On Fri, Jun 24, 2011 at 4:07 AM, Rahul Sundaram <metherid@xxxxxxxxx> wrote: > If you have *specific* concerns, let's hear those. You seem to just > quoting parts of a public wiki page anyone can read. I don't see the > point of that If trusted boot in fedora is widely deployed, then $random_things may demand I use a particular fedora kernel in order to access them. Both handcapping my personal freedom to tinker with my own computer by imposing new costs on it, and hampering the Fedora project by creating additional friction against upgrades. ("Sorry, I can't upgrade to the new kernel to test that, because then I won't be able to watch netflicks!") In cases where remote attestation is especially important for legitimate purposes then it would be completely acceptable to require the user to enable it. Making it work by default will encourage the use of the functionality in places where it is not important, because the community of tinkerers and innovators is simply small enough to ignore. Is that the world we want to live in? Why should our project contribute to that world's creation? I think the wide (e.g. by default) deployment of remote attestation undermines the Fedora foundational value of freedom and will inhibit the innovation which is central to the project's mission. Accordingly, support for remote attestation in the default install should be explicitly and categorically rejected with the same vigor, and many of the same reasons, that the project rejects proprietary software which it could lawfully distribute. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel