My server has a Realtek NIC, so I installed realtek-firmware package from Debian non-free. My question is: What could be possible (paranoid) attack / backdoor scenarios coming with the proprietary of it (e.g. could it send duplicates of all packets to another IP)?
Asked
Active
Viewed 189 times
1 Answers
1
Non-free = not open source.
It's all explained in Debian, What do you mean by Free Software?:
Note: In February 1998 a group moved to replace the term "Free Software" with "Open Source Software".
Software that is free only in the sense that you don't need to pay to use it is hardly free at all. You may be forbidden to pass it on, and you are almost certainly prevented from improving it. Software licensed at no cost is usually a weapon in a marketing campaign to promote a related product or to drive a smaller competitor out of business. There is no guarantee that it will stay free.
Debian has decided to stay extremely pure about this. Everything in the main distribution must be open source. However, most people need something that doesn't meet these requirements, so it is possible to choose to opt-in for these non-free packages.
Drivers & firmware are a good example of something an user might actually need. Some manufacturers don't want to expose the internal structure of their components to public and therefore won't provide open source firmware. Yet, a device cannot function without it.
Many devices require a firmware to operate. Historically, firmware were built-into the device's ROM or Flash memory, but more and more often, the firmware has to be loaded into the device by the driver during the device initialization.
A true open source warrior, aka a stereotypical Debian user, chooses all hardware based on open source requirements. For the rest of people that already have the hardware, using non-free firmware is inevitable.
Esa Jokinen
- 43,252
- 2
- 75
- 122