If the choice was
- regular updates of proprietary firmware that has RAM access
- no updates of proprietary firmware that has NO RAM access
I’d always choose the latter.
It is misleading to say that a lack of updates via OS mechanisms is a lack of freedom. You are free to update the components, although it might be inconvenient.
It’s the case already for the coreboot update script.
Besides, Purism is in discussion with the FSF about this.
Sandboxing
- The Librem 5 has a HSM (smart card), there are plans for secure boot.
- Wayland provides some isolation that Xorg doesn’t have.
- Flatpak (PureOS Store) provides sandboxing.
A lot of the criticism has no base.
The rest can be summarized with
“OMG, they are not perfect on day one, how dare they1!1!!!11!!!”