There will probably be an "unofficial 100% free installer" for those who care about that. The SC change does not forbid that, it just says that what Debian publishes by default should not introduce obvious breakage on systems where providing non-free firmware is required for proper operation.

More open source should think like this.

I’ve been aggressively trying to get OpenWRT to ship the images with WiFi on by default. At this point 99.99% of people are not leaving their network unsecured, and if for some reason you have to reset the router it becomes a plastic brick unless you have an Ethernet cable and an USB-to-ethernet adapter nearby.

Even suggestions of either creating a landing page that forces the user to set up security before allowing internet connectivity, or basing the WiFi password on the serial number (that is also on the back of any router) falls on deaf ears.

99.99% of people are doing what? Sorry, the double negative above is confusing me.

With what password? Plenty of people won't configure things they don't have to and that's a huge security hole. I don't see the utility in this change frankly.

In case I wasn't clear, configuring it over wired Ethernet is exactly what I'm suggesting. This is a far more usable and secure default than default than wireless on with the password as some universal default or using the serial number.

While I have no doubt that this is true for home-grade firewall/NAT/wifi combo boxes in general, with very few exceptions OpenWRT is not a thing you get out of the box nor a thing "normal people" install.

The Venn diagram of "people who have chosen to install an alternate firmware on their home network appliance" and "people who don't have an ethernet capable device around at basically all times" can't have a lot of overlap.

Maybe I'm wrong about that, but to me OpenWRT means geek audience, and geeks generally understand the value of a wired connection.

How would you communicate with the router without an ethernet connection to it?

Remember, WiFi is off by default.

At that point you're probably gonna have to do some serial or JTAG magic, which is gonna involve physically breaking open the router and soldering. So much for 'two clicks'.

Using the Ethernet port is exactly what I'm suggesting. This is far simpler than using the serial number as the wifi password, and more secure than a universal password.

Furthermore, there are legal liabilities involved with the wifi spectrum. Different countries reserve different bands in the spectrum and have different limits on transmission power. OpenWRT would have to provide different builds for different countries, maintain and validate this list and risk making costly legal mistakes here, or if there's some lowest common denominator, then risk giving OpenWRT getting a reputation for bad wifi.

No, best to let the user take in the liability of configuring their own router. The improvements in usability are marginal and the potential costs to OpenWRT are considerable.

OpenWRT is already ‘exposed’ (not really) to this risk, because as soon as you flip the radio to ‘on’, it’s just set to the default, not your specific region.

> The improvements in usability are marginal and the potential costs to OpenWRT are considerable.

And here we have it, the exact attitude the OP was talking about. Open source needs to become more considerate of its users.

The radio does not turn on unless you tell it to by saving your configuration. That's where the liability lies and that liability falls on the user at present. Placing it on the project is not acceptable.

> And here we have it, the exact attitude the OP was talking about. Open source needs to become more considerate of its users.

Inapplicable when the attitude exists for a good reason. Users can go elsewhere for free stuff if they're not happy with it.

The liability isn't on the project regardless.

> Users can go elsewhere for free stuff if they're not happy with it.

You're literally a 'why open source keeps sucking' quote machine.

OK random person on the internet whose word I should accept on a subtle legal question. Tools that assist in violating the law are often themselves classed as illegal or carry liability for the producers. For instance, tools that assist in bypassing copyright protections, and tools that assist in breaking locks to name but a few.

Go ahead and quote me some rock solid precedent that would shield OpenWRT from any kind of liability if they wifi enabled distributed images with illegal configurations. A precedent that would apply in every jurisdiction mind you.

> You're literally a 'why open source keeps sucking' quote machine.

You made your case, the people actually doing the work clearly disagreed, so time to move on. Use your own time to make your perfect solution if it's that important to you, instead of demanding others do the same.

OpenWRT already provides the image builder, so all you technically need to do is host it: https://openwrt.org/docs/guide-user/additional-software/imag...

Best of luck with that.

Not all distros have to be everything for everyone. It's OK to have a niche. If you want a distro that you can "just install" on any old bit of hardware that you have lying around, there are plenty of other distros out there that will do that already.

I liked that Debian made you think about Freedom. If you wanted to use the "standard" installer and live up to Debian's Free Software ideals, as enshrined in Social Contract, you had to think about which companies made hardware that had Free drivers available, and make an effort to give your money to those that enabled that use-case. Or, burden of burdens!, you could spend a couple of extra minutes and a handful of clicks to track down the "unofficial" non-Free installer image.

Seriously, it wasn't that hard.

Yes, I know that the SC says that Debian's priorities are "our users, and Free Software" (but below "will remain 100% free"), but "our users" doesn't necessarily mean "all possible users". For those users that came to Debian primarily for the Freedom, I think this is a misstep.

But, I don't determine which priorities and users are the most important to Debian, the membership does. And Debian is still one of the most committed to freedom distros out there, especially for its size. So, while this is not the choice that I would have made, now that it has been, I hope it makes Debian stronger going forwards.

Technical people will understand or at least suspect these problems, but a novice user who wants to try Linux (they are non-technical and already don't fully understand the concept of distros - maybe someone once told them "try Debian" and so for them "Linux" is Debian), see a nice "Download" button on the homepage, try it out and then are left disgruntled not just by Debian but Linux in general when the thing doesn't work because their network card requires proprietary firmware, so they go back to Windows, running way more proprietary software than a firmware blob, and as a bonus they now have a negative opinion of "Linux".

Having more users use some free software is better than those users giving up just so that some purists' ideological concerns be satisfied.

You think that if someone tells a novice to "try Guix" or "try GoboLinux", and they get disgruntled with Linux in general that that's Guix's or GoboLinux's fault? Maybe Guix/Gobo should just go back to doing things the same way as everyone else?

Or is Debian's problem that it's just too good (too big/too popular/too established) as a distro to have a niche like "being Free"? Maybe it should work on being less user-friendly and shrink the user-base in order to keep doing the Free thing without accidentally getting recommended to newbies and turning them away from "Linux"?

Pretty obviously, they think exactly that. I agree. What's the harm, unless you were planning on deception?

More transparency to potential users is always good. Similarly, I try to be open about I'm not very experienced on my open source projects someone could conceivably rely on.

I only got to know about the unofficial installer on here, years after it could've been useful. At the time, I didn't have an extra machine to fetch the necessary binaries I needed to get networking working on my laptop. This was when I dropped Debian.

I'd be perfectly fine with an installer that lets me have the choice, as long as it doesn't require me to reboot into a different OS to actually fetch the stuff I need. Just think of the man-hours wasted globally.

Apparently this option lost by 6 votes:

    Option 5 "Change SC for non-free firmware in installer, one installer"
    Option 6 "Change SC for non-free firmware in installer, keep both installers"
    .
    .
    .
    Option 5 defeats Option 6 by ( 169 -  163) =    6 votes.

> The included firmware binaries will normally be enabled by default where the system determines that they are required, but where possible we will include ways for users to disable this at boot (boot menu option, kernel command line etc.).

https://salsa.debian.org/debian/devotee

[1] https://en.wikipedia.org/wiki/Schulze_method

[1]: <https://en.wikipedia.org/wiki/Condorcet_method>

[Confidence in a voting system is vital to the operation of democracy, once upon a time this needed a lot of explaining but I'd guess 2020 was recent enough that most readers know why it's a problem if loads of voters are somehow persuaded the results are bogus. Complicated systems make it harder to build confidence because some voters don't understand how it works and thus why should they have any confidence that it behaves correctly?]

Debian specifically uses the Schulze method (a particular Condorcet method which avoids need for a "tie-break" mechanism by always picking a winner). And yes, this involves a lot more maths than First-past-the-post which may be familiar to a lot of readers.

Note that "proportional" methods don't make any sense in this type of vote because there is nothing to share out. One of the options wins, all the others lose. Whether proportional systems are appropriate for electing members to a legislature for example, is a separate question.

It's a change to the Debian Social Contract. Making it without voting would be like changing a country's constitution without voting. How else would you make such a change?

But beyond that, asking the general population to vote on constitutional amendments is cowardly. In the democratic countries you're presumably thinking of we elect politicians to make these decisions in a larger context, when they try to punt to the general population that's like if your taxi driver decides eh, I'll take your money but you'll need to actually do the driving. If they aren't going to do the job, what are we paying them for?

In some countries, when inevitably a party, which wouldn't win pair-wise elections with most of other parties, wins the elections nonetheless and forms a government, they proceed to make fundamental changes to the governance structures of the country, which the population does not support. That's not an edge-case of representational democracy, it's its MO.

If I were a Debian Developer, I would like a vote in such fundamental topics, instead of needing to rely on someone somewhere representing me. This change is different than a change of say optimisation flags used when compiling Firefox. Bear in mind that there are distributions which aren't as democratic as Debian. So to use your argument: if a member doesn't like this structure, they may leave for another distro.

I hope the installer settles out into making these distinctions and informing users of the compromises being made. When I stick a Debian installer into a machine that requires non-free firmware to work, my intent is pretty clear. But that doesn't apply to someone just starting out.

I feel like that's a completely reasonable viewpoint to have. For example, MS Pluton bothers me 100x more than my car keys having nonfree, locked firmware. In an ideal world, both of them are open. But in the meantime I'd be content with not having desktop CPU's be controlled and monitored remotely by their manufacturers instead of their owner.

Also, if there are two driver implementations, as is often the case for GPUs, which will be preferred?

An annoying number of Debian installs fail on laptops because the wifi needs firmware and people expect it to work. You can choose to enable non-free after install, but the installer doesn't have that as a direct option.

Prior to this, an alternative installer was available that had the firmware in it... but it was not well-publicized, and was not the default or even available from the same page as the default.

If you install with non-free firmware, it will continue to be installed afterwards.

According to the Debian wiki description of this option[1]: "Where non-free firmware is found to be necessary, the target system will also be configured to use the non-free-firmware component by default in the apt sources.list file."

> The software that is not needed for basic functionality will not be installed permanently, right?

I'm not sure I understand you right. Unless the software is needed, the installer won't load it. And I'm not sure what you mean by "basic functionality" here, but the way I read the Debian pages it's about loading everything needed for the hardware to be fully-operational (or as close to it as is possible).

[1]: <https://www.debian.org/vote/2022/vote_003#texte>

Open source Developers should be support more open hardware not worried about supporting the latest closed dodgy firmware

A firmware free wifi usb costs 10$ on ebay or ali express

Is there anything newer than 802.11n that can run without firmware?

Also, I'm not sure ordering a random USB device off eBay is a good solution for the security paranoid.

If at every point we just cede, there will never be one

Big company need not worry, Debian will now test, maintain and support your closed firmware, making it easy for everyone to use, but working for them for free

And especially because recycling is hard all hardware should be as open and interoperable as possible for us to avoid keep throwing working computer parts in the trash

What Debian really expects are DEB packages placed on the drive, not raw firmware files. Finding which package you need (the installer only tells you the raw firmware files, not the package containing them) and obtaining them is not straightforward - there is a web UI to browse packages and download files but navigating those requires existing domain knowledge of Debian and Linux in general. It is not a straightforward web form "want a package? enter package name and architecture and we'll give you the download link".

I now know from memory which firmware packages my systems need and the requirements for the USB stick and how to navigate the web UIs to download packages, but the first time probably wasted an hour of my time searching around before piecing all the various (and sometimes contradictory) resources out there into a coherent solution that worked.

All _firmware_ in the Debian repos refers to stuff that does not run in the main CPU but on the CPU embedded in various peripherals.

Binary kernel modules such as the Nvidia driver are not generally considered firmware and are not covered by this vote as I understand it.

Personally, this distinction doesn't make that much sense, if the firmware is opaque in both instances, eliminating (or vastly reducing) onboard storage seems like a cost reduction step that benefits the manufacturer and the user. [1] A more important distinction to me is if the interface documentation and drivers are open or closed.

[1] unless the device class is one that could be a boot time device, except that firmware loading would be required --- it's hard to pxe boot from a network card if it doesn't function without a firmware upload, and that's not good for users who may want to pxe boot at some point

Some hardware doesn't run at all without the non-free blobs, making the computer useless or not up to today's expectations. You can argue that these non-free blobs are unfortunately essential. Emacs' documentation is not.

I'm not saying anything about the decision at hand, but those things are not comparable. Not even relatable.

It's just that the installer, which also probably remains unchanged, will come with these additional deb packages available on the installation media. But those will still belong to non-free.

To be honest, this is the installation media I already download, so I'm not stuck if whatever computer I'm installing requires a non-free blob to function.

That this installation media becomes the default? I don't know what to think. I'm torn. I guess most people were downloading this "unofficial" installer, or the official installer and were downloading non-free firmware packages separately. These packages won't be touched by the installer if you don't want to, and I'm pretty sure the installer will warn/ask you. I can see why people could be upset anyway, I'm not. It's a hard decision to make. I think it's fine as long as the user is warned and can choose not to install and run non-free blobs.

Having said that, I don't think that having firmware blobs in the installer should be Debian's hill to die on, and I'm glad they decided to acquiesce to practical necessity. Between wireless NICs and graphics devices, it's just too blasted difficult these days to install a FOSS operating system without binary blobs - good, bad, or ugly, it is what it is, and I respect their ability to recognize when something simply cannot be changed [at this time].

Keep picking your battles, Debian crew - keep fighting the good fight.

Getting the non-free firmware iso in case your hardware needed it was never difficult.