Last April we echoed that Debian had reconsidered its policy around proprietary firmware because, over time, its use has become increasingly necessary to make the hardware work properly or simply does, as is the case with Radeon graphics that rely on AMDGPU.
After many months, the voting process has concluded with the decision to implement Option 5 or Proposal E, titled “change the social contract for non-free firmware in the installer, an installer”. Basically it consists of keeping the Debian Social Contract as it is (officially it is said to replace it with an identical one), but adding the following at the end of point 5:
Official Debian media may include firmware that would not otherwise be part of the Debian system to allow the use of Debian with hardware that requires such firmware.
For users, this should result in the inclusion of packages with firmware exclusive to the “non-free-firmware” section in the official installation media of the distribution, both standards and those that include live session and Squid. The proprietary firmware would be enabled by default in those systems that require it. Here you can cite helpful examples such as Radeon graphics and Intel Wi-Fi modules. However, the user will be given the option to disable said proprietary firmware at startup if he does not want to use it for whatever reason.
In order to provide transparency, the Debian installation media will provide the user with information about the firmware being loaded, both free and proprietary, and such information will be stored in the system so that it can be found later (and we assume at any time).
When it is determined that it is necessary to employ a non-free firmware to ensure proper operation, the system will also be configured to use it by default in the /etc/apt/sources.list . Enablement through repository would have to result in security updates and major fixes, so the firmware would be treated like any other installed software.
We will see how everything looks when it is implemented and put into operation, but everything seems to indicate that the Debian installation media will include proprietary firmware that will be enabled next to the corresponding repository if necessary, although the user will be given the option to disable it and maximum transparency will be offered around what is being used.
In addition to firmware, the new policy adopted by Debian should also cover processor microcodes, which are proprietary but necessary to mitigate several Spectre-like (and other) vulnerabilities that have appeared in recent years.
