Re: [GNU-linux-libre] PureOS non-free repo
On Sat, 20 Jan 2018 06:34:21 +0100 Jean Louiswrote: > Free GNU operating system can be free on one > domain while other domain selling laptops > requiring some proprietary software. > > Then again, such laptop sales shall not be > promoted as having operating system endorsed by > FSF if such is not fully free. I don't see the issue here. Shipping Trisquel or PureOS on laptops is good. However Trisquel or PureOS should not promote non-free software. Being able to run an FSDG (Free Software Distribution Guidelines) compliant distribution is not enough for freedom though, but there a certification for full systems: The RYF (Respect Your Freedom) certification. See fsf.org/ryf for more details. > That is proprietary software within the CPU. That proprietary software runs on a separate processor, and unlike the BIOS/UEFI, it is not run by the main CPU. When you buy a "discrete Intel CPU", nowadays, it also contains a GPU, and also the management engine processor. They are all in the same physical chip, but the management engine processor runs its own OS and tries to prevent the main CPU from taking control of it. > it further means that majority of Intel run computers are > running non-free software on the CPU itself. Not on the main CPU. > The question is does the update of the Intel > Management Engine constitute part of the operating > system or not? No, it's not. The flash chip that holds the BIOS/UEFI is partitioned and has a partition for the management engine, and a partition for the BIOS/UEFI. > If such update is distributed by the operating > system, then is the distribution free? I guess that they do not distribute "BIOS updates" that as part of the operating system, but if they did, they would need to remove it to keep being FSDG compliant. > Even those computers using Libreboot are still > using the Intel Management Engine. Not all are. The Thinkpad X200 has a management engine but it is deactivated by removing the code it's supposed to load. > That is different branch of the fight for privacy. Best > would be replacing Intel with free CPU. But does > it exist? Computers that works with only free software would be enough, with the additional requirement of having also free software microcode. Free systems can work without shipping or using non-free microcode updates, but then years later issues you end up with issues like Spectre and Meltdown that you cannot fix. See this link for more details: https://libreplanet.org/wiki/Group:Hardware/ReverseEngineering#CPU_Microcode > Intel processors already contain inside Intel > Management Engine, isn't that modified MINIX > inside? [...] > It means there is no current solution to have Intel > Management Engine as free software, [...] See my article about the management engine here for more details: https://www.fsf.org/blogs/sysadmin/the-management-engine-an-attack-on-computer-users-freedom Denis. pgpcWBvEIaRvA.pgp Description: OpenPGP digital signature
Re: [GNU-linux-libre] PureOS non-free repo
On 01/20/2018 01:54 PM, Caleb Herbert wrote: > >> So in some ways maybe it could be seen as similar to RPM Fusion? > > That's what I think, and it makes sense that the RPM Fusion method was > accepted, because the FSDG derives from Fedora guidelines. to be clear, the "RPM Fusion method" is acceptable because fedora does not officially endorse or even recommend it - it's softwre is accessed only by the user explicitly adding the foreign URL to their mirror list; which could be any standard RPM repo hosted by anyone, just as ubuntu "PPA"s can be easily used in trisquel or debian non-free repos can be easily used in pureos and gnewsense, if the user choses to do so - it is not the aim of the FSDG to prevent users from installing their choice of software; only that FSDG distros should not recommend or assist in using non-free software signature.asc Description: OpenPGP digital signature
Re: [GNU-linux-libre] PureOS non-free repo
On Fri, 19 Jan 2018 21:16:49 -0800 (PST) "Jason Self"wrote: > Another problematic point seems their statement that "all new laptop > shipments include Meltdown and Spectre patches, as they will have the > latest PureOS image (that includes the Meltdown patch) preloaded" There are Software patches to mitigate Meltdown and Spectre issues in software like Linux or Firefox based browsers. As for the microcode, they can ship it to new customers without having to touch PureOS at all. This can be done in Coreboot by selecting "Include CPU microcode in CBFS (Include external microcode header files)" during the compilation. > I realize that, in the FSF's announcement of endorsing PureOS, they > said that it wasn't "a certification of any particular hardware > shipping with PureOS" although some people might buy Purism's > computers thinking that they're getting an FSF-endorsed distro along > with it that doesn't have any proprietary junk when -- by Purism's > own announcement -- they're shipping with it included. I run PureOS on a Thinkpad X200 that runs a 100% free software Coreboot image[1]. There is a PureOS bug tracker where we can report bugs[2], including freedom issues with PureOS. I've already reported 1 freedom issue and I hope it is or will be fixed. I looked for a potential microcode update with "apt search microcode" and found nothing. So this is good news. Like with other FSDG compliant GNU/Linux distributions, there might be some packages that needs to be fixed, and it would be nice to open bug reports on that. I'm personally very interested in PureOS because it's is supposed to be FSDG compliant, and can replace Debian in some cases. I intend to use it to be able to compile Replicant without depending on Debian, to fix one of the FSDG-compliance issues Replicant has. It would be nice if PureOS could run on all architectures that Debian runs on, as we would have an FSDG compliant GNU/Linux distribution that would run on more hardware that can function with only free software. I also didn't find x86 32bit versions of PureOS, which is sad because a lot of Libreboot compatible hardware is still 32bit only. So far we have, as general purpose GNU/Linux distribution: - Parabola that can run on ARM. - Guix that can also run on ARM. Trisquel doesn't run on ARM, and as far as I know we have no easy to use general purpose distribution for ARM. It would also be nice to have more FSDG distributions, for instance I came across Hyperblola[3], which claims to be FSDG compliant. I didn't find it in the official list of FSDG compliant distributions[4]. I also wonder whether all the distributions listed there are maintained and if not, it would make sense to move the unmaintained distributions in another section (like "Historic", "Unmaintained distributions", or if we want new maintainers, "Distributions looking for new maintainers"). References: --- [1]Coreboot itself is not entirely free software: The freedom you get depends on the hardware and the build configuration you use. I use hardware and build configuration that doesn't include any nonfree software in the image. [2]https://tracker.pureos.net/tag/freedom-harm_need_nonfree_code/ [3]https://www.hyperbola.info/ [4]https://www.gnu.org/distros/free-distros.html Denis. pgpYpoYa9RBLe.pgp Description: OpenPGP digital signature
Re: [GNU-linux-libre] PureOS non-free repo
On Fri, Jan 19, 2018 at 09:16:49PM -0800, Jason Self wrote: > Alexandre Olivawrote .. > > It certainly sounds odd. But, honestly, right now I'm more > > concerned that updates for PureOS seem to have been published in a > > non-free repo. Specifically, non-free microcode for CPUs affected > > by Spectre. Surely we don't mean to endorse distros that do that, > > do we? Purism's messaging seems to attempt to distance their new > > nonfree repos and dists from PureOS, but... I fail to see the > > difference between that and what Debian does. But then, I haven't > > looked very closely. Am I missing something? > > > > https://puri.sm/posts/purism-patches-meltdown-and-spectre-variant-2-both-included-in-all-new-librem-laptops/ > > https://deb.puri.sm/pureos/dists/purism-nonfree/> > > https://deb.puri.sm/pureos/pool/non-free/i/intel-microcode/>> > > Thoughts? > > It seems similar in some ways and dissimilar in others. > > My understanding is that the challenge with Debian's non-free stuff > is "the repository is hosted on many of the project's main servers, > and people can readily find these nonfree packages by browsing > Debian's online package database and its wiki." (To quote from the > common distros page.) > > Purism seems to avoid at least some of this this by having it on a > different domain, and I don't seem to find information at > http://pureos.net about installing the > proprietary software. That is good that there is no information. Free GNU operating system can be free on one domain while other domain selling laptops requiring some proprietary software. Then again, such laptop sales shall not be promoted as having operating system endorsed by FSF if such is not fully free. But that is all theoretical statement. Intel processors already contain inside Intel Management Engine, isn't that modified MINIX inside? That is proprietary software within the CPU. It means there is no current solution to have Intel Management Engine as free software, it further means that majority of Intel run computers are running non-free software on the CPU itself. The question is does the update of the Intel Management Engine constitute part of the operating system or not? If such update is distributed by the operating system, then is the distribution free? Or shall such update be ignored, as it is maybe not part of the operating system? Even those computers using Libreboot are still using the Intel Management Engine. That is different branch of the fight for privacy. Best would be replacing Intel with free CPU. But does it exist? Jean Louis
[GNU-linux-libre] PureOS non-free repo
Alexandre Olivawrote .. > It certainly sounds odd. But, honestly, right now I'm more > concerned that updates for PureOS seem to have been published in a > non-free repo. Specifically, non-free microcode for CPUs affected > by Spectre. Surely we don't mean to endorse distros that do that, > do we? Purism's messaging seems to attempt to distance their new > nonfree repos and dists from PureOS, but... I fail to see the > difference between that and what Debian does. But then, I haven't > looked very closely. Am I missing something? > https://puri.sm/posts/purism-patches-meltdown-and-spectre-variant-2-both-included-in-all-new-librem-laptops/ > https://deb.puri.sm/pureos/dists/purism-nonfree/> > https://deb.puri.sm/pureos/pool/non-free/i/intel-microcode/>> > Thoughts? It seems similar in some ways and dissimilar in others. My understanding is that the challenge with Debian's non-free stuff is "the repository is hosted on many of the project's main servers, and people can readily find these nonfree packages by browsing Debian's online package database and its wiki." (To quote from the common distros page.) Purism seems to avoid at least some of this this by having it on a different domain, and I don't seem to find information at http://pureos.net about installing the proprietary software. So in some ways maybe it could be seen as similar to RPM Fusion? On the other hand, my understanding is that RPM Fusion is operated by a third party. I'm not sure how Purism being the folks behind this repo will change anything. We know that Debian's method was deemed not acceptable and the RPM Fusion method was since it was on a different site run by different people but Purism's method seems somewhere in between these two cases. And in the case of RPM Fusion that "separate domain" wasn't the domain of the primary driving force behind the distro who also made made news posts about how to set it up. It would be good to get clarification from the FSF on this on how this all fits in FSDG-wise. Another problematic point seems their statement that "all new laptop shipments include Meltdown and Spectre patches, as they will have the latest PureOS image (that includes the Meltdown patch) preloaded" I realize that, in the FSF's announcement of endorsing PureOS, they said that it wasn't "a certification of any particular hardware shipping with PureOS" although some people might buy Purism's computers thinking that they're getting an FSF-endorsed distro along with it that doesn't have any proprietary junk when -- by Purism's own announcement -- they're shipping with it included.