On Sat, Jun 2, 2012 at 11:47 PM, Gregory Maxwell <gmaxwell@xxxxxxxxx> wrote: > On Sat, Jun 2, 2012 at 5:26 PM, drago01 <drago01@xxxxxxxxx> wrote: >> On Sat, Jun 2, 2012 at 11:14 PM, Gregory Maxwell <gmaxwell@xxxxxxxxx> wrote: >>> I think regressing to the installs >>> being somewhat easier than ten yearsish ago is still a better place to >>> be than the cryptographic lockdown. >> >> I disagree and once again it is not a lockdown as people who care >> enough can disable it, while having it enabled by default makes things >> easier for a large set of (potential) users. > > You can disable the lockdown on iOS devices too—and the lawfulness of > this activity is well established in the US. > I understand that when the Copyright Office hit its periodic review > for that particular DMCA exemption Apple didn't even fight it this > time. Apples and Oranges unrelated and here "disable" is using an exploit not just flipping an option. > It is still a lockdown even if there is some complicated procedure to > disable it—you can't argue this both ways. Either it's an > inconsequential restriction because it's so easy to disable, or it's a > practical problem for people installing the OS. It can be argued both ways. Modifying software requires more "skills" and knowlegde anyway so it is more acceptable to accept that group of people to fiddle with the firmware then everyone including people that don't even know what a firmware is. Come on lets not discuss the obvious .. > And what happens when OEMs leave out the option, which isn't even > required by the UEFI spec itself, and Microsoft fails to enforce that > particular requirement? "Not our fault"? In case we refuse to support secure boot at all users on this hardware won't have any option but to run a 100% proprietary OS. While if we ship signed bootloader and kernel they can enjoy the freedom to modiify everything else of their OS. In that case it is choosing the "lesser evil" option. Is this a good situation? Of chores not. But the all or nothing approach isn't what got us where we are now. >> And if we have the choice between "make it easier to modify every part >> of the OS" vs. "make it easier to instal the OS in the first place" >> ... no one thinking rationally would opt for the former. > > If it were so simple we'd never have free software at all, because it > was always easier to continue using whatever commercial offering came > bundled with your system. We have to make our software better then the competition being free by itself is not enough to gain market traction. Having a complicated installation procedure sure does not help this case. > In this case it's "make it easier to install" vs. "preserve an > ecosystem of cooperating publishers, keep software freedom as a > top-line priority, keep it easy to modify every part, and don't put > Red Hat in the business of defending semi-tivoization against license > enforcement by free software authors". Lets check this using the free software definition by the FSF: 1. The freedom to run the program, for any purpose (freedom 0). You are free to run fedora for any purpose even if we implement secure boot. 2. The freedom to study how the program works, and change it so it does your computing as you wish (freedom 1). Access to the source code is a precondition for this. The source code is available, you are free to study and change it. Running it on specific hardware might require an additional step but that does not contradict this. 3. The freedom to redistribute copies so you can help your neighbor (freedom 2). 4. The freedom to distribute copies of your modified versions to others (freedom 3). By doing this you can give the whole community a chance to benefit from your changes. Access to the source code is a precondition for this. You are free to do so as long as you comply with the trademark guidelines. You have to sign the kernel and bootloader (which costs money) to have an easy install routine. The later part sucks but does not restrict freedom 3 nor 4. And according to your other mails having the user i.e "your neighbor" disable secure boot is easy. (I disagree with the later but you obviosuly don't). So if you argue that it is fine for fedora to be shipped that way it is fine for your redistributed copy (even though some other OSes like Fedora, Windows, ...) are easier to install. Otherwise your whole point is hypocritical. So yes the situation kind of sucks but claiming that supporting secureboot will make fedora non free is just wrong. We can have a technical discussion in how to solve this better (having the user mess with the firmware isn't better) ... but the free vs. non free discussion does not make any sense because the software will remain free. So lets have a discussion on that basis. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
