*countable infinities only

Gregory Maxwell gmaxwell at gmail.com
Thu May 31 15:47:16 UTC 2012

[I'm sorry for getting repetitive here, but I'm responding to several
people concurrently in order to minimize volume]

On Thu, May 31, 2012 at 10:32 AM, Bryn M. Reeves <bmr at redhat.com> wrote:
> That discussion is happening right now. You're welcome to join in.

That wasn't my understanding, my understanding is that this is a done
deal and not up for discussion. I'm happy to learn otherwise.

> It's rather disingenuous to suggest that this is a situation of
> Fedora's making. This is coming whether we or other distributions like
> it or not as a consequence of the Windows 8 logo program.

I did not say that this situation was "fedora's making", I know — for example—
That MJG cares deeply about software freedom and that he understands
the loss of freedom here.  I know that everyone involved in this feels that
it is being exposed from outside and that there is no other viable choice.
(And I grant that there is at least a choice of bad compromises being
enforced from outside).

This does not change the fact that a freedom of fedora is being lost.

And Fedora does have a choice here.

> If you think you have a better scheme then please describe it.

I know that the people who have been working on this for months and in
direct negation with Microsoft have already explored more options than
I can hope to guess at.  I won't be able to outdo a bunch of really
smart people working, with the cooperation of lawyers, for months in
an email here (and I already attempted this in private with MJG, and
failed as expected).

I offer instead that Fedora should not participate and leave it so
that Fedora and forks will both have equal inconvenience on this
hardware. This will preserve the freedom I'm speaking of losing here,
and it will keep Redhat and the Fedora community laser focused on
minimizing this inconvenience.

[and I didn't spell this out before simply because it's an obvious
option that you don't need my help to find]

The plan presented here will instead potentially leave RedHat and the
Fedora community in the odd position of defending TC lockdown as
compatible with the GPLv2 "installation instructions", v3 anti-TC, and
future licenses which may be _specifically_ targeted to address the
loss of freedom created here — I'm not trying to argue that the
licensing here myself,  only pointing out that the fact that you'll
now be in the business of arguing against prohibitions in free
software licenses is a very clear sign that something is wrong, and a
very bad investment in resources.

The overall situation here is not Fedora's making— not something you
would choose to have.  But there absolutely is a choice available
here.  Fedora can choose to continue to participate in the ecosystem
as an equal— without access to special signing keys which they can't
give to their users would may wish to make forks—, or Fedora can
choose to make the install easier on this hardware.

And it's not to say that I'm 100% doom and gloom about this, the
increase in friction for loading binary only drivers will be a very
positive upside.

> Perhaps to give the users who want to have Fedora cohabit with another
> OS that uses trusted boot the freedom do do so without turning it off?

And again—   Forks and Respins of Fedora lose the ability to provide
parity in this regard.

I apologize that I'm presenting you with an impossible argument: You
argue that it's important to do this, I argue that the loss of freedom
is great— you argue that the hurdles for forks/respins are small,  I
argue that you should not do this.   But it isn't me who created this
dissonance.   It's the people arguing that this is not a clear loss of
a prior freedom in Fedora.

Once you accept that this option is a loss of freedom then the
argument is no longer cyclic and we can have a meaningful discussion
about if the loss of freedom is better or worse than the loss of

> Starting a new thread that deliberately omits important aspects (such
> as the user's ability to toss out and replace vendor keys or disable
> the whole mess) is pretty close to my definition of fear, uncertainty
> and doubt.

That isn't a relevant aspect for someone who would want to fork the
software for other people to use. The relevant part is that if you
fork fedora you will either have to pay $99 (and pass whatever
certification Microsoft imposes) or you will be harder to install.  If
you think that my focus on this point to the exclusion of all the ways
that this doesn't suck— ways which would likely be unlawful— is going
to confuse people, then perhaps you should communicate about this
better so that I'm unable to confuse people.

On Thu, May 31, 2012 at 10:34 AM, Peter Jones <pjones at redhat.com> wrote:
> You keep using "technological equals" when you clearly mean "market equals".
> The technology is all there. The market is what's more difficult to gain
> access to. I'm not happy about that at all, but it's still a worthwhile
> distinction.

Access to cryptographic signing keys is a technological restriction.
Requiring the user to go bios spelunking or key generating at install
time is similar in character to other technological shortcomings,
e.g., only being able to use a text mode installer— or the
distribution of a binary only driver which is required to work on some
hardware— something Fedora has previously chosen not to do even while
some other distributions did so.

I agree that it's not quite a issue of "technological equals": If it
were just technology I could independently reinvent the bootloader
without paying people, but I won't here— and if I manage to backdoor
the trusted boot through some technical means I would probably be
breaking the law.

Market equality is something that free software has never promised,
and could not promise. It couldn't be taken away because it could
never have been provided.

On Thu, May 31, 2012 at 11:10 AM, Pierre-Yves Chibon
<pingou at pingoured.fr> wrote:
> I don't really think this is Fedora specific, all linux distro will face
> the same problem.

Fedora has made the freedom provided more central to it's marking and
values than other mainstream distributions.

"Why Is the Fedora Project Different?  We try to always do the right
thing, and provide only free and open source software. We will fight
to protect and promote solutions that anyone can use and redistribute.
To this end, we use only free and open source software to power the
Fedora infrastructure itself."

Other distributions have distributed (and/or provided easy
install-time options to download) binary only drivers for the sake of
hardware compatibility. Other distributions offer and promote things
like flash, encumbered codecs, etc.  All for the sake of improved user
experience but at the cost of a strong position on software freedom.
Not only does Fedora not provide these things, but it doesn't
generally promote them or even facilitate them.

Personally, I've viewed Fedora as a source of pragmatic compromises to
hard software freedom issues, but still a distro which isn't afraid to
put freedom first even if it creates inconvenience or some loss of
market share, and this is one reason why I use it.  I don't believe
that there is any other major distribution which would be more likely
to take the other option here— the hard option of reduced
compatibility for the sake of equality in licensing.

... and it's really only the mainstream distributions which have the
market clout to make a refusal to participate here mean anything at
all— in terms of the public's perception of these limitations, and in
terms of the workaround and remedies.

On Thu, May 31, 2012 at 10:52 AM, Chris Adams <cmadams at hiwaay.net> wrote:
> The basic fact is that Microsoft drives the desktop x86 PC market.
> Nobody else has the power they do, and that isn't going to change any
> time soon.  They are creating the two classes you describe.  The
> hardware is coming (like it or not), and Fedora can either change to
> deal with it or not.
> If Fedora does nothing different than is being done today with F17, it
> will always be in the second class, requiring the user to disable secure
> boot.  Even getting to the point where the user can generate/install
> their own key requires more work.

Microsoft is creating the situation but Fedora can choose between two
bad options:
(1) Have two classes, where not all Fedora distributors are equals.
(2) Have harder installs on some hardware.

I think the second option is better and more in line with the Fedora
project's mission.  The second option is also terrible, but it means
that Fedora's resources will be invested in minimizing the costs, and
not invested in fighting against free software developers who would
like to use licensing restrictions to prohibit code signing lockdown
of their software.

More information about the devel mailing list