*countable infinities only
drago01 at gmail.com
Sat Jun 2 22:23:51 UTC 2012
On Sat, Jun 2, 2012 at 11:47 PM, Gregory Maxwell <gmaxwell at gmail.com> wrote:
> On Sat, Jun 2, 2012 at 5:26 PM, drago01 <drago01 at gmail.com> wrote:
>> On Sat, Jun 2, 2012 at 11:14 PM, Gregory Maxwell <gmaxwell at gmail.com> wrote:
>>> I think regressing to the installs
>>> being somewhat easier than ten yearsish ago is still a better place to
>>> be than the cryptographic lockdown.
>> I disagree and once again it is not a lockdown as people who care
>> enough can disable it, while having it enabled by default makes things
>> easier for a large set of (potential) users.
> You can disable the lockdown on iOS devices too—and the lawfulness of
> this activity is well established in the US.
> I understand that when the Copyright Office hit its periodic review
> for that particular DMCA exemption Apple didn't even fight it this
Apples and Oranges unrelated and here "disable" is using an exploit
not just flipping an option.
> It is still a lockdown even if there is some complicated procedure to
> disable it—you can't argue this both ways. Either it's an
> inconsequential restriction because it's so easy to disable, or it's a
> practical problem for people installing the OS.
It can be argued both ways. Modifying software requires more "skills"
and knowlegde anyway so it is more acceptable to accept that group of
people to fiddle with the firmware then everyone including people that
don't even know what a firmware is. Come on lets not discuss the
> And what happens when OEMs leave out the option, which isn't even
> required by the UEFI spec itself, and Microsoft fails to enforce that
> particular requirement? "Not our fault"?
In case we refuse to support secure boot at all users on this hardware
won't have any option but to run a 100% proprietary OS. While if we
ship signed bootloader and kernel they can enjoy the freedom to
modiify everything else of their OS. In that case it is choosing the
"lesser evil" option. Is this a good situation? Of chores not. But the
all or nothing approach isn't what got us where we are now.
>> And if we have the choice between "make it easier to modify every part
>> of the OS" vs. "make it easier to instal the OS in the first place"
>> ... no one thinking rationally would opt for the former.
> If it were so simple we'd never have free software at all, because it
> was always easier to continue using whatever commercial offering came
> bundled with your system.
We have to make our software better then the competition being free by
itself is not enough to gain market traction. Having a complicated
installation procedure sure does not help this case.
> In this case it's "make it easier to install" vs. "preserve an
> ecosystem of cooperating publishers, keep software freedom as a
> top-line priority, keep it easy to modify every part, and don't put
> Red Hat in the business of defending semi-tivoization against license
> enforcement by free software authors".
Lets check this using the free software definition by the FSF:
1. The freedom to run the program, for any purpose (freedom 0).
You are free to run fedora for any purpose even if we implement secure boot.
2. The freedom to study how the program works, and change it so it
does your computing as you wish (freedom 1). Access to the source code
is a precondition for this.
The source code is available, you are free to study and change it.
Running it on specific hardware might require an additional step but
that does not contradict this.
3. The freedom to redistribute copies so you can help your neighbor
4. The freedom to distribute copies of your modified versions to
others (freedom 3). By doing this you can give the whole community a
chance to benefit from your changes. Access to the source code is a
precondition for this.
You are free to do so as long as you comply with the trademark
guidelines. You have to sign the kernel and bootloader (which costs
money) to have an easy install routine.
The later part sucks but does not restrict freedom 3 nor 4. And
according to your other mails having the user i.e "your neighbor"
disable secure boot is easy.
(I disagree with the later but you obviosuly don't). So if you argue
that it is fine for fedora to be shipped that way it is fine for your
redistributed copy (even though some other OSes like Fedora, Windows,
...) are easier to install. Otherwise your whole point is
So yes the situation kind of sucks but claiming that supporting
secureboot will make fedora non free is just wrong.
We can have a technical discussion in how to solve this better (having
the user mess with the firmware isn't better) ... but the free vs. non
free discussion does not make any sense because the software will
So lets have a discussion on that basis.
More information about the devel