Re: Meltdown / Spectre

[Ludovic Courtès]

Leo Famulari <address@hidden> skribis:

> On Tue, Jan 09, 2018 at 06:10:02PM -0500, Mark H Weaver wrote:
>> Marius Bakke <address@hidden> writes:
>> > Katherine Cox-Buday <address@hidden> writes:
>> >> I am also interested -- more from a philisophical perspective -- how
>> >> GuixSD and GNU squares with these kinds of security updates.
>> >
>> > In my opinion, CPU microcode falls under "non-functional data", as
>> > expressly permitted by the GNU FSDG.
>> 
>> I strongly disagree.  CPU microcode is absolutely functional data.
>> It determines how the CPU functions.
>
> Personally I would really like to have microcode deployment integrated
> into GuixSD. But I agree with Mark here, and I don't see how it can be
> reconciled with the FSDG.

Agreed.  Updated microcode can surely be considered software, and per
the FSDG we will not distribute it.

Should GuixSD nevertheless provide a mechanism to support microcode
updates, while not steering users to particular proprietary microcode?
Just like Linux-libre (attempts to) support loading of proprietary
firmware at the user’s choice?  Would it make sense at all?

The Intel CPU situation is terrible from a user freedom POV and there
are no signs of it getting better.  I think the free software community
must stand strong against it.

Ludo’.