Re: F37 Change: Deprecate Legacy BIOS (System-Wide Change proposal)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 4/13/22 17:11, Jóhann B. Guðmundsson wrote:
> On 13.4.2022 08:04, David Bold wrote:
>>
>> It seems I must be missing something? Why should we not care about a 
>> significant number of our users, just because other OSs have more users?
>> Could you explain that? 
> 
> First of all this is not significant number of Fedora's users ( or in 
> the overall desktop ecosystem ) and secondly as David Cantrell already 
> pointed out downstream distribution should not be expected to jump 
> through hoops to support hardware vendors that are unwilling to 
> participate in the open source Linux ecosystem.

What fraction of Fedora users is this?  Yes, I agree that Fedora should
not have to jump through hoops to support NVIDIA.  But at the same
time, we need to consider how many users we will be breaking.

> The consumers of such hardware vendors should either stop buying their 
> hardware ( like I did decades ago ) or contribute to opensource projects 
> that provide the required support to be able to use that hardware.

The more likely outcome is that such consumers will switch to a
distribution that makes it easy for them to use the hardware they have.
The vast majority of users lack the skills, resources, or both to
contribute to Nouveau or Mesa.  

> And the idea that has been circulated that Fedora is supposed to be 
> building third-party kernel modules ( since this security nightmare is 
> being opened why limit it only to nvidia )  and *signing them* without 
> being able to validate the content it is building is a security risk [1] 
> that affects all Fedora users regardless if they use a third party 
> module or not, is just outright ridiculous both from a security point of 
> view as well as it will hinder participation on the projects that are 
> trying to provide an opensource alternatives.

Right now, secure boot on Fedora is security theater.  If you want it
to actually be meaningful, then focus on measured boot (either SRTM or
(even better) DRTM) and sealing LUKS keys to specific combinations of
PCR values.  Fedora is way behind Windows and Bitlocker in this regard.
See Qubes OS’s Anti Evil Maid for something that at least tries to
get this right.

-- 
Sincerely,
Demi Marie Obenour (she/her/hers)

Attachment: OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux