*countable infinities only
tmraz at redhat.com
Thu May 31 14:35:44 UTC 2012
On Thu, 2012-05-31 at 10:23 -0400, Gregory Maxwell wrote:
> On Thu, May 31, 2012 at 9:56 AM, Bryn M. Reeves <bmr at redhat.com> wrote:
> > abundantly clear that there are no restrictions placed on users who do
> > not wish to have the secure boot signature checks enforced.
> Yes, I read it and spent several hours talking to MJG before he posted
> it, in fact.
> I thought I'd pay him the respect of sleeping on it and giving someone
> in support of this rather secretive move time to post about it and
> discuss it, so that people wouldn't be learning about it from my
> response. I also wrote a simple, factual message. Nothing I said
> was distorted or untrue.
> This may not be the end of the world, but it's a clear loss of a
> freedom that Fedora has had in the past. See below:
> On Thu, May 31, 2012 at 10:04 AM, Peter Jones <pjones at redhat.com> wrote:
> > You're wrong. Users will have the ability to create their own signing
> > certificates with openssl and sign their own binaries. Using MS as a signer
> > only buys you the convenience of not making everybody who wants to install
> > your software enroll your key. But they will be able to do that if that's
> > what you want.
> It's perhaps just as troubling that there are people involved in this
> non-public decision who apparently have such a limited understanding
> of free software that they were unable to understand the point I made
> explicitly in my message (and more elliptically in my subject). How
> can I trust that you really had no other alternative, when you can't
> even see the loss of freedom associated with this?
> One of the "Infinite Freedom"s Fedora has previously included is the
> infinite potential of creating forks— software that _other people_
> will load— which are Fedora's technological equals and which
> themselves enjoy the same freedom as Fedora. A change from an
> uncountable infinity of options, to a merely countable infinity.
> Under this model there will be two classes of distributor: One which
> loads easily on systems, and one which requires the additional effort
> of disabling secure boot or installing user keys. (And ARM will be
> even more interesting...)
> You might argue that the cost of installing keys / disabling
> secure-boot is sufficiently low— but if if it really were, why bother
> with it for Fedora, why legitimize this kind of signed boot-loader
> only control by playing along with it.
> So perhaps in practice the loss of freedom is small— but at the same
> time people advocating closed software will rightly point out that
> very few users can program and fewer still care to actually do so.
> None the less, I do not believe it is "FUD" or in any way inaccurate
> to say that this will mean that Fedora will be losing a freedom it
> once had— the freedom to make forks at no cost which are technically
> equal to the projects, ones which are just as compatible and easy to
I do not like the kind of e-mails I'm just sending now but I had to do
+1 to Gregory
No matter how far down the wrong road you've gone, turn back.
More information about the devel