Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

removing non-free from sources after installing iwlwifi

Need help with peripherals or devices?
Post Reply
Message
Author
weeha22
Posts: 2
Joined: 2017-11-30 19:41

removing non-free from sources after installing iwlwifi

#1 Post by weeha22 »

Hello Debian Community!
I wanted to have a very secure PC for online banking etc. So I installed stable Debian, and only wanted to use stable main as source. But my wifi card needed the firmware-iwlwifi package so I had to add non-free, which I heard is not as secure like main is. Can I remove the non-free entry now, that the wifi works and my pc will be fine, or will I be missing out on updates for the wifi module? Did the firmware-iwlwifi package recieve any updates in the past, or are updates for it likely in the future?
Greetings,
weeha22

User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 132 times

Re: removing non-free from sources after installing iwlwifi

#2 Post by Head_on_a_Stick »

weeha22 wrote:Did the firmware-iwlwifi package recieve any updates in the past
Changelog here:

http://metadata.ftp-master.debian.org/c ... _changelog
deadbang

User avatar
bw123
Posts: 4015
Joined: 2011-05-09 06:02
Has thanked: 1 time
Been thanked: 28 times

Re: removing non-free from sources after installing iwlwifi

#3 Post by bw123 »

weeha22 wrote:Hello Debian Community!
How's it going?
...my wifi card needed the firmware-iwlwifi package so I had to add non-free, which I heard is not as secure like main is.
I never heard of a security risk from having non-free repo enabled. I don't use it, but that's just to save a little time, space and bandwidth. You can remove it and add it later if you want to check for a newer version.

The one or two packages out of there I use have been updated once or twice in the last several years. I use packages.debian.org to check now and then, usually when a kernel is updated.
resigned by AI ChatGPT

User avatar
RU55EL
Posts: 546
Joined: 2014-04-07 03:42
Location: /home/russel

Re: removing non-free from sources after installing iwlwifi

#4 Post by RU55EL »

weeha22 wrote:[...]But my wifi card needed the firmware-iwlwifi package so I had to add non-free, which I heard is not as secure like main is.[...]
I have not heard that non-free is not as secure as main.
weeha22 wrote:Can I remove the non-free entry now, that the wifi works and my pc will be fine, or will I be missing out on updates for the wifi module? Did the firmware-iwlwifi package recieve any updates in the past, or are updates for it likely in the future?
[...]
Removing non-free from your sources.list file after installing non-free software is less secure. You want your operating system to be up to date, including non-free software. As Head on a stick pointed out, there have been updates in the past, and I'm sure there will be updates in the future. Updates that you want in order to keep your computer as secure as possible.

weeha22
Posts: 2
Joined: 2017-11-30 19:41

Re: removing non-free from sources after installing iwlwifi

#5 Post by weeha22 »

What I heard was, main is more secure, because there are a lot of people out there looking over the code and veryfing it. And non-free packages are more likely to have security loop holes, because there is no public source code available, which can be checked by the community's experts. But after your answers I will let non-free in my sources. Thank you all very much for your answers. :)

User avatar
4D696B65
Site admin
Site admin
Posts: 2696
Joined: 2009-06-28 06:09
Been thanked: 85 times

Re: removing non-free from sources after installing iwlwifi

#6 Post by 4D696B65 »

weeha22 wrote: And non-free packages are more likely to have security loop holes, because there is no public source code available, which can be checked by the community's experts.
non-free does not necessarily mean no source code. It is a licence issue.

Bulkley
Posts: 6383
Joined: 2006-02-11 18:35
Has thanked: 2 times
Been thanked: 39 times

Re: removing non-free from sources after installing iwlwifi

#7 Post by Bulkley »

weeha22 wrote:Can I remove the non-free entry now, that the wifi works and my pc will be fine, or will I be missing out on updates for the wifi module?
This is how I handle it.

Code: Select all

deb http://ftp.debian.org/debian/ stretch  main #contrib #non-free
Note the # which stop apt from using it. There is no need to keep contrib and non-free active all the time. If you are worried about security you can periodically remove the hash marks.

Edited to add: Out of curiosity I did my routine apt update && apt upgrade bringing in several security updates. Then I removed the # marks from my sources.list and did another apt update && apt upgrade. There were no updates at all for either contrib or non-free.

shep
Posts: 423
Joined: 2011-03-15 15:22

Re: removing non-free from sources after installing iwlwifi

#8 Post by shep »

weeha22 wrote:ie: removing non-free from sources after installing iwlwifi
What I heard was, main is more secure, because there are a lot of people out there looking over the code and veryfing it. And non-free packages are more likely to have security loop holes, because there is no public source code available, which can be checked by the community's experts. But after your answers I will let non-free in my sources. Thank you all very much for your answers.
A couple of quick comments:

The only wireless firmware that is freely licensed is atheros.

If security and audited code are important then it should guide your purchase decisions. The money you spend can be considered a vote.

If you do not trust Debian's package management framework to install non-free firmware, it is possible to manually install firmware. Just download it from a trusted site and copy it to /lib/firmware. You may need to rename it.

User avatar
RU55EL
Posts: 546
Joined: 2014-04-07 03:42
Location: /home/russel

Re: removing non-free from sources after installing iwlwifi

#9 Post by RU55EL »

Bulkley wrote:
weeha22 wrote:Can I remove the non-free entry now, that the wifi works and my pc will be fine, or will I be missing out on updates for the wifi module?
This is how I handle it.

Code: Select all

deb http://ftp.debian.org/debian/ stretch  main #contrib #non-free
Note the # which stop apt from using it. There is no need to keep contrib and non-free active all the time. If you are worried about security you can periodically remove the hash marks.[...]
Just wondering.

Won't the # in front of contrib render everything else after it in the same line commented out? Or do "contrib" and "non-free" in the same line each need to be commented out separately?

ruffwoof
Posts: 298
Joined: 2016-08-20 21:00

Re: removing non-free from sources after installing iwlwifi

#10 Post by ruffwoof »

RU55EL wrote:Won't the # in front of contrib render everything else after it in the same line commented out? Or do "contrib" and "non-free" in the same line each need to be commented out separately?

Code: Select all

man sources.list
Empty lines are ignored, and a # character anywhere on a line marks the remainder of that line as a comment.

User avatar
RU55EL
Posts: 546
Joined: 2014-04-07 03:42
Location: /home/russel

Re: removing non-free from sources after installing iwlwifi

#11 Post by RU55EL »

OK, to be clear,

Code: Select all

    deb http://ftp.debian.org/debian/ stretch  main contrib #non-free
would disable non-free and

Code: Select all

    deb http://ftp.debian.org/debian/ stretch  main #contrib non-free
would disable contrib and non-free, by changing the position of the #

Thank you for the clarification. (Which I should have read from the man page myself!)

Bulkley
Posts: 6383
Joined: 2006-02-11 18:35
Has thanked: 2 times
Been thanked: 39 times

Re: removing non-free from sources after installing iwlwifi

#12 Post by Bulkley »

RU55EL wrote:Just wondering.

Won't the # in front of contrib render everything else after it in the same line commented out? Or do "contrib" and "non-free" in the same line each need to be commented out separately?
I was wondering who would notice that. It was simply history. A long time ago, after installing my necessary hardware blobs, I put a # in front of non-free. About a year ago I discovered that I had very few contrib packages and proceeded to put a # in front of that also, not bothering to remove the other.

Post Reply