*countable infinities only

Bryn M. Reeves bmr at redhat.com
Thu May 31 14:32:30 UTC 2012

Hash: SHA1

On 05/31/2012 03:23 PM, Gregory Maxwell wrote:
> I thought I'd pay him the respect of sleeping on it and giving
> someone in support of this rather secretive move time to post about
> it and discuss it, so that people wouldn't be learning about it
> from my response.   I also wrote a simple, factual message.
> Nothing I said was distorted or untrue.

That discussion is happening right now. You're welcome to join in.

> Under this model there will be two classes of distributor: One
> which loads easily on systems, and one which requires the
> additional effort of disabling secure boot or installing user keys.
> (And ARM will be even more interesting...)

It's rather disingenuous to suggest that this is a situation of
Fedora's making. This is coming whether we or other distributions like
it or not as a consequence of the Windows 8 logo program.

It is a fact that on hardware with this mark *all* distributions will
need to either disable trusted boot or find a way to distribute keys
to their users or to hardware vendors.

If you think you have a better scheme then please describe it.

> You might argue that the cost of installing keys / disabling 
> secure-boot is sufficiently low— but if if it really were, why
> bother with it for Fedora, why legitimize this kind of signed
> boot-loader only control by playing along with it.

Perhaps to give the users who want to have Fedora cohabit with another
OS that uses trusted boot the freedom do do so without turning it off?

> So perhaps in practice the loss of freedom is small—  but at the
> same time people advocating closed software will rightly point out
> that very few users can program and fewer still care to actually do
> so.

Adding your own keys or disabling TP does not require "programming"

> None the less,  I do not believe it is "FUD" or in any way
> inaccurate to say that this will mean that Fedora will be losing a
> freedom it once had— the freedom to make forks at no cost which are
> technically equal to the projects, ones which are just as
> compatible and easy to install.

It's a matter of degrees. Other posters are pointing out specific
problems they perceive and suggesting concrete reasons why they
consider them problematic.

Starting a new thread that deliberately omits important aspects (such
as the user's ability to toss out and replace vendor keys or disable
the whole mess) is pretty close to my definition of fear, uncertainty
and doubt.


Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/


More information about the devel mailing list