I see it as more realistic to just accept that practical use for an average user requires redistribution and do it regardless of what the law may say otherwise, possibly from a location where such awful interpretations aren't enforceable.
You have the implicit right to the proper operation of the hardware you purchased. Such rights historically trump the rights of IP holders upon conflict.
Apple already has a perfectly good CDN where everyone can download their entire OS with no authentication from well known HTTP URLs, and all Mac owners are licensed to use it.
There is no reason for us to play fast and loose with copyright law; our installer just downloads everything it needs (which is a lot more than just WiFi firmware) from their CDN and uses it. No redistribution required. There is literally zero impact to users, and nothing to be gained from redistributing.
For people who want to do fully offline installs, we'll provide a way of using a OS image on local media instead (though in that case users will have to download a complete OS image; when you use our script online, it does partial HTTP fetches and only grabs what it needs, so you only end up downloading ~1GB instead of a full 15+GB macOS image - though we could provide a script to download only the required bits and re-pack it as one file anyway...)
I'm not playing fast and loose with anything. I have the right to the proper operation of the hardware I am sold.
What happens when those CDNs go down? A mad scramble to find out who still has the files? This same thing keeps happening and nobody pushes back. There may be zero impact to users now but accepting this hostage situation is ridiculous.
When Apple's servers go down you lose the ability to do low-level recovery on these machines anyway, since DFU flashing requires phoning home to get a ticket for your machine as well as low-level configuration data, so you have bigger problems to worry about than losing your WiFi firmware (especially since you should always have the WiFi firmware locally available if your machine is in a situation where it doesn't need DFU recovery; just hold down the power button to go into regular recovery, pull up a terminal, and copy /usr/share/firmware/wifi).
Thankfully, that hasn't happened for any platforms and you can still download the OS for and perform authorization for all Apple devices going back to the iPhone 2G (3GS for auth, since it's the first one with that requirement), so I'm not too worried.
Here's the latest firmware available for the original iPhone:
And you can download not just the latest version, but all prior versions, for every device, ever released. https://ipsw.me/ has all the links.
Of course, this is merely a practical argument; Apple have shown that they will continue to support all their old devices as far as this process is concerned, but this cannot be proven. If you're the kind of person who worries about any and all external dependencies and doesn't want to trust the vendor for anything, then I would advise you to not buy one of these machines; they are not for you. These machines value a rather sophisticated security paradigm (that has real benefits for users, especially the average user) over not having vendor dependencies; that is a trade-off that you need to be aware of.
I expect if Apple ever decide to retire the signing server for older platforms, they'll just publish a signed global ticket for them to remove the phone home dependency. It would be stupid not to do that. And plenty of people have OS images lying around. Just download one and keep it safe if you're worried about that. Though you'd still be screwed if you lose your Flash contents including platform config data, but nothing Apple does can save you from that; at that point you'd better have a backup yourself, since you wouldn't be able to rely on Apple's service to fetch their copy.
(Please don't reply with a tirade about freedom and evil vendors and boiling frogs; I'm really, really tired of those, and the people who write them invariably refuse to listen to any explanation about the security rationale behind why things are this way, and I've given up trying to explain it to them. Please just go buy a Pinebook instead.)
I wish you to show more respect toward people who are concerned with freedom and importance of freedom to use their own devices. At least they should not be treated with less respect than people from Apple who's decisions are protected by you in every opportunity so far while in my opinion their decision to keep devices hooked to them keep owners as hostages as correctly was noted in the parent post . It is hard to understand why you are ready to attack people advocating for the freedom of the owner (including your freedom) while you are extremely polite toward Apple people and their decisions in the same time even if those decisions are obviously made not in favor of the owner.
>and the people who write them invariably refuse to listen to any explanation ...
Actually I was listening very carefully and I was ready to continue listening even after you've took discussion toward being personal and disrespectful ( let's assume by mistake/misunderstanding)[1].
Due to my forgiving nature I even tried not to take personally what you wrote because all people can make mistakes with the hope that you can also forgive to other people certain mistakes and keep being respectful. I even apologized in details for my possible misuse of English words to make it easier for you to continue[2].
Still you didn't provide your arguments even after apology and it's hard to listen when arguments are not delivered.
I prefer to give people chance to fix their possible mistake before attacking them and I hope you can do the same. I hope that I didn't waste my time second time.
You've just made my point by tracking me down in another comment thread (and conveniently linking to my subsequent reply and not the tirade you wrote as the parent).
Can you please just drop it? You didn't listen with your original reply; nothing I say will change your opinion. I don't need more gratuitous comparisons to dictatorships and ad hominem attacks, thanks. It's always like this whenever I try to explain things calmly to people like you.
Given that users have to run an install script to set up the OS anyway, it will be completely transparent to them. There is no extra friction for users on M1 platforms caused by the firmware story.
https://lore.kernel.org/linux-acpi/20211226153624.162281-1-m...