On Wed, 08 May 2019 19:47:37 +0000, Markus Robert Kessler wrote:

> Dear all,
>
> during the last days I tried to install a Printer / Fax from HP (M127fn)
> on several different platforms.
>
> On every OS it seems the same: You can only get these printers to work
> when installing a mandatory proprietary "plugin". This plugin originally
> comes from HP and you will never see the sources. It's just a binary
> "run" file which you may trust and invoke, or not.
>
> As if this was not bad enough, the run file seems to have moved to a
> different location some days ago, and, hence, on e.g. Mageia 6
> installation failed completely, and on Raspbian Stretch I had to do an
> "apt-get update" prior to being able to proceed.
>
> But even after that I got complaints about not fitting pgp checks and
> had to continue even though the plugin potentially was manipulated.
>
> So, at least, this has nothing to do with OpenSource philosophy.
>
> I am wondering why so many people running Linux for higher security, are
> nevertheless agreeing on having non-OpenSource components like this on
> their machines.
>
> - Has anyone found out, what this "plugin" exactly does? And, to which
> locations the installer ("run file") writes or modifies files?
>
> - Are there alternatives as true Open Source drivers?
> I know that high end laser printers can be accessed via PCL or PS
> protocol, but not so with HP Fax Lasers.
>
> Any ideas highly appreciated!
>
> Best regards,
>
> Markus

thinking logically about the security issue honest if the printer is a
network attached device then the printer firmware itself is a much better
place for the manufacturer to install any nefarious software & hide this
data in its phone home status reports.

in which case a binary only driver is the least of you worries

--- SoupGate-Win32 v1.05