By watching the console log of
apt-get udpate
apt-get dist-upgrade
I just learned my Ubuntu uses a "Linux Vendor Firmware Service", package fwupd
The
introduction of the webpage states
The LVFS is a secure web service that can be used by OEM’s to upload firmware archives and can also be used by users to securely download metadata about available updates and optionally, the updates themselves. Every month there are over ~50 million files being downloaded from ~10 million clients.
In other company XY uploads firmware to some website and my Linux downloads their firmware on my computer (without the quality control of a Linux maintainer)?
I would consider this as backdoor.
What do you know about this and/or how to you think about?
@
mike (mike@macgirvin.com) @
Waitman Gobble (wago@zap.dog) @
Max Kostikov (kostikov@zotum.net) @
Mario Vavti (mario@hub.somaton.com) @
Mark Nowiasz (buckaroo@hub.netzgemeinde.eu) @
hEARt PhoniX (tobias@hubzilla.rocks) @
Oliver (oliver@microhive.net) @
GadgeteerZA (gadgeteer@hub.vilarejo.pro.br) @
Mike Kuketz ⭐ (kuketzblog@social.tchncs.de) @
BSI (bsi@social.bund.de)