From mboxrd@z Thu Jan 1 00:00:00 1970 From: Tobias Geerinckx-Rice Subject: Re: Meltdown / Spectre Date: Tue, 9 Jan 2018 22:18:51 +0100 Message-ID: <315934ac-8ea6-5728-87a3-26cc59033220@tobias.gr> References: <874lnzcedp.fsf@gmail.com> <20180106174358.GA28436@jasmine.lan> <87lghapeu5.fsf@gmail.com> <87incc6z9o.fsf@gmail.com> <87fu7g436e.fsf@fastmail.com> <807794bd-5262-8b36-1f9f-dd3a316928ff@tobias.gr> <87d12i7pud.fsf@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:37381) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eZ1Fb-0000zd-7S for guix-devel@gnu.org; Tue, 09 Jan 2018 16:16:04 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eZ1Fa-00067Q-Ba for guix-devel@gnu.org; Tue, 09 Jan 2018 16:16:03 -0500 Received: from tobias.gr ([2001:470:cc92::1]:59720) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1eZ1FZ-00066E-Vf for guix-devel@gnu.org; Tue, 09 Jan 2018 16:16:02 -0500 In-Reply-To: <87d12i7pud.fsf@gmail.com> Content-Language: en-GB List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: cox.katherine.e@gmail.com Cc: development@libreboot.org, guix-devel@gnu.org Katherine, Not really an answer to your question, I'm afraid. Just some thoughts I had after hitting ‘Send’ on my previous non-answer. Katherine Cox-Buday wrote on 09/01/18 at 21:13: > Tobias Geerinckx-Rice writes: >> [...] how do we square not recommending proprietary globs like this >> in official channels with giving users all knowledge required to >> decide for themselves? > > Yes, this exactly. > > It's a unique (hm, is it?) situation pitting the ideals of copyleft I don't think it's unique per se, but it is of another degree entirely than, for example, asking users to buy a €15 RYF-certified wireless card instead of pushing proprietary firmware to the one they already have.[0] The rationale there being that freedom is worth the price, and (implicitly but importantly) that this price is affordable for anyone who values their freedom and owns a computer to begin with. I think that's reasonable. > against the welfare of users. If an opaque microcode is required to > successfully mitigate these bugs, what is the moral stance to take> I > don't have an answer and that's why I'm asking here :) Logically, it's perfectly sound to extrapolate the above policy to CPUs and entire systems. I'm half surprised someone hasn't done so yet: buy a Free(er) system, and you're arguably much better off than with even a patched non-Free one. And you're voting with your wallet. We all win! Morally, at least in the short-to-medium term, I'm not convinced. The smell of privilege becomes hard to ignore with the costs and other assumptions involved. Like you, I'm very curious to know what others think. * * * Note: despite my musing above, I don't *actually* expect GNU Guix to start shipping or even recommending proprietary software, including microcode. It opens cans of worms and then the worms get everywhere. Kind regards, T G-R [0]: I'll not address the question of whether a device with proprietary firmware that you can or must update is more or less free than a device with proprietary firmware that you can't.