Linked by Thom Holwerda on Tue 6th Jan 2009 13:48 UTC
Debian and its clones "The developers behind the Debian Linux distribution are preparing for the upcoming release of Debian 5, which is codenamed Lenny. The decision to move forward with the release follows a contentious vote over whether to permit the inclusion of binary blobs in the new version of the distribution. Consensus coalesced around a controversial proposal to "assume blobs comply with the GPL unless proven otherwise."
Order by: Score:
v Funny...
by Chris on Tue 6th Jan 2009 15:21 UTC
RE: Funny...
by lord_rob on Tue 6th Jan 2009 16:19 UTC in reply to "Funny..."
lord_rob Member since:
2005-08-06

They were asked by the Mozilla community to change the name as it's part of the Firefox license. If you build Firefox from source you have to name it otherwise. Last time I've seen Gentoo Firefox build, it was called Bon Echo (code name for beta of firefox builds). It's the same principle for Thunderbird btw.

Reply Score: 5

RE[2]: Funny...
by Delgarde on Wed 7th Jan 2009 02:44 UTC in reply to "RE: Funny..."
Delgarde Member since:
2008-08-19

They were asked by the Mozilla community to change the name as it's part of the Firefox license. If you build Firefox from source you have to name it otherwise.


More specifically, I think, you can only use the Firefox branding if you're shipping a browser built from unmodified upstream source code. Being open-source, you can change the code as much as you like - but as soon as you do, you can't call it Firefox anymore.

It's a matter of maintaining a brand image - if some distro-specific patch causes a problem like the OpenSSL fiasco last year, the policy ensures it's not a problem that will harm the Firefox brand itself.

Reply Score: 2

RE[3]: Funny...
by da_Chicken on Wed 7th Jan 2009 09:54 UTC in reply to "RE[2]: Funny..."
da_Chicken Member since:
2006-01-01

More specifically, I think, you can only use the Firefox branding if you're shipping a browser built from unmodified upstream source code. Being open-source, you can change the code as much as you like - but as soon as you do, you can't call it Firefox anymore.

Debian and Ubuntu added the same patches to their Firefox builds but Mozilla allowed only Ubuntu to call their package "Firefox". That's because Ubuntu agreed to distribute the web browser with the original non-free Firefox artwork (icons and logos). So the actual disagreement between Mozilla and Debian was finally about distributing the Firefox icons and logos that have a restrictive copyright. Mozilla people said: If you don't ship Firefox with the original artwork, you don't get to call it "Firefox". So Debian calls it Iceweasel.

Wikipedia has a page about this controversy.
http://en.wikipedia.org/wiki/Mozilla_Corporation_software_rebranded...

It's a matter of maintaining a brand image - if some distro-specific patch causes a problem like the OpenSSL fiasco last year, the policy ensures it's not a problem that will harm the Firefox brand itself.

Again, you should compare Debian to Ubuntu to get a clearer picture. Ubuntu had the exact same OpenSSL problem and still they are allowed to call their patched build of Mozilla's web browser "Firefox".

Reply Score: 2

Aren't they all from source???
by garf on Tue 6th Jan 2009 21:39 UTC
garf
Member since:
2009-01-02

I thought all linux firefox's were compiled from source. Because they customise it to have the distributors name in the user agent, and turn off firefox's automatic updates, in favor of the repository updates.

I don't think it is the compiling of source that was the problem for debian, more the fact that Mozilla told them if they used the name firefox, they had to use the firefox logo, which was NOT GPL licenced... So if debian wanted to use an open logo, they had to name it something different.

Thats my understanding...

Reply Score: 1

RE: Aren't they all from source???
by xnoreq on Tue 6th Jan 2009 22:08 UTC in reply to "Aren't they all from source???"
xnoreq Member since:
2009-01-06

The real problem is that the Firefox name and icon should only be used for builds from Mozilla's officially released source code, but since the .debs are containing lots of patches Mozilla asked the debian folks to change the name/icon

So Mozilla just tries to protect the image of their product.

Reply Score: 1

Comment by moleskine
by moleskine on Tue 6th Jan 2009 23:34 UTC
moleskine
Member since:
2005-11-05

I suppose it's a bit of a reflection on Debian's fallen status that so few folks beyond the hardcore have even noticed that a new iteration of Debian is imminent. Time was when such an event would have been eagerly anticipated and discussed all over the place. Lenny is already a few months overdue and so far this has rated barely a mention in the usual places. In fact the by-now traditional Debian pre-release argument, complete with accusations of malpractice and skulduggery, almost seems more newsworthy than Lenny itself. Remember Dunktank, I think it was?

The Ars Technica piece talks about pragmatism. So I suppose the question with binary blobs is whether they can be removed without a loss of functionality. If the answer is yes, then I'd guess most folks wouldn't mind. But if the answer is no, as it appears to be (though this may not be true), then things are a lot more problematic. I'd guess that most users are pragmatists, so if a distro is too purist then it risks losing a chunk of its users to another, more pragmatic outfit whose non-free, blobby code offers better functionality. I'd guess there is no easy, cut-and-dried answer to this question. The compromise position, I suppose, is the non-free, non-OSS repositories that most distros now run. The trouble with these is that they make it that little bit harder for some new users to sort out their installs and so probably restrict the appeal of moving away from the Dark Side.

But even so it looks as if the pragmatists are winning this argument, not just in Debian but in F/OSS more generally. I've no strong feelings either way, just looking at how the wind blows.

Reply Score: 3

RE: Comment by moleskine
by UltraZelda64 on Wed 7th Jan 2009 00:43 UTC in reply to "Comment by moleskine"
UltraZelda64 Member since:
2006-12-05

I suppose it's a bit of a reflection on Debian's fallen status that so few folks beyond the hardcore have even noticed that a new iteration of Debian is imminent. Time was when such an event would have been eagerly anticipated and discussed all over the place.

I'm quite eagerly anticipating it myself, although because I'm relatively new to Linux I wouldn't be able to tell how Debian's popularity (in terms of anticipation and discussion) have changed over the years. I've only become interested in Linux since around 2004; by 2006 I was using it as my main and only OS. My first encounter was around 2000 with Red Hat Desktop (8 or 9--can't remember), and it was a disaster (that was back before I even know what a "distribution" was).

I thank Microsoft's repeated attempts at killing Windows XP and forcing Vista down our throats (ie. new computer required in my case... big time) for my renewed interest in Linux; and DistroWatch, Wikipedia, Google, Slashdot, and OSNews for the info I needed to make the switch. ;)

Edited 2009-01-07 00:44 UTC

Reply Score: 1

RE: Comment by moleskine
by stabbyjones on Wed 7th Jan 2009 01:27 UTC in reply to "Comment by moleskine"
stabbyjones Member since:
2008-04-15

I don't really think it reflects a fallen status, it's just quieter. There is just a lot less whinging from Debian users. That's left to Ubuntu/Et al.

As far as the dev's go i think it's important that they're discussing these things. It's not easy to run a totally pure system unless you make sacrifices but it should remain the primary goal of Debian without question.

The biggest complaint i've had with firmware personally was iwl5100 firmware isn't in the 2.6.26 kernel lenny will be released with. To fix this i had to add sidux repos to update the kernel for a new laptop.

As far as server builds go Lenny's current RC has been a rock. Since the last installer update i haven't had an issue with new installs.

At the moment it's looking like Lenny will release close to two years after the original Etch release (April 2007 i think it was) Those who stuck with Etch have had kernel updates and some major revisions since then. I tend to find the 6 month update cycle of other distro's to border on attention whoring.

Reply Score: 2

RE[2]: Comment by moleskine
by sbergman27 on Wed 7th Jan 2009 01:35 UTC in reply to "RE: Comment by moleskine"
sbergman27 Member since:
2005-07-24

As far as the dev's go i think it's important that they're discussing these things.

Discussion is beneficial when it results in progress. But this drama was a rerun of the one that accompanied (and delayed) the last release, and the one before that. What good does it do to discuss these things over and over if the discussion doesn't result in their being any closer to a resolution? But I guess the way is now paved for the release. Until next time...

Edited 2009-01-07 01:36 UTC

Reply Score: 2

RE[3]: Comment by moleskine
by da_Chicken on Wed 7th Jan 2009 18:25 UTC in reply to "RE[2]: Comment by moleskine"
da_Chicken Member since:
2006-01-01

Discussion is beneficial when it results in progress.

I couldn't agree more. Debian developers like to gain perspective on problems by discussing them, and these discussions are beneficial exactly because they have resulted in such a great progress.

Debian has already removed from their main package archive the sourceless firmware blobs that were in Etch. That's progress.

Debian has continued to study which firmware blobs are non-free and how those can be removed from the kernel.[1][2] That's progress.

Debian has packaged some sourceless firmware and made it available to users from the non-free package archive in order to support common hardware. That's progress.

Debian-installer for Lenny has now an option to load non-free firmware from external media, if that is needed to support hardware. That's progress.

It's unfortunate that Debian couldn't solve all of these issues before Debian 5.0 had entered the pre-release freeze but I think they're still making very good progress.

[1] http://wiki.debian.org/KernelFirmwareLicensing
[2] http://womble.decadent.org.uk/blog/for-those-who-care-about-firmwar...

Reply Score: 2

RE[2]: Comment by moleskine
by moleskine on Wed 7th Jan 2009 12:20 UTC in reply to "RE: Comment by moleskine"
moleskine Member since:
2005-11-05

I don't really think it reflects a fallen status, it's just quieter. There is just a lot less whinging from Debian users. That's left to Ubuntu/Et al.

As far as the dev's go i think it's important that they're discussing these things. It's not easy to run a totally pure system unless you make sacrifices but it should remain the primary goal of Debian without question.

The biggest complaint i've had with firmware personally was iwl5100 firmware isn't in the 2.6.26 kernel lenny will be released with. To fix this i had to add sidux repos to update the kernel for a new laptop.

As far as server builds go Lenny's current RC has been a rock. Since the last installer update i haven't had an issue with new installs.

At the moment it's looking like Lenny will release close to two years after the original Etch release (April 2007 i think it was) Those who stuck with Etch have had kernel updates and some major revisions since then. I tend to find the 6 month update cycle of other distro's to border on attention whoring.


Yes that's a good one, about less whingeing. FWIW, I've just moved to SuSE after several years on Debian. The reason is that getting Lenny out the door seems to have caused a bit of a logjam in Unstable and Testing over the past few months, with the result that their software is getting a bit old and clunky for me. When Lenny is out and the river is flowing again, I'll probably move back. The one thing I notice, on trying another distro, is how far Debian has "defence in depth". It isn't just the number of available packages, it's that so many things have helper-scripts and useful little ideas attached to them. If you're prepared to spend some time learning the Debian Way, this really does make life creamy-smooth.

That's an interesting point about release cycles. I tried SuSE 11.0 about six months ago and it was too buggy and unpolished for me. Six months later, and 11.1 has really benefited from the extra attention. It's the best SuSE I've used for several years, Maybe releasing once a year rather than once every six months should become the norm for all distros. I suspect that even the blowhards must have had enough of "It's new! It's shiny! And, er, it doesn't work very well."

Reply Score: 2

RE[3]: Comment by moleskine
by stabbyjones on Thu 8th Jan 2009 23:38 UTC in reply to "RE[2]: Comment by moleskine"
stabbyjones Member since:
2008-04-15

I had the same experience with suse 11.0 it's good to hear it's gotten better, i may have to check it out again next time i'm bored. I tried it last time to see what kde4 was like what version is 11.1 using now?

I have moved a few systems to sidux to get away from that log jam, the most difficult part about debian releases is when it goes into freeze.

To fix this you add the sidux repo's to your sources list and enable them when you're looking for newer packages you'll save yourself a reinstall later.

If you followed ubuntu 8.04 packages and lenny/sid packages at the start of the year, you'd find that there is never much difference between versions. it's when lenny went into freeze and 8.10 was coming that differences started to occur.

'release' every 6 months or not you'll find that most distro's are using the same thing unless they're in release/bugfix mode. which is why i find the 6 month cycle annoying. it's more of a marketing idea that gives the distro some air time.

Reply Score: 1

Not really blobs, just BLOBs
by mirabilos on Wed 7th Jan 2009 12:04 UTC
mirabilos
Member since:
2008-03-18

Note that firmware is not a blob in the meaning of
the „Stop Blob“ campaign (the original definition
of BLOB is Binary Large OBject and stems from the
database realm, per which audio, imagery, etc. are
BLOBs too). The criterium not matched is: runs on
the (host system) CPU. Firmware runs directly on
peripheral hardware and has no chance to access
the main system/kernel, and as such, it shall be
considered part of the hardware.

/me still wonders why vendors choose to save these
few eurocents worth of Flash-EPROM where such firm-
ware is ordinarily stored, just to go through all
this hassle…

Reply Score: 2

RE: Not really blobs, just BLOBs
by hyriand on Wed 7th Jan 2009 12:20 UTC in reply to "Not really blobs, just BLOBs"
hyriand Member since:
2006-04-03

/OT: That's to make it easier for manufacturers to provide updated firmware by releasing a new driver version.

Flashing the eprom every time the driver loads or when it's updated is tedious and error prone.

Reply Score: 2

RE: Not really blobs, just BLOBs
by timl on Sat 10th Jan 2009 13:49 UTC in reply to "Not really blobs, just BLOBs"
timl Member since:
2005-12-06

Firmware runs directly on
peripheral hardware and has no chance to access
the main system/kernel, and as such, it shall be
considered part of the hardware.

While I agree that by and large firmware should be considered as part of the hardware, I'm not convinced firmware cannot access the main system. If I understand correctly, Bus Master DMA is a feature of PCI (and newer) buses that allow devices to directly access main memory on their own accord. A buggy or malicious firmware in the device could theoretically overwrite kernel code, and so crash or hack the system. While this may not be a huge concern to the average user, I can understand people with big security concerns viewing this as a problem.

For completeness, I think that IOMMUs in modern systems can mitigate or prevent this kind of problem, just like the MMU gave us memory protection between processes. I'm not entirely sure on this though, nor how well the memory *protection* side of IOMMUs is used in current OSes. Anyone care to comment on that?

/me still wonders why vendors choose to save these
few eurocents worth of Flash-EPROM where such firm-
ware is ordinarily stored, just to go through all
this hassle…


1. For big volumes, those few cents really do add up. And it's not only the cost of the chip itself, but also the bigger circuit board and the time required for programming the chip.

2. A firmware update now just becomes a driver update, which for the average user is handled semi-automatically, instead of a more complicated and risky procedure of flashing a chip. Apart from the merits this has in itself (no customers whining they broke their device because the flashing went wrong), you can also get away with releasing initial firmware early on, and therefore having the device on the market earlier. You just patch up the firmware later, like (unfortunately) has become commonplace with other software as well. Especially in the consumer market, being the first to offer a certain device is a huge plus for a manufacturer!

Reply Score: 1