Now, I wonder what GNUers have to say. The code appears Open and Free. Why should it be excluded from the libre-kernel?
I pass this question to the libre-supporter, figos.
the vast majority of free software contributions probably have a small handful (less than 20, often less than 10) prolific contributors, this goes for several distros we know as well as other things-- the number of regular contributors to fig and fig os is one. which is fine, since its meant to put an individual in more control of it.
the truth of free software is that the user is free to make themselves a developer, if all software were free than all users are free to make themselves devlopers of it.
no one is obligated to distribute it, though. no one is obligated to include it. fig will work on basically any distro that has python 2-- only fig os and refracta actually include it.
no one is obligated to include nsa code either. everyone is free to remove it, if its free software than everyone is free to include it.
whether to include or not comes down to the freedom of each person with access to the kernel source. the question "Why should it be excluded from the libre-kernel?" doesnt make a lot of sense to me, it assumes or requires things about the libre-kernel that are hypothetical.
the libre-kernel isnt a curated assortment of modules chosen to distinguish itself from the vanilla kernel, it is simply derived by removing binary blobs from other kernels. arch has a kernel, when the blobs are removed it becomes the kernel for parabola. debian has a blob-free kernel, but something ridiculous about error messages that linux-libre "fixes" and then it becomes the gnewsense kernel. same for ubuntu and trisquel, basically.
so the decision whether to include modules that suck security-wise is generally made not in linux-libre-land but wherever the source kernel is from:
linus makes the vanilla kernel decisions, canonical makes the ubuntu kernel decisions, arch makes their own decisions, which you follow more closely than i do, etc.
linux-libre lets this get handled upstream. so do most people, because most people do not compile their own kernels.
please note, that free software was never ever designed around having people other than the gnu project make good design decisions for you-- and linux is not a gnu project kernel. linux-libre doesnt make these sorts of decisions about the kernels it derives from the linux kernel-- theyre made upstream.
the point of free software is to let you make those decisions. if youre unhappy with the security decisions of the kernel, free software has only one thing to say about this: why arent you building it yourself?
also, blacklisting a module ought to be 100% effective in stopping it from loading, but im not an expert there. removing it is better, for reasons already mentioned. its literally just a crappy encryption model, i dont think having it on the system is worse than having sha1sum installed. anybody can install a script that uses sha1sum and relying on it (or speck) would probably be foolish. but if you arent using it, you should be alright.
note i still think removing it is better, but its not like a virus, its not-- as far as i know-- going to actually do anything for software that isnt designed to use it.
theres far too much obsession with authority and gatekeepers about this, when the whole point of software freedom is to say first and foremost: if you dont like it, just remove it!
thats really all there is to it. systemd is designed to be difficult to remove, thats a different issue. this not hard to remove. patch and compile it.
theres no philosophical way to resolve freedom with other people taking care of this for you reliably. freedom means you dont have to shoot yourself in the foot. freedom means you can shoot yourself in the foot.
its your foot, your business whether you shoot it or not. dont expect someone to circle vulture-like around you and smack the gun out of your hand when you point it at your foot. no one has that job.
this is the kernel of linus torvalds. you can "make it your own" but if you dont, youre trusting linus torvalds to make these decisions for you, at least until someone exercises their freedom to clean up after him.
thats your choice to make. if you dont trust torvalds 100%, neither do i. hes probably going to hand over linux development to greg kh someday, thats a far more problematic issue than this.
its torvalds who has the philosophy that kernel changes should never break userspace. greg kh doesnt have that philosophy. so red hat might try to make the kernel changes more tightly coupled with other software in the future.
this is just a stupid module. remove it yourself or use a derivative kernel that doesnt include it, if you want to. thats all software freedom / libre has to say about this matter, though sometimes the fsf talks about threats to privacy. theyre not usually speedy about it, like it was never their first priority (there are privacy foundations that cover that as their first priority.)
free softwares # 1 job (actually its freedom 3) is to make it so youre free to fix this.
freedom 0 includes the freedom to use software for stupid purposes.
freedom 1 includes the freedom to study software to find out if it does stupid things.
freedom 2 includes the freedom to distribute stupid software.
freedom 3 includes the freedom to take software and make it stupider, or if you prefer to make it less stupid.
the fsf doesnt have enough resources to be the 1-stop-shop on how to address every issue that comes out of nsa-meddling, so they stop instead at having several prominent pages about privacy and the nsa, and leave it to other organisations with more directly relevant goals to cover minor details sometimes.
the reason everyone is quiet about this is that very few people have it on their radar or know about it-- even when they learn about it, they will recognise this as one of the things the nsa does all the time (try to introduce worthless standards) and then all people have to do is
DONT WRITE OR CHOOSE SOFTWARE THAT USES THIS module. and again, remove it if you want to.
the fsf cant make you free and also tell you how to use every aspect of your freedom too.
im not in love with the fsf as an organisation anyway-- more their primary cause, which is why i started an unofficial organisation that does not require fsf membership (nor funding.)
i think it complements the fsf nicely, but it doesnt compliment them all the time.
im happy to defend the fsf when someone takes a cheap shot, because cheap shots at the fsf are a favourite pastime of open source and torvalds while they shill for major corporations. theyre "cheap" shots because they have no substance but they smart, and everyone thinks theyre being defeated so its great for morale, for the morale of shills. there are some valid critiques that can be made as well, but the shills dont discriminate, truth doesnt matter to them.
This world is turning into a surreal version of 1984.
you mean brave new world. its far more like that all the time, and for quite some time now.