Freedom issue #2909
Do check fwupd
0%
Related issues
History
Updated by GNUtoo 3 months ago
We ship the fwupd package unmodified from the various archlinux GNU/Linux distributions.
On i686 it comes from community:
$ pacman -sS fwupd community/fwupd 1.4.6-1.0 [installed] Simple daemon to allow session software to update firmware community/gnome-firmware 3.36.0-2.0 Manage firmware on devices supported by fwupd
fwupd is a daemon that is meant to update various firmwares1 regardless of if they are free or not.
So it's a bit like a package manager for firmwares.
So if it has not been done already, it would be a good idea to check if its configuration is ok or not.
As at least one firmware (for the color huges if I recall the name well) is free software and known to be available through this system, so it might be a good idea to check if free firmwares are completely ok and keep such firmwares if that's easy to do.
1 Here firmware means code that is in various devices and not part of the operating system, so from SSD firmwares to even BIOS/UEFI.
Updated by GNUtoo 3 months ago
I found some highly suspicious files:
$ pacman -Q -l fwupd | grep -i lvfs fwupd /etc/fwupd/remotes.d/lvfs-testing.conf fwupd /etc/fwupd/remotes.d/lvfs.conf [...] $ cat /etc/fwupd/remotes.d/lvfs.conf [fwupd Remote] # this remote provides metadata and firmware marked as 'stable' from the LVFS Enabled=true Title=Linux Vendor Firmware Service Keyring=gpg MetadataURI=https://cdn.fwupd.org/downloads/firmware.xml.gz ReportURI=https://fwupd.org/lvfs/firmware/report OrderBefore=fwupd
https://cdn.fwupd.org/downloads/firmware.xml.gz seem to contain references to many nonfree firmwares.
Updated by bill-auger 3 months ago
- Related to Freedom issue #1035: [your-system-sanity]: Non-Free Software From Third-party Package Managers added
Updated by bill-auger 3 months ago
GNUtoo -
i notice that you do not fill in the descriptions for new
tickets that you open; but instead add a secondary comment
with the details later - the initial ticket form should have
a text field for the description - i wonder is the interface
broken for you maybe
this is also peculiar, because some people are not allowed to
submit the ticket if the description field is empty - redmine
normally rejects the post, with an error message: "description
can not be empty" - i have not investigated that, but i assumed
it was a global behavior
Updated by GNUtoo 3 months ago
The reason is simple:i notice that you do not fill in the descriptions for new
tickets that you open; but instead add a secondary comment
with the details later - the initial ticket form should have
a text field for the description - i wonder is the interface
broken for you maybe
- The first description cannot be edited later on
- I often make mistakes also because I've no preview without JavaScript1.
1 JavaScript isn't bad per-se but here it acts as arbitrary execution of code, can be viewed as as a security issue, depending on your threat model. It is a good practice to not tie the security of one's computer to the computer(s) serving serving the JavaScript code and all the infrastructure in between (SSL PKI).
Updated by bill-auger 3 months ago
ok, understood - the description can be edited; but it does
require javascript to expose the form
this is the HTML element definition:
<span id="issue_description_and_toolbar" style="display:none">
you could probably do some magic by injecting some CSS with some
styling tool, to make the form always exposed
#issue_description_and_toolbar { display: block ; }
or with local javascript/greasemonkey:
document.getElementById('issue_description_and_toolbar').show()
a better solution would be to prevent redmine from hiding it for
admins and the OP - im sure thats a simple change