we just remove “contrib” “non-free” from our distro with their insalled software = thats all.
Having these repositories enabled doesn’t accidentally install contrib
or non-free packages. → adding non-freedom (contrib, non-free) APT repositories by default is it safe?
yeah thats true , but whos going to reverse tons of code and
changeable each time it gets upgraded ? thats not good way at all to
represent good base security from that.
That’s the problem here. You’re using theoretical research, logic, deductions, arguments. So this sounds big.
But for practical considerations: In case of the VirtualBox non-freeness the complaint is about a single relatively small file that probably hasn’t been changed in years (just the virtual BIOS).
(And it will probably become a non-issue once the virtual BIOS gets an upgrade to EFI or so.)
No, we dont want this level of strictness but we shouldnt include these nasty stuff non-free software into our code/distro by our hands.
The complaint on VirtualBox non-freedom is on the same level like
by strictness about software freedom.