Package: fwupd Version: 1.8.4-2 Severity: minor Dear Maintainer,
A few days ago we had press reports about updates from a specific os vendor that made some linux machines unbootable. Although that the vendor was probably well minded, this was problematic. Today, at login I had a motd message from fwupd reminding me of a very similar (or the same update) on my linux systems. Some user might have installed it already accidentially via discover. At this point I was looking for documentation about fwupd (mostly I knew about it via phoronix.com telling me how great is is). But there is very little to find in the internet (an outdated ubuntu page, or some arch linux doc). Debian neither provides sufficient documentation. Having in mind, that this february a satelite network provider distrubuted a malicious firmware update that destroied thousands of satelite modems, I choose the uninstall fwupdate on all machines. Please: The fwupdt package is very invasive and might be used maliciously. At least it should be documented in an understandable way or should be disabled by default. It should not be used for automatic updates that can be triggered by unexperienced users (like in discover) at all. Yours Jürgen -- System Information: Debian Release: bookworm/sid APT prefers testing APT policy: (500, 'testing'), (400, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.19.0-1-amd64 (SMP w/4 CPU threads; PREEMPT) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages fwupd depends on: ii libc6 2.34-7 ii libcurl3-gnutls 7.85.0-1 ii libefiboot1 37-6 ii libelf1 0.187-2 pn libflashrom1 <none> ii libfwupd2 1.8.4-2 pn libfwupdplugin1 <none> pn libfwupdplugin7 <none> ii libglib2.0-0 2.73.3-3 ii libgnutls30 3.7.7-2 ii libgudev-1.0-0 237-2 ii libgusb2 0.3.10-1 ii libjcat1 0.1.9-1 ii libjson-glib-1.0-0 1.6.6-1 ii libmbim-glib4 1.26.4-1 ii libmbim-proxy 1.26.4-1 ii libmm-glib0 1.18.10-2 ii libpolkit-gobject-1-0 0.105-33 ii libprotobuf-c1 1.4.1-1 ii libqmi-glib5 1.30.8-1 ii libqmi-proxy 1.30.8-1 pn libsmbios-c2 <none> ii libsqlite3-0 3.39.3-1 ii libsystemd0 251.4-3 ii libtss2-esys-3.0.2-0 3.2.0-1+b1 pn libxmlb1 <none> ii libxmlb2 0.3.8-1 ii shared-mime-info 2.2-1 Versions of packages fwupd recommends: pn bolt <none> ii dbus 1.14.0-2 pn fwupd-signed <none> pn jq <none> ii python3 3.10.6-1 pn secureboot-db <none> ii udisks2 2.9.4-3 Versions of packages fwupd suggests: pn gir1.2-fwupd-2.0 <none>
