removing non-free from sources after installing iwlwifi

Getting your soundcard to work, using Debian on non-i386 hardware, etc

removing non-free from sources after installing iwlwifi

Postby weeha22 » 2017-11-30 19:53

Hello Debian Community!
I wanted to have a very secure PC for online banking etc. So I installed stable Debian, and only wanted to use stable main as source. But my wifi card needed the firmware-iwlwifi package so I had to add non-free, which I heard is not as secure like main is. Can I remove the non-free entry now, that the wifi works and my pc will be fine, or will I be missing out on updates for the wifi module? Did the firmware-iwlwifi package recieve any updates in the past, or are updates for it likely in the future?
Greetings,
weeha22
weeha22
 
Posts: 2
Joined: 2017-11-30 19:41

Re: removing non-free from sources after installing iwlwifi

Postby Head_on_a_Stick » 2017-11-30 20:13

weeha22 wrote:Did the firmware-iwlwifi package recieve any updates in the past

Changelog here:

http://metadata.ftp-master.debian.org/c ... _changelog
"Only the mediocre are always at their best." — Jean Giraudoux
User avatar
Head_on_a_Stick
 
Posts: 6804
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: removing non-free from sources after installing iwlwifi

Postby bw123 » 2017-11-30 22:52

weeha22 wrote:Hello Debian Community!


How's it going?

...my wifi card needed the firmware-iwlwifi package so I had to add non-free, which I heard is not as secure like main is.


I never heard of a security risk from having non-free repo enabled. I don't use it, but that's just to save a little time, space and bandwidth. You can remove it and add it later if you want to check for a newer version.

The one or two packages out of there I use have been updated once or twice in the last several years. I use packages.debian.org to check now and then, usually when a kernel is updated.
User avatar
bw123
 
Posts: 2474
Joined: 2011-05-09 06:02
Location: TN_USA

Re: removing non-free from sources after installing iwlwifi

Postby RU55EL » 2017-11-30 23:07

weeha22 wrote:[...]But my wifi card needed the firmware-iwlwifi package so I had to add non-free, which I heard is not as secure like main is.[...]


I have not heard that non-free is not as secure as main.

weeha22 wrote:Can I remove the non-free entry now, that the wifi works and my pc will be fine, or will I be missing out on updates for the wifi module? Did the firmware-iwlwifi package recieve any updates in the past, or are updates for it likely in the future?
[...]


Removing non-free from your sources.list file after installing non-free software is less secure. You want your operating system to be up to date, including non-free software. As Head on a stick pointed out, there have been updates in the past, and I'm sure there will be updates in the future. Updates that you want in order to keep your computer as secure as possible.
User avatar
RU55EL
 
Posts: 336
Joined: 2014-04-07 03:42
Location: /home/russel

Re: removing non-free from sources after installing iwlwifi

Postby weeha22 » 2017-11-30 23:29

What I heard was, main is more secure, because there are a lot of people out there looking over the code and veryfing it. And non-free packages are more likely to have security loop holes, because there is no public source code available, which can be checked by the community's experts. But after your answers I will let non-free in my sources. Thank you all very much for your answers. :)
weeha22
 
Posts: 2
Joined: 2017-11-30 19:41

Re: removing non-free from sources after installing iwlwifi

Postby 4D696B65 » 2017-11-30 23:34

weeha22 wrote: And non-free packages are more likely to have security loop holes, because there is no public source code available, which can be checked by the community's experts.

non-free does not necessarily mean no source code. It is a licence issue.
User avatar
4D696B65
 
Posts: 2046
Joined: 2009-06-28 06:09

Re: removing non-free from sources after installing iwlwifi

Postby Bulkley » 2017-12-01 00:42

weeha22 wrote:Can I remove the non-free entry now, that the wifi works and my pc will be fine, or will I be missing out on updates for the wifi module?

This is how I handle it.
Code: Select all
deb http://ftp.debian.org/debian/ stretch  main #contrib #non-free


Note the # which stop apt from using it. There is no need to keep contrib and non-free active all the time. If you are worried about security you can periodically remove the hash marks.

Edited to add: Out of curiosity I did my routine apt update && apt upgrade bringing in several security updates. Then I removed the # marks from my sources.list and did another apt update && apt upgrade. There were no updates at all for either contrib or non-free.
Bulkley
 
Posts: 5368
Joined: 2006-02-11 18:35

Re: removing non-free from sources after installing iwlwifi

Postby shep » 2017-12-01 13:25

weeha22 wrote:ie: removing non-free from sources after installing iwlwifi
What I heard was, main is more secure, because there are a lot of people out there looking over the code and veryfing it. And non-free packages are more likely to have security loop holes, because there is no public source code available, which can be checked by the community's experts. But after your answers I will let non-free in my sources. Thank you all very much for your answers.


A couple of quick comments:

The only wireless firmware that is freely licensed is atheros.

If security and audited code are important then it should guide your purchase decisions. The money you spend can be considered a vote.

If you do not trust Debian's package management framework to install non-free firmware, it is possible to manually install firmware. Just download it from a trusted site and copy it to /lib/firmware. You may need to rename it.
shep
 
Posts: 137
Joined: 2011-03-15 15:22

Re: removing non-free from sources after installing iwlwifi

Postby RU55EL » 2017-12-01 20:58

Bulkley wrote:
weeha22 wrote:Can I remove the non-free entry now, that the wifi works and my pc will be fine, or will I be missing out on updates for the wifi module?

This is how I handle it.
Code: Select all
deb http://ftp.debian.org/debian/ stretch  main #contrib #non-free


Note the # which stop apt from using it. There is no need to keep contrib and non-free active all the time. If you are worried about security you can periodically remove the hash marks.[...]


Just wondering.

Won't the # in front of contrib render everything else after it in the same line commented out? Or do "contrib" and "non-free" in the same line each need to be commented out separately?
User avatar
RU55EL
 
Posts: 336
Joined: 2014-04-07 03:42
Location: /home/russel

Re: removing non-free from sources after installing iwlwifi

Postby ruffwoof » 2017-12-02 07:34

RU55EL wrote:Won't the # in front of contrib render everything else after it in the same line commented out? Or do "contrib" and "non-free" in the same line each need to be commented out separately?

Code: Select all
man sources.list

Empty lines are ignored, and a # character anywhere on a line marks the remainder of that line as a comment.
Debian oldstable, twm, yad, stalonetray
Acer Aspire M3201 (2GB), AMD Phenom X4
ruffwoof
 
Posts: 216
Joined: 2016-08-20 21:00

Re: removing non-free from sources after installing iwlwifi

Postby RU55EL » 2017-12-02 16:16

OK, to be clear,

Code: Select all
    deb http://ftp.debian.org/debian/ stretch  main contrib #non-free

would disable non-free and

Code: Select all
    deb http://ftp.debian.org/debian/ stretch  main #contrib non-free

would disable contrib and non-free, by changing the position of the #

Thank you for the clarification. (Which I should have read from the man page myself!)
User avatar
RU55EL
 
Posts: 336
Joined: 2014-04-07 03:42
Location: /home/russel

Re: removing non-free from sources after installing iwlwifi

Postby Bulkley » 2017-12-02 16:53

RU55EL wrote:Just wondering.

Won't the # in front of contrib render everything else after it in the same line commented out? Or do "contrib" and "non-free" in the same line each need to be commented out separately?


I was wondering who would notice that. It was simply history. A long time ago, after installing my necessary hardware blobs, I put a # in front of non-free. About a year ago I discovered that I had very few contrib packages and proceeded to put a # in front of that also, not bothering to remove the other.
Bulkley
 
Posts: 5368
Joined: 2006-02-11 18:35


Return to Hardware

Who is online

Users browsing this forum: No registered users and 9 guests

fashionable
cron