To update blobs or not to update blobs
Summary
Matthew Garrett analyzes the trade-offs of updating non-free firmware blobs, highlighting trust, security, and governance concerns. The piece argues that updates can fix vulnerabilities but may also introduce new risks, and recommends a threat-model-driven approach with open, auditable code where possible.