Thibault Nélis writes:
On 06/01/2012 02:40 PM, Sam Varshavchik wrote:they can't possibly review all the software that could follow the boot loader down the chain,They won't have to. Once they have a signing key that boots their current Windows OS, they have no further need for a certification process. What value added benefit does it bring to them?For now, they avoid public outrage and keep control. I personally believe
Who exactly is outraged right now? A bunch of geeks on a mailing list? So what? Who cares?
You really expect John Q Public to be howling in outrage, because he can't get his keys loaded into Dell Ultra Precision XKZ100+ laptop?
I agree it's not ideal, so we must still demand for alternatives to Microsoft, preferably unbiased, now.
We can start by not playing their games.
Verisign must be paying back a good share. Or maybe I'm looking at it the wrong way and it's not about money, but.. well it usually is.
Of course it is about the money. Not /this/ money. But everything is about money.
Please prove me wrong. Where can I get the details of those plans?Well I don't see why Matthew Garrett would lie about that in his article (we all read his post right?). Maybe I trust his word too easily, or maybe his source is wrong, but I certainly think he's way more informed about the situation than any of us. You're right in that we should wait to see it formally announced by the OEMs before shouting victory though, but I kind of got from the vibe that it was a sure thing, so I don't think we should worry about that too much until the situation changes, hoping that it won't.
I do not share your optimism. Let's just say that, a very very long time ago, I was developing Windows software. Not for very long. I don't even remember for how long, probably a year, no more. Even though it was a long time ago, I still remember what I figured out myself, on my own, back then. And I believe that there are some things out there that don't ever change.
And would you care to take my bet, for 1,000 quatloos, that Microsoft's certification program will be a farce? They'll sign Oracle's key, that can only boot Solaris, sure. They may very well sign an RHEL key, that will boot a locked-down RHEL.A $100 farce? At that price, they are *clearly* targeting very small players.
The price is irrelevant. That's just one part that makes it a farce. Nobody's going to get a key to boot an open OS on the same hardware that can boot a Microsoft OS. Doesn't matter what the price is.
I know it doesn't help that their site has been down since the beginning of this discussion, we can't really evaluate, but I got the feeling that Fedora's decision to use Microsoft's services was informed and not just thrown in the wild, so they presumably know for sure that they can get it.
Oh, I'm sure that it was informed. Like I said, all that's about, is getting RHEL into the secure boot chain.
So yeah, okay, trekker, I take the bet, they get the key. :)
Not the Fedora key. My bet was on a key that can boot an open Fedora, which can do everything that Fedora can do today, on the same hardware.
They might get a key signed to boot a locked-down RHEL. Might. Not a guarantee. There will not, I repeat, NOT, going to be a signed key that boots Fedora, where "Fedora" refers to Fedora as we know it today.
The most you're going to get, is a key that will boot Fedora that's been built and signed on Fedora build servers, using this key, that will refuse to load unsigned modules, and with certain Linux kernel features disabled. And nobody, but those build servers, will have the key.
An open Fedora? Not going to happen.Ah come on, it's not the end yet.
No, it's not.
Attachment:
pgppatFtluzUK.pgp
Description: PGP signature
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
