On 4/13/22 17:11, Jóhann B. Guðmundsson wrote: > On 13.4.2022 08:04, David Bold wrote: >> >> It seems I must be missing something? Why should we not care about a >> significant number of our users, just because other OSs have more users? >> Could you explain that? > > First of all this is not significant number of Fedora's users ( or in > the overall desktop ecosystem ) and secondly as David Cantrell already > pointed out downstream distribution should not be expected to jump > through hoops to support hardware vendors that are unwilling to > participate in the open source Linux ecosystem. What fraction of Fedora users is this? Yes, I agree that Fedora should not have to jump through hoops to support NVIDIA. But at the same time, we need to consider how many users we will be breaking. > The consumers of such hardware vendors should either stop buying their > hardware ( like I did decades ago ) or contribute to opensource projects > that provide the required support to be able to use that hardware. The more likely outcome is that such consumers will switch to a distribution that makes it easy for them to use the hardware they have. The vast majority of users lack the skills, resources, or both to contribute to Nouveau or Mesa. > And the idea that has been circulated that Fedora is supposed to be > building third-party kernel modules ( since this security nightmare is > being opened why limit it only to nvidia ) and *signing them* without > being able to validate the content it is building is a security risk [1] > that affects all Fedora users regardless if they use a third party > module or not, is just outright ridiculous both from a security point of > view as well as it will hinder participation on the projects that are > trying to provide an opensource alternatives. Right now, secure boot on Fedora is security theater. If you want it to actually be meaningful, then focus on measured boot (either SRTM or (even better) DRTM) and sealing LUKS keys to specific combinations of PCR values. Fedora is way behind Windows and Bitlocker in this regard. See Qubes OS’s Anti Evil Maid for something that at least tries to get this right. -- Sincerely, Demi Marie Obenour (she/her/hers)
Attachment:
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
