*countable infinities only

Debarshi Ray rishi.is at lostca.se
Sat Jun 2 16:03:45 UTC 2012 

> When I create a fork, respin, or remix of Fedora and distribute it to
> people it will not run for them like Fedora does without a level of
> fiddling which the people advocating this have made clear is entirely
> unacceptable.  This is because Fedora will be cryptographically
> signing the distribution with keys these systems require and not
> sharing the keys with me.  Fedora be doing this even with software
> that I wrote, enhancing it with a signing key only they have access
> too, making it much more useful on hardware where it is not otherwise,
> and not allowing me and or downstream recipients to enjoy the same
> improvements for their modified versions.
> 
> What is unclear about this?

2 things:

+ Forks, respins and remixes require a level of technical expertise which
  all the consumers of the Fedora binaries might not have.

+ Running a large-scale fork, respin or remix will require money. Inability to
  pay $99 is not a very strong reason.

Free software says nothing about price. This is somewhat like the Tivoization
problem, where even though you have free software you can not modify and run
it on your computer. I used the term "somewhat" because Microsoft might still
sign your bootloader, or you can enroll your own key, or turn Secure Boot
off.

One of the things that you (or we) could lobby for is the possibility of a
non-Microsoft CA. However, Peter already explained one of the reasons why it
did not work out. Maybe someone can try again.

It has also been pointed out that Secure Boot does add some security, even
though the situation where Microsoft is the sole CA sucks. So, merely saying
"turn it off, turn it off" is not a very strong technical argument. Not that it
is a bad one, but not the best, either.

Happy hacking,
Debarshi

-- 
K&R is like the Bible. The fervent read it from end to end, the religious
keep a copy.  -- Arjun Shankar
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 834 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20120602/028bd908/attachment.sig>

More information about the devel mailing list