On Sat, Jun 16, 2012 at 7:26 PM, Reindl Harald <h.reindl@xxxxxxxxxxxxx> wrote: > > > Am 17.06.2012 01:14, schrieb Chris Murphy: >> Please provide an example of a better option, with sufficient detail as to constitute a successful relay of the baton. >> The point of the thread from the outset was to explore alternatives, but so far those alternatives are vaporware. Numerous non-vaporware recommendations follow, snipped directly from the thread: <various snippets> I think my main point stands: talking with, say, Dell, and Microsoft in private, without a serious legal and propaganda push, makes Fedora's position weak in the private negotiations. As soon as the other side made clear that their position was to accept Microsoft's plan, Red Hat should have called a press conference and explained the situation to reporters from the New York Times, the Wall Street Journal, etc.. Please allow me a personal remark: I too have fought one part of a big battle so hard and so long that it seemed to me that the part I was engaged in must be the whole battle. I think that perhaps the negotiators on the Fedora/Red Hat have mistaken one part of the battle for the whole battle. --- My posts argue that Fedora should neither accept, nor seem to accept, Microsoft's having the Hardware Root Key. One reason not to seem to accept Microsoft's having the Hardware Root Key is that, when arguing for Examption 4, the Englobulators will answer "Well, there is really no issue here. Why, Fedora accepts that it is right and proper that Microsoft have the Hardware Root Key.". --- Now, perhaps I misread, or misremember, but in this thread, I think it was said that a home computer vendor has offered to allow a key, authorized by what you distinguish as the "PK", to be loaded into the UEFI, so that Fedora would stand equal to Microsoft, though both, you now claim, would be equally junior to the vendor (which claim is not right). And you refused. This is ridiculous. If one more key can be loaded at point of sale, then so can several more. And this is not the final step in the remedy, but only an early step. We can do more. But, if Fedora agrees that Microsoft gets to dictate what is loaded at point of sale, well, that is an un-necessary loss. As your statement shows, your team was not negotiating with Microsoft, nor with the vendors of hardware, but with a non-existent being of irresistible power. Of course that negotiation with an imaginary being is much harder to win than the real negotiation. RMS had no Red Hat backing him when he started Project GNU. Nor did Linus when he started the Linux kernel. Nor did the founders of Red Hat. But you have Red Hat, with a large income, and much money. You also have many people who will help you, and help ourselves, in this fight. Suggestion 2: Have Red Hat buy a large quantity of standard home machines, on condition that the UEFI not be locked at point of delivery to Red Hat. Suggestion 3: Do a better command and control screen for the UEFI. There is enough room in the UEFI for a big, but very simple, screen. There is even room for a proper manual. You have written that there is nothing you can do about the bad interface of the UEFI. But you can. --- ad inability to manage keeping the private half of the Fedora key private: This is absurd. I will be happy to explain methods which, if Red Hat wanted, would meet all statutory, and real security, and even all anti-FUD compliance, requirements. This claimed inability is not reasonable. Why? Because your position implies that you trust Microsoft and the hardware vendor more than you trust yourselves in this. If that is your opinion, well, why run Fedora ever? After all, in the world your propose to create, Fedora depends for the security of its boot process, on Microsoft and Microsoft's partner, the hardware vendor. --- My sole comment here (Seth Johnson): Please be real about the need to act in a manner that comports with the threat. The course you must take does indeed require political activities that are not in the normal mode for most people. Yet that's what's needed, none of this other stuff attempting to finesse the matter, or to say it's all about finesse. No, it is plain that failing to take the matter to the political and public court of opinion will not give you any margin of advantage against the moves afoot here. You have to draw the line, and draw it correctly. Given a clear acknowledgement of that, what needs to be done can certainly be done with some grace. But it's not the finesse that's needed at this juncture you are now sitting in the middle of. It's the fight. Seth Johnson -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
