*countable infinities only

Peter Jones pjones at redhat.com
Thu May 31 14:34:32 UTC 2012 

On 05/31/2012 10:23 AM, Gregory Maxwell wrote:
> On Thu, May 31, 2012 at 10:04 AM, Peter Jones<pjones at redhat.com>  wrote:
>> You're wrong.  Users will have the ability to create their own signing
>> certificates with openssl and sign their own binaries. Using MS as a signer
>> only buys you the convenience of not making everybody who wants to install
>> your software enroll your key.  But they will be able to do that if that's
>> what you want.
>
> It's perhaps just as troubling that there are people involved in this
> non-public decision who apparently have such a limited understanding
> of free software that they were unable to understand the point I made
> explicitly in my message (and more elliptically in my subject).   How
> can I trust that you really had no other alternative, when you can't
> even see the loss of freedom associated with this?

I can see the loss of freedom, and I find it unfortunate, but despite
what you've said above, you *are* distorting it. There's nothing you
won't be able to do that you could do before. Doing it the same way
will be harder than it was. I wish it were some other way. I understand
your point, but what you /said/ is incorrect and hyperbolic.

But enough about algebra. You don't have to trust that there's no other
alternative for two reasons - the first, because Matthew enumerated the
alternatives we've been through in the post you're explicitly responding
to. Second - as we've both said, we're still open to new suggestions. If
you have a better idea, the decision isn't made yet. We've got a plan and
we're working on it. If you have a better idea. *Now. Is. The. Time.*

I assure you, we'd all be happy if you come up with a better way. I await
your constructive help.

> One of the "Infinite Freedom"s Fedora has previously included is the
> infinite potential of creating forks— software that _other people_
> will load— which are Fedora's technological equals and which
> themselves enjoy the same freedom as Fedora.  A change from an
> uncountable infinity of options, to a merely countable infinity.

You keep using "technological equals" when you clearly mean "market equals".
The technology is all there. The market is what's more difficult to gain
access to. I'm not happy about that at all, but it's still a worthwhile
distinction.

> Under this model there will be two classes of distributor: One which
> loads easily on systems, and one which requires the additional effort
> of disabling secure boot or installing user keys. (And ARM will be
> even more interesting...)
>
> You might argue that the cost of installing keys / disabling
> secure-boot is sufficiently low— but if if it really were, why bother
> with it for Fedora, why legitimize this kind of signed boot-loader
> only control by playing along with it.

I wouldn't argue that. I'd argue that this is the best we've been able
to do. I'd like better. Feel free to help.

-- 
         Peter

More information about the devel mailing list