[I'm sorry for getting repetitive here, but I'm responding to several people concurrently in order to minimize volume] On Thu, May 31, 2012 at 10:32 AM, Bryn M. Reeves <bmr@xxxxxxxxxx> wrote: > That discussion is happening right now. You're welcome to join in. That wasn't my understanding, my understanding is that this is a done deal and not up for discussion. I'm happy to learn otherwise. > It's rather disingenuous to suggest that this is a situation of > Fedora's making. This is coming whether we or other distributions like > it or not as a consequence of the Windows 8 logo program. I did not say that this situation was "fedora's making", I know — for example— That MJG cares deeply about software freedom and that he understands the loss of freedom here. I know that everyone involved in this feels that it is being exposed from outside and that there is no other viable choice. (And I grant that there is at least a choice of bad compromises being enforced from outside). This does not change the fact that a freedom of fedora is being lost. And Fedora does have a choice here. > If you think you have a better scheme then please describe it. I know that the people who have been working on this for months and in direct negation with Microsoft have already explored more options than I can hope to guess at. I won't be able to outdo a bunch of really smart people working, with the cooperation of lawyers, for months in an email here (and I already attempted this in private with MJG, and failed as expected). I offer instead that Fedora should not participate and leave it so that Fedora and forks will both have equal inconvenience on this hardware. This will preserve the freedom I'm speaking of losing here, and it will keep Redhat and the Fedora community laser focused on minimizing this inconvenience. [and I didn't spell this out before simply because it's an obvious option that you don't need my help to find] The plan presented here will instead potentially leave RedHat and the Fedora community in the odd position of defending TC lockdown as compatible with the GPLv2 "installation instructions", v3 anti-TC, and future licenses which may be _specifically_ targeted to address the loss of freedom created here — I'm not trying to argue that the licensing here myself, only pointing out that the fact that you'll now be in the business of arguing against prohibitions in free software licenses is a very clear sign that something is wrong, and a very bad investment in resources. The overall situation here is not Fedora's making— not something you would choose to have. But there absolutely is a choice available here. Fedora can choose to continue to participate in the ecosystem as an equal— without access to special signing keys which they can't give to their users would may wish to make forks—, or Fedora can choose to make the install easier on this hardware. And it's not to say that I'm 100% doom and gloom about this, the increase in friction for loading binary only drivers will be a very positive upside. > Perhaps to give the users who want to have Fedora cohabit with another > OS that uses trusted boot the freedom do do so without turning it off? And again— Forks and Respins of Fedora lose the ability to provide parity in this regard. I apologize that I'm presenting you with an impossible argument: You argue that it's important to do this, I argue that the loss of freedom is great— you argue that the hurdles for forks/respins are small, I argue that you should not do this. But it isn't me who created this dissonance. It's the people arguing that this is not a clear loss of a prior freedom in Fedora. Once you accept that this option is a loss of freedom then the argument is no longer cyclic and we can have a meaningful discussion about if the loss of freedom is better or worse than the loss of capability. > Starting a new thread that deliberately omits important aspects (such > as the user's ability to toss out and replace vendor keys or disable > the whole mess) is pretty close to my definition of fear, uncertainty > and doubt. That isn't a relevant aspect for someone who would want to fork the software for other people to use. The relevant part is that if you fork fedora you will either have to pay $99 (and pass whatever certification Microsoft imposes) or you will be harder to install. If you think that my focus on this point to the exclusion of all the ways that this doesn't suck— ways which would likely be unlawful— is going to confuse people, then perhaps you should communicate about this better so that I'm unable to confuse people. On Thu, May 31, 2012 at 10:34 AM, Peter Jones <pjones@xxxxxxxxxx> wrote: > You keep using "technological equals" when you clearly mean "market equals". > The technology is all there. The market is what's more difficult to gain > access to. I'm not happy about that at all, but it's still a worthwhile > distinction. Access to cryptographic signing keys is a technological restriction. Requiring the user to go bios spelunking or key generating at install time is similar in character to other technological shortcomings, e.g., only being able to use a text mode installer— or the distribution of a binary only driver which is required to work on some hardware— something Fedora has previously chosen not to do even while some other distributions did so. I agree that it's not quite a issue of "technological equals": If it were just technology I could independently reinvent the bootloader without paying people, but I won't here— and if I manage to backdoor the trusted boot through some technical means I would probably be breaking the law. Market equality is something that free software has never promised, and could not promise. It couldn't be taken away because it could never have been provided. On Thu, May 31, 2012 at 11:10 AM, Pierre-Yves Chibon <pingou@xxxxxxxxxxxx> wrote: > I don't really think this is Fedora specific, all linux distro will face > the same problem. Fedora has made the freedom provided more central to it's marking and values than other mainstream distributions. "Why Is the Fedora Project Different? We try to always do the right thing, and provide only free and open source software. We will fight to protect and promote solutions that anyone can use and redistribute. To this end, we use only free and open source software to power the Fedora infrastructure itself." Other distributions have distributed (and/or provided easy install-time options to download) binary only drivers for the sake of hardware compatibility. Other distributions offer and promote things like flash, encumbered codecs, etc. All for the sake of improved user experience but at the cost of a strong position on software freedom. Not only does Fedora not provide these things, but it doesn't generally promote them or even facilitate them. Personally, I've viewed Fedora as a source of pragmatic compromises to hard software freedom issues, but still a distro which isn't afraid to put freedom first even if it creates inconvenience or some loss of market share, and this is one reason why I use it. I don't believe that there is any other major distribution which would be more likely to take the other option here— the hard option of reduced compatibility for the sake of equality in licensing. ... and it's really only the mainstream distributions which have the market clout to make a refusal to participate here mean anything at all— in terms of the public's perception of these limitations, and in terms of the workaround and remedies. On Thu, May 31, 2012 at 10:52 AM, Chris Adams <cmadams@xxxxxxxxxx> wrote: > The basic fact is that Microsoft drives the desktop x86 PC market. > Nobody else has the power they do, and that isn't going to change any > time soon. They are creating the two classes you describe. The > hardware is coming (like it or not), and Fedora can either change to > deal with it or not. > > If Fedora does nothing different than is being done today with F17, it > will always be in the second class, requiring the user to disable secure > boot. Even getting to the point where the user can generate/install > their own key requires more work. Microsoft is creating the situation but Fedora can choose between two bad options: (1) Have two classes, where not all Fedora distributors are equals. (2) Have harder installs on some hardware. I think the second option is better and more in line with the Fedora project's mission. The second option is also terrible, but it means that Fedora's resources will be invested in minimizing the costs, and not invested in fighting against free software developers who would like to use licensing restrictions to prohibit code signing lockdown of their software. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
