From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: Re: Meltdown / Spectre Date: Wed, 10 Jan 2018 00:26:23 -0500 Message-ID: <20180110052623.GA29749@jasmine.lan> References: <874lnzcedp.fsf@gmail.com> <20180106174358.GA28436@jasmine.lan> <87lghapeu5.fsf@gmail.com> <87incc6z9o.fsf@gmail.com> <87fu7g436e.fsf@fastmail.com> <807794bd-5262-8b36-1f9f-dd3a316928ff@tobias.gr> <87d12i7pud.fsf@gmail.com> <315934ac-8ea6-5728-87a3-26cc59033220@tobias.gr> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="MGYHOYXEY6WxJCY8" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:42246) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eZ8uk-0000tS-Rh for guix-devel@gnu.org; Wed, 10 Jan 2018 00:27:03 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eZ8uf-0006yU-Ui for guix-devel@gnu.org; Wed, 10 Jan 2018 00:27:02 -0500 Received: from out3-smtp.messagingengine.com ([66.111.4.27]:51587) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1eZ8uf-0006y3-OT for guix-devel@gnu.org; Wed, 10 Jan 2018 00:26:57 -0500 Content-Disposition: inline In-Reply-To: <315934ac-8ea6-5728-87a3-26cc59033220@tobias.gr> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Tobias Geerinckx-Rice Cc: development@libreboot.org, guix-devel@gnu.org --MGYHOYXEY6WxJCY8 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jan 09, 2018 at 10:18:51PM +0100, Tobias Geerinckx-Rice wrote: > Katherine Cox-Buday wrote on 09/01/18 at 21:13: > > Tobias Geerinckx-Rice writes: > >> [...] how do we square not recommending proprietary globs like this > >> in official channels with giving users all knowledge required to > >> decide for themselves? > >=20 > > Yes, this exactly. [...] > > against the welfare of users. If an opaque microcode is required to > > successfully mitigate these bugs, what is the moral stance to take> I > > don't have an answer and that's why I'm asking here :) >=20 > Logically, it's perfectly sound to extrapolate the above policy to CPUs > and entire systems. I'm half surprised someone hasn't done so yet: buy a > Free(er) system, and you're arguably much better off than with even a > patched non-Free one. And you're voting with your wallet. We all win! > > Morally, at least in the short-to-medium term, I'm not convinced. > The smell of privilege becomes hard to ignore with the costs and other > assumptions involved. I think I agree with you here, Tobias. To me, the right choice is not to suggest that people replace almost every general-purpose CPU that exists, but rather to help them fix these bugs while keeping the CPU they've already paid for, and that the Earth's ecology has already paid for. Even though microcode updates are not free software. This is a situation where some definition of "user safety" beats "user control", in my estimation. However, my understanding is that this sort of situation has been discussed by RMS or the FSF, and even then the advice is to favor software freedom. --MGYHOYXEY6WxJCY8 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlpVo/8ACgkQJkb6MLrK fwgWzg/7Bf9EA1i+zCvA5Ak5hGW1puT+61dManjhDYCtEeIesoiDAUcWK9zFqRrX hAMoOpQt9f5H+KXb6IL3Dktjnf7pBECmKnbO9sP/roJRN1pzfPeNv0L/t0XkWUb+ +j0ppkfT1PVWmbMAP4NhELJHCtqmO3Uf/6wrcsDOmGgV06gMPCTBRC9rsWy9nC5g gzKwA2P0JPu0XT04dln6JyKzWJ0qM79ayyLJPKoyST9JpJqQAoHJzRl4TgBKa1HT TUGjRI8Y1tB44YJFjQlue2FO01YaHOGnBE3gvUHI3t7LkGyFu5MLdL9S2Onm94A9 +oSxPMtF0iqlMbtlkbohBnL6aOSnkcuyi3xfbdCdF71uXO5NUtKCASXcj62df9nE iItrkZHbCzyhaWuLNuYrBTkq+pm5uBCLaLQhPN7Xc2uwmCPHv+my0OC0ZrCvNpLO Cq2MsvxLU0rYgnis2C6PeslFwG5Brtrs8sIm4OGX7MNQIjja8BLrgttgLjBWNpbn fm4172Qx2r71mjkpbIN+tw15Y0Q2S4FfhfTWRNhSWdeZ5HQnRo3ELui9TGo3yJuB BgWxWhrU5IWtlkbpn7kyfhxqREatDL6AzE3saDUIiok0+qQIYWAFCy+iuBfqL3qr blTPTu0N5hu0e09VU3RDAasMx/s4rQIGRXHlEv5omiWwddL8Jos= =3fiV -----END PGP SIGNATURE----- --MGYHOYXEY6WxJCY8--