There’s been a few blog posts from the LVFS project and the System76 team regarding firmware updates.
https://firmwaresecurity.com/2018/05/11/system76-system76-and-lvfs-what-really-happened/
The latest article is from FOSSpost.org by M.Hanny Sabbagh, which focuses on privacy issues of LVFS, from the last System76 article. While privacy issues are important, don’t forget that firmware update privacy issues exist with ALL other OSes, and LVFS team mentions transition to Linux Foundation for hosting. Most firmware updates come from OEM, so each will have their own CDN/privacy/security issues. I’m hoping the LVFS project gets picked up by the Qubes/TAILS/Subgraph/GNUHardenedLinux or some other privacy/security-centric distro, and can integrate with latest security and privacy techniques, making it Tor-friendly, etc.
See threads here and comments in fosspost.org blog post, and in Twitter feed:
https://lists.debian.org/debian-efi/2018/05/threads.html
https://fosspost.org/analytics/privacy-security-concern-regarding-gnome-software
You must be logged in to post a comment.