Re: Red Hat Will Pay Microsoft To Get Past UEFI Restrictions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Thibault Nélis writes:


On 06/01/2012 09:46 AM, Alan Cox wrote:

Out of support releases are also an interesting problem. If a hole is
found they need to revoke the key. If they do that the users machine is
crippled. It's potentially a criminal matter in many EU states as well so
whoever issues the revocation could end up in jail. Nobody is really too
sure. This is all untested waters.
If we're talking about the kernel, one can always make the boot loader prompt the user whether it wants to continue without the assurance of a safe boot,
You are assuming that Microsoft will sign a bootloader with such functionality. 

I would not take that bet.


It will be up to the Fedora Board to stop Red Hat corrupting the goals of
the Fedora project in this way - or if they won't for people who dislike
it to dump Fedora - particularly package maintainers.
That would be, well, extreme. Say if legally OEMs are bound to empower the user to manage the keys in the firmware, would you still advocate against the use of the technology? 

No.
Now, users who buy machines with Windows pre-installed should expect their firmware to include Microsoft's key, and should be aware that they can add theirs legally. If they don't want to use Windows and don't want the trouble of setting up keys they should either:
(a) Buy from an OEM which builds machines with their OS of choice pre- installed, including a secure boot key for it,
(b) Ask an OEM for a machine without any OS (if you install the OS yourself then you should be responsible for installing the key as well),
(c) Fight an OEM which pre-installs Windows to add a new key, possibly a set of keys from unbiased trust brokers that can distribute certificates (bootloader shims) to your OS of choice to make it more realistic.
How about buying a laptop or a PC that will boot any damn OS you want, without all this cockamamie crap?

Attachment: pgpSblsuEpwDt.pgp
Description: PGP signature

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux