*countable infinities only
gmaxwell at gmail.com
Mon Jun 25 15:25:08 UTC 2012
(I'm posting in this thread rather than starting a new one in order to
respect people who've spam-canned it)
It is being widely reported that Canonical's be signing the kernel,
they won't be requiring signed drivers, and won't be restricting
runtime functionality while securebooted. What is being claimed is
that the only thing they'll be restricting is the bootloader and
they're going to write a new bootloader for this in order to avoid
signing code written by third parties.
This seems a bit incongruent with many of the claims made here about
the degree of participation with cryptographic lockdown required and
the importance of it.
I feel like the entire discussion has been a bit unfair where people
were repeatedly challenged to offer alternatives when things claimed
to be impossible based on NDAed discussions are, apparently, actually
possible and the remaining weak alternatives were discarded as not
being usable enough.
More information about the devel