*countable infinities only

Seth Johnson seth.p.johnson at gmail.com
Mon Jun 18 02:01:53 UTC 2012


On Sun, Jun 17, 2012 at 8:09 PM, Matthew Garrett <mjg59 at srcf.ucam.org> wrote:
> On Sun, Jun 17, 2012 at 07:54:17PM -0400, Seth Johnson wrote:
>> On Sat, Jun 16, 2012 at 7:26 PM, Reindl Harald <h.reindl at thelounge.net> wrote:
>> >
>> >
>> > Am 17.06.2012 01:14, schrieb Chris Murphy:
>> >> Please provide an example of a better option, with sufficient detail as to constitute a successful relay of the baton.
>> >> The point of the thread from the outset was to explore alternatives, but so far those alternatives are vaporware.
>>
>>
>> Numerous non-vaporware recommendations follow, snipped directly from the thread:
>
> (snip)
>
> These suggestions boil down to:
>
> 1) Do nothing
> 2) Become a hardware vendor
> 3) Use a Fedora key
>
> None of these solve the problem of getting Fedora onto arbitrary x86
> hardware bought towards the end of this year.


Which one is the "do nothing" alternative?  The other two are some
sort of reduction that at least moves us past acting like no
constructive suggestions have been made in this discussion, so I would
ask questions about how your reduction works on them.  Below you'll
see that I think the idea that these suggestions are saying "do
nothing" misses the point that they're saying something that's
missing, that needs to be done -- whereas more technical solutions may
have seemed sufficient so far.

<various snippets>

I think my main point stands: talking with, say, Dell, and
Microsoft in private, without a serious legal and propaganda
push, makes Fedora's position weak in the private negotiations.
As soon as the other side made clear that their position was to
accept Microsoft's plan, Red Hat should have called a press
conference and explained the situation to reporters from the New
York Times, the Wall Street Journal, etc..

Please allow me a personal remark: I too have fought one part of
a big battle so hard and so long that it seemed to me that the
part I was engaged in must be the whole battle.  I think that
perhaps the negotiators on the Fedora/Red Hat have mistaken one
part of the battle for the whole battle.

<insert 1 by Seth>

I don't see a match with any of your items here:

1) Do nothing
2) Become a hardware vendor
3) Use a Fedora key

Is this the "do nothing" option?  As in, the things said here are
"nothing" because they do not produce a deterministic effect?

</insert 1 by Seth>

---

My posts argue that Fedora should neither accept, nor seem to
accept, Microsoft's having the Hardware Root Key.  One reason not
to seem to accept Microsoft's having the Hardware Root Key is
that, when arguing for Examption 4, the Englobulators will answer
"Well, there is really no issue here.  Why, Fedora accepts that
it is right and proper that Microsoft have the Hardware Root
Key.".

<insert 2 by Seth>

Still no match, though one could invert it and say it implies item 3)
Use a Fedora key.

1) Do nothing
2) Become a hardware vendor
3) Use a Fedora key

Might you see this as a "do nothing" option?  As in "not seem[ing] to
accept Microsoft's having the Hardware Root Key" is not related to a
deterministic technical solution to getting Fedora onto arbitrary x86
hardware bought towards the end of this year?

</insert 2 by Seth>

---

Now, perhaps I misread, or misremember, but in this thread, I
think it was said that a home computer vendor has offered to
allow a key, authorized by what you distinguish as the "PK", to
be loaded into the UEFI, so that Fedora would stand equal to
Microsoft, though both, you now claim, would be equally junior to
the vendor (which claim is not right).  And you refused.  This is
ridiculous.  If one more key can be loaded at point of sale, then
so can several more.  And this is not the final step in the
remedy, but only an early step.  We can do more.  But, if Fedora
agrees that Microsoft gets to dictate what is loaded at point of
sale, well, that is an un-necessary loss.  As your statement
shows, your team was not negotiating with Microsoft, nor with the
vendors of hardware, but with a non-existent being of irresistible
power.  Of course that negotiation with an imaginary being is
much harder to win than the real negotiation.

RMS had no Red Hat backing him when he started Project GNU.  Nor
did Linus when he started the Linux kernel.  Nor did the founders
of Red Hat.  But you have Red Hat, with a large income, and much
money.  You also have many people who will help you, and help
ourselves, in this fight.

Suggestion 2: Have Red Hat buy a large quantity of standard home
machines, on condition that the UEFI not be locked at point of
delivery to Red Hat.

Suggestion 3: Do a better command and control screen for the
UEFI.  There is enough room in the UEFI for a big, but very
simple, screen.  There is even room for a proper manual.  You
have written that there is nothing you can do about the bad
interface of the UEFI.  But you can.

<insert 3 by Seth>

I see 2) Become a hardware vendor and 3) Use a Fedora key here

1) Do nothing
2) Become a hardware vendor
3) Use a Fedora key

Is this where the "do nothing" option is?  As in, "agree[ing] that
Microsoft gets to dictate what is loaded at point of sale," is, while
related to a deterministic technical step towards a solution (i.e.,
working with the vendor to put in a Fedora key of ostensible
coordinate status with Microsoft), is nevertheless a proposition that
is less determinate than purchasing a key which Microsoft offers in
the real world?

</insert 3 by Seth>

---

ad inability to manage keeping the private half of the Fedora key
private: This is absurd.  I will be happy to explain methods
which, if Red Hat wanted, would meet all statutory, and real
security, and even all anti-FUD compliance, requirements.  This
claimed inability is not reasonable.  Why?  Because your position
implies that you trust Microsoft and the hardware vendor more
than you trust yourselves in this.  If that is your opinion,
well, why run Fedora ever?  After all, in the world your propose
to create, Fedora depends for the security of its boot process,
on Microsoft and Microsoft's partner, the hardware vendor.

<insert 4 by Seth>

I see 3) Use a Fedora key here

1) Do nothing
2) Become a hardware vendor
3) Use a Fedora key

Is this where the "do nothing" option is?  As in, "keeping the private
half of the Fedora key private" is part of a deterministic technical
solution that is not being made available?

</insert 4 by Seth>

</various snippets>


Seth


More information about the devel mailing list