All this is certainly expected behavior. If companies don't want to be complicit in these crimes, then they need to remove themselves from keeping remote power over devices that are purportedly sold to end users. Dell doesn't get flack for what Debian chooses to put in their repositories. And when Debian itself gets bullied (eg decss and other video codecs), even-less-exposed organizations can create another repository that coexists with the main one.