On Thu, May 31, 2012 at 9:56 AM, Bryn M. Reeves <bmr@xxxxxxxxxx> wrote: > abundantly clear that there are no restrictions placed on users who do > not wish to have the secure boot signature checks enforced. Yes, I read it and spent several hours talking to MJG before he posted it, in fact. I thought I'd pay him the respect of sleeping on it and giving someone in support of this rather secretive move time to post about it and discuss it, so that people wouldn't be learning about it from my response. I also wrote a simple, factual message. Nothing I said was distorted or untrue. This may not be the end of the world, but it's a clear loss of a freedom that Fedora has had in the past. See below: On Thu, May 31, 2012 at 10:04 AM, Peter Jones <pjones@xxxxxxxxxx> wrote: > You're wrong. Users will have the ability to create their own signing > certificates with openssl and sign their own binaries. Using MS as a signer > only buys you the convenience of not making everybody who wants to install > your software enroll your key. But they will be able to do that if that's > what you want. It's perhaps just as troubling that there are people involved in this non-public decision who apparently have such a limited understanding of free software that they were unable to understand the point I made explicitly in my message (and more elliptically in my subject). How can I trust that you really had no other alternative, when you can't even see the loss of freedom associated with this? One of the "Infinite Freedom"s Fedora has previously included is the infinite potential of creating forks— software that _other people_ will load— which are Fedora's technological equals and which themselves enjoy the same freedom as Fedora. A change from an uncountable infinity of options, to a merely countable infinity. Under this model there will be two classes of distributor: One which loads easily on systems, and one which requires the additional effort of disabling secure boot or installing user keys. (And ARM will be even more interesting...) You might argue that the cost of installing keys / disabling secure-boot is sufficiently low— but if if it really were, why bother with it for Fedora, why legitimize this kind of signed boot-loader only control by playing along with it. So perhaps in practice the loss of freedom is small— but at the same time people advocating closed software will rightly point out that very few users can program and fewer still care to actually do so. None the less, I do not believe it is "FUD" or in any way inaccurate to say that this will mean that Fedora will be losing a freedom it once had— the freedom to make forks at no cost which are technically equal to the projects, ones which are just as compatible and easy to install. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
