*countable infinities only

Seth Johnson seth.p.johnson at gmail.com
Mon Jun 18 13:20:05 UTC 2012 

On Mon, Jun 18, 2012 at 8:54 AM, Peter Jones <pjones at redhat.com> wrote:
> On 06/18/2012 01:17 AM, Seth Johnson wrote:
>>
>> On Mon, Jun 18, 2012 at 1:15 AM, Matthew Garrett <mjg59 at srcf.ucam.org>
>> wrote:
>>>
>>> On Mon, Jun 18, 2012 at 01:09:52AM -0400, Jay Sulzberger wrote:
>>>>
>>>> Bob Young, a master of propaganda^Hsales, had a wonderful spiel
>>>> in favor of free software which included the line "Why would you
>>>> buy a car with the hood welded shut?".
>>>>
>>>> ad previous lack of success of sales of GNU/Linux machines: In
>>>> every case I know, Microsoft just bribed/threatened the vendor to
>>>> stop selling the machines.
>>>>
>>>> If Red Hat accedes to Microsoft's demands here, there will be no,
>>>> let me repeat, no hardware that Fedora can be easily installed
>>>> on.  Here is why:
>>>>
>>>> By your own explanation, you think that without the special key,
>>>> controlled by Microsoft, Fedora would be too hard for some people
>>>> to install.  OK, so you agree that Fedora must get permission
>>>> from Microsoft to allow easy installs of Fedora.
>>>>
>>>> The game is now just about over.  What if one day, Microsoft
>>>> makes it even harder to install Fedora without a Microsoft
>>>> controlled key?  What if, as has already happened with ARM,
>>>> Microsoft refuses to grant Fedora a special key?
>>>
>>>
>>> Microsoft has not refused to grant Fedora a key for ARM.
>>
>>
>> Oh please.
>
>
> It's very difficult to see what your argument is from those two words.

It's apparently difficult to recognize Jay's argument, immediately
above.  Jay did not say you currently cannot get an ARM key.  I did
not present an argument in my comment.


> Just to be clear, and to expand on Matthew's (quoted) response, at this time
> there's no reason to believe the ability to get a signed bootloader on ARM
> will be any different than on x86. *We*, Matthew and I, have chosen to
> extend a proposal which excludes Fedora from this process on ARM machines
> due to our belief that users should have ultimate control of their systems.
> That control must include replacing all of the Secure Boot keys - PK, KEK,
> DB, and DBX. We don't believe we can reasonably support a Free Software
> platform on machines without that functionality, and so we've opted not to
> bring a proposal which would include supporting that platform.
>
> There's every indication that were we to so choose, Microsoft would happily
> sign our binaries and allow us to boot on Secure Boot constrained ARM
> machines at no additional cost.


Exactly.  Microsoft would happily give you permission if you ask.  You
recognize that this is rendering you vulnerable, as Jay said.


> We believe that without the guarantee that
> you can disable Secure Boot or use your own chain of trust, it isn't a
> platform we can or should support.


Exactly correct.  Except the word "guarantee" is of equivocal meaning,
potentially allowing for a course of action that renders you
vulnerable.


Seth

More information about the devel mailing list