DBX list. Maybe just for UEFI installations? -- System Information: Debian Release: 10.11 APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'oldstable-debug'), (500, 'oldoldstable'), (500, 'oldstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.10.0-0.bpo.9-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_CPU_OUT_OF_SPEC Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled -- debconf information excluded
