Any trace of it on pureos?


#1

what do you think?

i don’t like it, firmware update shouldn’t be managed outside the distro repository


#2

Appears to start by default with a Gnome session:
user@host:~$ ps aux | grep fwup[d]
root 2743 0.1 0.1 555484 18160 ? Ssl 01:05 0:00 /usr/lib/fwupd/fwupd

user@host:~$ systemctl | grep fwupd
fwupd.service loaded active running Firmware update daemon

Doesn’t seem to start from a fresh boot into a KDE/Plasma session, but will continue running if you start a Gnome session and log out.

Seems like a strange approach to handling firmware updates. I’ll stick with Plasma and avoid fwupd for now until I know more about it.


#3

Agree i hope will be removed from librem5 or pure os at all


#4

This would be a question for @Kyle_Rankin, or maybe Adrien who has quite a nice background with GNOME :slight_smile:


#5

Would be nice if someone could submit this here (https://tracker.pureos.net/) as a Freedom issue.

But in general, these kind of situations are to be expected from a majority of companies/people/products etc… that get easily lured by the amounts they can earn if only doing a small nasty thing… Unfortunately this is in our human blood and only those who are strong and can control themselves will succeed in getting people’s appreciation by continuing by the same principles they started the thing.

Take even Ubuntu as an example… or maybe not… maybe from the beginning they said that they will send “anonymized” data to amazon when you’ll search for stuff in your OS and maybe they said from the beginning that they will by default check a box during the OS install that would send telemetry data to their servers… if this is the case, I’m fine with them :upside_down_face:


#6

Agree, this definitely needs a fix!


#7

So I read the revised article available then I read the dev’s response and I see no cause for concern. Admittedly I am not the most knowledgeable when it comes to coding but I know a little. All info forwarded to the dev has a purpose, if you scroll down the reddit thread in sure you’ll find his comment explaining it.

While yes I could download firmware direct from the manufacturer, this daemon is a far more user friendly than that. In addition, I have serious doubts as to the validity of the concerns of an author who would post the address, phone number and other personal details in an article dedicated to privacy concerns. That material has since been taken down but it should not have been posted in the first place.

I dislike sending information to mysterious people that don’t have a clear need for it but the information sent has a purpose here.

TL:DR I trust the dev, author of original article seems sketchy and didn’t do basic research. Much bigger things are of bigger concern to me…Facebook for one


#8

Open source and free software in a privacy data business era should not be a matter of trust a dev, but to trust a technology or a system, i trust big distro repos because alot of trusted people work on it

The Os should give me the package i need without ask and hold (where, for how much time they hold it, any backups of this data or unencrypted trasmission of this data) info about me or my pc

Imho this is not what gnu linux and open philosophy should be, if someone made distro or a pseudo war against systemd i think this is even worse, because i cannot see how my privacy is respected while some data of me go around the web, this is windows not linux, options like this should be opt-in while i install the system


#9

Sorry to resurrect an old thread but I don’t get to visit the forums as much as I would like…

@eagle-I get it and in principle I stand with you but again like what was previously brought up, scanning your PC to find out the compatibility of your hardware is just a no-brainer unless you want to hunt down the drivers yourself…which but tedious as all get out.

You say that you don’t want to trust devs but you trust big distro repos because they are filled with trustworthy people, I agree but those people are devs same as this guy, I have no problem with outside sources reviewing code to make sure it complies but if this daemon makes it into mainstream distros…then by your own reasoning you should consider it safe

I am willing to change my views but you are going to have to do better than just “I dislike this”, give me proven, verifiable, and undeniable facts about what this dev has done wrong