Home

Linux-libre turned 18 recently, and I’m told there are still some people who try to pass as security experts who disapprove of the refusal to load binary blobs that claim to fix security problems.

I kind of understand the appeal of security bug fixes, but delivering them in the form of binary blobs mean that the one who accepts them has to trust them blindly and to give up any pretense of security from the vendor, and that seems to be a problem that many pretense security conscious minds seem to disregard, for whatever reason

They disregard the risk from the vendor because you are already using their hardware. The hardware has firmware already included which is proprietary, the hardware itself is proprietary, and hardware effectively runs as root anyways. You should already trust your hardware or you shouldn’t be using it. Linux-libre is a purity test, that is it. It is security theater which actually, definitely, really makes you vulnerable without doing anything meaningful. The only time it makes any sense is if you only use open source hardware.