> When I create a fork, respin, or remix of Fedora and distribute it to > people it will not run for them like Fedora does without a level of > fiddling which the people advocating this have made clear is entirely > unacceptable. This is because Fedora will be cryptographically > signing the distribution with keys these systems require and not > sharing the keys with me. Fedora be doing this even with software > that I wrote, enhancing it with a signing key only they have access > too, making it much more useful on hardware where it is not otherwise, > and not allowing me and or downstream recipients to enjoy the same > improvements for their modified versions. > > What is unclear about this? 2 things: + Forks, respins and remixes require a level of technical expertise which all the consumers of the Fedora binaries might not have. + Running a large-scale fork, respin or remix will require money. Inability to pay $99 is not a very strong reason. Free software says nothing about price. This is somewhat like the Tivoization problem, where even though you have free software you can not modify and run it on your computer. I used the term "somewhat" because Microsoft might still sign your bootloader, or you can enroll your own key, or turn Secure Boot off. One of the things that you (or we) could lobby for is the possibility of a non-Microsoft CA. However, Peter already explained one of the reasons why it did not work out. Maybe someone can try again. It has also been pointed out that Secure Boot does add some security, even though the situation where Microsoft is the sole CA sucks. So, merely saying "turn it off, turn it off" is not a very strong technical argument. Not that it is a bad one, but not the best, either. Happy hacking, Debarshi -- K&R is like the Bible. The fervent read it from end to end, the religious keep a copy. -- Arjun Shankar
Attachment:
pgp1wJxCvGonY.pgp
Description: PGP signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
