Does anyone know why fwupd/LVFS uses a separate repository to download from instead of downloading from a distro's repos like we already do for all packages?
Announcement
Collapse
No announcement yet.
Lenovo To Make Their BIOS/UEFI Updates Easier For Linux Users Via LVFS
Collapse
X
-
Originally posted by aaahaaap View PostDoes anyone know why fwupd/LVFS uses a separate repository to download from instead of downloading from a distro's repos like we already do for all packages?
There is little reason to have it go through the usual packaging and testing and QA of each distro.Last edited by starshipeleven; 06 August 2018, 10:34 AM.
- Likes 5
Comment
-
Originally posted by shmerl View PostAre they even trustworthy? They injected spyware / malware in their UEFI blobs in the past. Their hardware is nice, but their firmware is trash.
It seems they learned the lesson about injecting questionable applications as windows payloads in their UEFI, afaik it didn't happen again.Last edited by starshipeleven; 06 August 2018, 11:40 AM.
Comment
-
Originally posted by starshipeleven View PostIt seems they learned the lesson about injecting questionable applications as windows payloads in their UEFI, afaik it didn't happen again.
- Likes 1
Comment
-
Originally posted by shmerl View PostAnd you are willing to trust them on that?
Let's have a look again at what they actually did, using a somewhat biased article https://www.makeuseof.com/tag/securi...-avoid-lenovo/
1. crappy bloatware program on windows that tracks users somehow, every other OEM has one, this was probably more sloppy than average.
1a. it was using a standard Windows/UEFI feature to reinstall it on boot. Hilarious that someone designed such features to begin with, but Linux does not support that crap anyway.
2. crappy bloatware program on windows is coded like shit to do what it is supposed to do and makes the PC more vulnerable. Not "malware" per-se, it's just written by monkeys.
3. more crappy bloatware programs on Windows tracking the user
4. A new and improved crappy bloatware Windows program with privilege escalation vulnerabilities.
For linux all four are completely irrelevant, so if we are talking of Linux it's a "case closed" right here.
For Windows, considering that HP and other consumer brands like Asus and Acer fill your PC to the brim with bullshit programmed by monkeys and user trackers anyway, I don't see that as particularly bad either.
It's garden variety bloatware that can be uninstalled in a couple clicks, and for sure won't survive a Windows reinstall (which is what most people recommend whenever you buy a new PC, strangely)
The only thing that actually was annoying is 1. as it was being reinstalled on reboot, but they were quick enough to react and have never done that again, so I guess they learned the lesson.
For the sake of pointing out that the article I cited is rigged, I'll also point out that the issue they point out about lenovo hardware (hinges on a low-end model suck), that is so fucking common on low end HP and Acer that I'm surprised that it's cited as a "reason to not buy lenovo". Just don't buy 500$ laptops and expect them to be sturdy, as they aren't.
- Likes 1
Comment
-
Originally posted by tpruzina-images-
But still, Lenovo is with the "better ones" there too, whatever that may mean.
And Dell actually knows its shit, they are the ones offering laptops with ME disabled with the killswitch and provide servers to the US government agencies under the supply program where they need to disable ME and all that crap after all.
- Likes 2
Comment
Comment