On Sun, 17 Jun 2012, Jay Sulzberger wrote:
On Sun, 17 Jun 2012, Jay Sulzberger wrote:
On Mon, 18 Jun 2012, Matthew Garrett <mj...@srcf.ucam.org> wrote:
> On Sun, Jun 17, 2012 at 07:54:17PM -0400, Seth Johnson wrote:
> On Sat, Jun 16, 2012 at 7:26 PM, Reindl Harald <h.rei...@thelounge.net>
wrote:
> >
> >
> > Am 17.06.2012 01:14, schrieb Chris Murphy:
> >> Please provide an example of a better option, with sufficient detail
as to constitute a successful relay of the baton.
> >> The point of the thread from the outset was to explore alternatives,
but so far those alternatives are vaporware.
> > > Numerous non-vaporware recommendations follow, snipped directly from
the thread:
(snip)
These suggestions boil down to:
1) Do nothing
Of course, I have never suggested "doing nothing".
It is the secret negotiations with hardware vendors and
Microsoft, which have culminated in a suggestion to make Fedora
formally subordinate, at the hardware and legal and business and
public relations levels, to Microsoft which would better be
characterized as "doing nothing".
Matthew, I know that you and the Fedora team have done your best
in a difficult and dark corner, but I think if you consider a
wider range of possible moves, the corner will not seem so narrow
and dark and hopeless.
This year's engagement is not all of the struggle. So, if for
some months, it is even more annoying than once it was to install
Fedora, making use of all advertised hardware facilities, well,
that is not losing the war. My own estimate is that a strong
stand now would result in more successful installs of Fedora,
this year, than the suggested policy of accommodation to
Microsoft's demands.
oo--JS.
2) Become a hardware vendor
3) Use a Fedora key
I am not sure of the tactical situation here.
Doesn't Fedora already sign all software in the Official Repository?
Is it not the case that if Fedora's private signing key were to
be compromised, that a kernel controlled by an entity that is not Fedora,
would be installed on many machines?
Is it not also the case that if a non-kernel piece of software is
sneaked into the Official Fedora Repository, we do not assume any
Fedora private key compromise in this hypothetical, that the
subverted non-kernel piece of software could do serious damage,
incuding perhaps an escalation to root privilege?
So why does the "SecureBoot" private key require a so much higher
cost of administration?
Thanks for reading this, Matthew!
oo--JS.
None of these solve the problem of getting Fedora onto arbitrary x86
hardware bought towards the end of this year.
--
Matthew Garrett | mj...@srcf.ucam.org
I think 50 million dollars toward buying, and properly arranging
the UEFI, of several lots of x86 computers would indeed solve
part of the problem you point out.
Why not?
What does Red Hat have to lose?
If Red Hat takes no effective action, then Red Hat will lose much
more than 50 million dollars, and very soon too.
oo--JS.
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
