*countable infinities only
pjones at redhat.com
Mon Jun 18 12:30:11 UTC 2012
On 06/18/2012 12:53 AM, Matthew Garrett wrote:
> On Sun, Jun 17, 2012 at 11:52:48PM -0400, Jay Sulzberger wrote:
>> So why does the "SecureBoot" private key require a so much higher
>> cost of administration?
> Fedora's keys are currently only relevant on hardware where users have
> voluntarialy installed Fedora. If all x86 machines shipped with a Fedora
> key installed then our key security would be relevant to everyone, and
> we'd be a much more attractive target than we currently are.
In addition to Matthew's point, we must keep in mind, as has previously been
pointed out, that giving a Fedora (or RH) specific key to hardware vendors
for them to ship would be very difficult to justify to the greater community.
Instead of requiring anybody who wants to make their own linux distro for
general computing pay $99, we'd be supporting a system wherein it's impossible
to do so without cultivating your own relationship with every hardware vendor
for years on end. This would be a catch 22, because the difficulty in
establishing the market presence required before hardware vendors want to talk
to you would be *significantly greater* than it is today. It would also result
in a significantly fragmented compatibility matrix, as getting hardware vendors
to add a key represents what they'd consider a significant expense (system
flash real estate is still a critical resource), and it's most likely any
vendor addoption of a new distro key would happen on an incremental basis.
More information about the devel