subject:"Re\: \*countable infinities only"

On Sat, Jun 02, 2012 at 04:57:20PM +0200, Kevin Kofler wrote:

 I didn't simply walk away either back in the day where RHL wouldn't 
 boot without disabling the Plug and Play operating system option in 
 the BIOS.

You're a pretty atypical case.

 I found it perfectly normal that the firmware settings need to be 
 adjusted based on the operating system(s) one wants to use. (Window$ 
 worked just fine with the changed option, just as it reportedly will 
 with Secure Boot disabled, see Matthew Garrett's posts about that 
 subject.)

Some Windows functionality will be disabled along with secure boot, but 
that's not really the point. We've done huge amounts of work to make 
Fedora (and Linux in general) work without requiring any firmware 
tweaking and people have recognised the value for that.

-- 
Matthew Garrett | mj...@srcf.ucam.org
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

On Sat, Jun 2, 2012 at 12:04 PM, Chris Adams cmad...@hiwaay.net wrote:
 Once upon a time, Gregory Maxwell gmaxw...@gmail.com said:
 When I create a fork, respin, or remix of Fedora and distribute it to
 people it will not run for them like Fedora does without a level of
 fiddling which the people advocating this have made clear is entirely
 unacceptable.

 As I understand how this works, respins/remixes of Fedora that use the
 Fedora boot loader shim, Fedora grub, and Fedora kernel will still be
 signed and work with Secure Boot enabled.

You can use the fedora signature as long as you don't modify the
software (such as replace the kernel with a realtime kernel for
multimedia use— which is actually the only reason I've ever had to
distribute modified fedora kernel myself).

(An interesting question there is will the signatures end up covering
anything with fedora trademark branding)

 I don't like Secure Boot being forced upon us, but we don't have any
 real choice in the matter; vendors _are_ going to implement it.  Fedora
 certainly doesn't have sufficient market share to get everybody to

I wasn't making that argument there—  though I think it's still a
worthwhile one to have—  only pointing out that this is a material
loss of freedom. You can argue that there is an unavoidable compromise
here and that this is the best option we have by far, and I won't feel
like you are misunderstanding my position.


On Sat, Jun 2, 2012 at 12:05 PM, Jesse Keating jkeat...@j2solutions.net wrote:
 You do realize that if you create a fork, respin, or remix that you will
 have packages on the system that are not signed by Fedora's GPG key, and
 your generated ISOs will not be signed by Fedora's GPG key?  Worse, there is

Which is irrelevant because there is no hardware that Fedora needs to
used these keys to gain access to.

 (Users would have to disable
 yum's gpg checking in order to install your unsigned package, or they would
 have to install /your/ gpg key and trust it in order to install the package
 signed with your key).

I distribute modified copies of Fedora's OpenSSL libraries, they're
signed my by key not Fedora's.  Users— even rather technically
unsophisticated— install them without any difficulty.  The install
tools do not enforce that the files be signed, they do not have to
install my key.

Try for yourself, if you like: http://people.xiph.org/~greg/openssl/

 You have as
 much equal footing as Fedora does to plunk down the $99 and play along in
 the PC sandbox.

So if I were to take, say, a GPLed compositing window manager and then
I paid $99 for a license to embed a copy of commercial opengl special
effects— which prohibited modification, reverse engineering,
redistribution by unlicensed parties, and commercial use—  then I
started distributing this modified version... and I gave it to you and
told you that you were free to pay $99 to play in the
graphically-enhanced distribution sandbox,   you'd think that was
okay?

I'd like to now summon the folks arguing for this who earlier insisted
that Fedora was being upfront about the tradeoffs here to come argue
with people that there isn't a material loss of freedom.  Being
upfront means not only speaking up for points that support your
position.
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

2012-06-02 Thread Kevin Fenzi

On Sat, 02 Jun 2012 16:57:20 +0200
Kevin Kofler kevin.kof...@chello.at wrote:

 Peter Jones wrote:
  But I also think it's important for our distro to work out of the
  box on new computers without having to do that. If we don't have
  that, people will simply walk away.
 
 And I don't think having to disable Secure Boot in the firmware is
 a hurdle which will make our users simply walk away. I didn't
 simply walk away either back in the day where RHL wouldn't boot
 without disabling the Plug and Play operating system option in the
 BIOS. I found it perfectly normal that the firmware settings need to
 be adjusted based on the operating system(s) one wants to use.
 (Window$ worked just fine with the changed option, just as it
 reportedly will with Secure Boot disabled, see Matthew Garrett's
 posts about that subject.)

You're not a typical case as others have noted... and there's another
issue: 

What happens if you try and boot an unsigned image? I assume the error
you get is up to the BIOS folks? So, it could be misleading, confusing,
depressing or all three. It may be that people will see just Failed to
secure boot and think there's something wrong with Fedora. They may
not even be looking for a bios option. They may burn or download
multiple media in an attempt to get it working. All kinds of possible
issues... ;( 

kevin



signature.asc
Description: PGP signature
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

On Sat, Jun 02, 2012 at 12:24:51PM -0400, Gregory Maxwell wrote:

 I'd like to now summon the folks arguing for this who earlier insisted
 that Fedora was being upfront about the tradeoffs here to come argue
 with people that there isn't a material loss of freedom.  Being
 upfront means not only speaking up for points that support your
 position.

There's a material loss of freedom, just like there is with Fedora's 
trademark policy or our relationship with Mozilla. Sometimes we 
sacrifice some freedoms in return for something that we feel is more 
worthwhile. I can understand objecting to that from a philosophical 
perspective, but this is not an unprecedented decision.

-- 
Matthew Garrett | mj...@srcf.ucam.org
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

On Sat, Jun 02, 2012 at 10:31:20AM -0600, Kevin Fenzi wrote:

 What happens if you try and boot an unsigned image? I assume the error
 you get is up to the BIOS folks? So, it could be misleading, confusing,
 depressing or all three. It may be that people will see just Failed to
 secure boot and think there's something wrong with Fedora. They may
 not even be looking for a bios option. They may burn or download
 multiple media in an attempt to get it working. All kinds of possible
 issues... ;( 

Per spec the machine simply falls back to attempting to execute the next 
entry in the boot list. An implementation may provide some feedback that 
that's the case, but there's no requirement for it to do so, so it's 
perfectly valid for it to just fall back to booting Windows with no 
notification.

-- 
Matthew Garrett | mj...@srcf.ucam.org
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

On Sat, Jun 02, 2012 at 12:18:17PM -0400, Orcan Ogetbil wrote:

 Hmm, will the package maintainers have the freedom to not support
 users who have the secureboot enabled? How are we going to detect
 this?

Any piece of userspace can read the SecureBoot and SetupMode variables 
and check that they're 1 and 0 respectively. But refusing to run in that 
scenario would provide no extra security, so the only reason to do so 
would be to warn the user that kernel functionality the application 
depends on may not be available.

But if you mean I philosophically object to secure boot and want to 
prevent my packages from working on systems with it enabled then yes, 
that's clearly a thing you could do. I don't think it's worth discussing 
whether it's something that you should do or something that would be 
treated as a bug unless someone actually wants to do it.

-- 
Matthew Garrett | mj...@srcf.ucam.org
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

On Sat, Jun 2, 2012 at 12:40 PM, Matthew Garrett wrote:
 On Sat, Jun 02, 2012 at 12:18:17PM -0400, Orcan Ogetbil wrote:

 Hmm, will the package maintainers have the freedom to not support
 users who have the secureboot enabled? How are we going to detect
 this?

 Any piece of userspace can read the SecureBoot and SetupMode variables
 and check that they're 1 and 0 respectively. But refusing to run in that
 scenario would provide no extra security, so the only reason to do so
 would be to warn the user that kernel functionality the application
 depends on may not be available.

 But if you mean I philosophically object to secure boot and want to
 prevent my packages from working on systems with it enabled then yes,
 that's clearly a thing you could do. I don't think it's worth discussing
 whether it's something that you should do or something that would be
 treated as a bug unless someone actually wants to do it.


As a package maintainer and contributor, since I am not a worker with
defined duties, I am free to draw my own circle of responsibility. Yes
it was rather a freedom (i.e. could) question rather than a should
question.

Thank you for the clarification.

Orcan
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

2012-06-02 Thread inode0

On Sat, Jun 2, 2012 at 11:40 AM, Matthew Garrett mj...@srcf.ucam.org wrote:
 On Sat, Jun 02, 2012 at 12:18:17PM -0400, Orcan Ogetbil wrote:

 Hmm, will the package maintainers have the freedom to not support
 users who have the secureboot enabled? How are we going to detect
 this?

 Any piece of userspace can read the SecureBoot and SetupMode variables
 and check that they're 1 and 0 respectively. But refusing to run in that
 scenario would provide no extra security, so the only reason to do so
 would be to warn the user that kernel functionality the application
 depends on may not be available.

 But if you mean I philosophically object to secure boot and want to
 prevent my packages from working on systems with it enabled then yes,
 that's clearly a thing you could do. I don't think it's worth discussing
 whether it's something that you should do or something that would be
 treated as a bug unless someone actually wants to do it.

Doing this in my mind should not be allowed as it discriminates
against a subset of users. Whether this is legally allowed or not I
hope no one would consider doing it.

John
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

2012-06-02 Thread Jesse Keating


On 06/02/2012 09:24 AM, Gregory Maxwell wrote:

(Users would have to disable
  yum's gpg checking in order to install your unsigned package, or they would
  have to install/your/  gpg key and trust it in order to install the package
  signed with your key).

I distribute modified copies of Fedora's OpenSSL libraries, they're
signed my by key not Fedora's.  Users— even rather technically
unsophisticated— install them without any difficulty.  The install
tools do not enforce that the files be signed, they do not have to
install my key.

Try for yourself, if you like:http://people.xiph.org/~greg/openssl/


My point here was that you don't enjoy equal footing with Fedora in this 
regard, today.  User's have to do something /extra/ to get your 
software.  They have to either disable GPG protection in yum, install 
your GPG key, or install the packages outside of yum.


This is not unlike disabling Secure Boot or adding your key to Secure Boot.




  You have as
  much equal footing as Fedora does to plunk down the $99 and play along in
  the PC sandbox.

So if I were to take, say, a GPLed compositing window manager and then
I paid $99 for a license to embed a copy of commercial opengl special
effects— which prohibited modification, reverse engineering,
redistribution by unlicensed parties, and commercial use—  then I
started distributing this modified version... and I gave it to you and
told you that you were free to pay $99 to play in the
graphically-enhanced distribution sandbox,   you'd think that was
okay?


That's a nice strawman you've built up there, however I'm quite unable 
to see what point you're trying to make here.


--
Help me fight child abuse: http://tinyurl.com/jlkcourage

- jlk
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

Debarshi Ray wrote:
 It is not clear to me what base N stands for.

As far as I can tell, it's baseball slang. Some people seem to think 
everyone in the world knows how baseball is played.

Kevin Kofler

-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

Kevin Fenzi wrote:
 What happens if you try and boot an unsigned image? I assume the error
 you get is up to the BIOS folks? So, it could be misleading, confusing,
 depressing or all three. It may be that people will see just Failed to
 secure boot and think there's something wrong with Fedora. They may
 not even be looking for a bios option. They may burn or download
 multiple media in an attempt to get it working. All kinds of possible
 issues... ;(

The error message back in the day also didn't say disable Plug and Play in 
the BIOS, it said something like kernel panic: bad IRQ, I don't remember 
exactly, but it most definitely wasn't more helpful. Search engines are your 
friend. :-)

Kevin Kofler

-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

2012-06-02 Thread Kevin Fenzi

On Sat, 2 Jun 2012 17:36:47 +0100
Matthew Garrett mj...@srcf.ucam.org wrote:

 On Sat, Jun 02, 2012 at 10:31:20AM -0600, Kevin Fenzi wrote:
 
  What happens if you try and boot an unsigned image? I assume the
  error you get is up to the BIOS folks? So, it could be misleading,
  confusing, depressing or all three. It may be that people will see
  just Failed to secure boot and think there's something wrong with
  Fedora. They may not even be looking for a bios option. They may
  burn or download multiple media in an attempt to get it working.
  All kinds of possible issues... ;( 
 
 Per spec the machine simply falls back to attempting to execute the
 next entry in the boot list. An implementation may provide some
 feedback that that's the case, but there's no requirement for it to
 do so, so it's perfectly valid for it to just fall back to booting
 Windows with no notification.

Right. so: Hey, my new Fedora 18 dvd doesn't boot. I guess I'll
download it again. Huh. Still doesn't work. I've made 2 coasters, this
Fedora thing sucks! goes on irc, searches google Oh? I have to
_disable_ secure boot? I don't want my PC to boot insecurely. Forget
it. 

 On Sat, 02 Jun 2012 18:57:37 +0200 Kevin Kofler
 kevin.kof...@chello.at wrote:

 The error message back in the day also didn't say disable Plug and
 Play in the BIOS, it said something like kernel panic: bad IRQ, I
 don't remember exactly, but it most definitely wasn't more helpful.
 Search engines are your friend. :-)

Yeah, I recall. I don't want those days back... 

kevin


signature.asc
Description: PGP signature
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

inode0 wrote:
 Doing this in my mind should not be allowed as it discriminates
 against a subset of users. Whether this is legally allowed or not I
 hope no one would consider doing it.

I agree. Either Fedora supports Secure Boot or it doesn't, doing this per 
package is a very bad idea (unless there's a technical reason requiring it).

Kevin Kofler

-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

2012-06-02 Thread Chris Adams

Once upon a time, Kevin Kofler kevin.kof...@chello.at said:
 inode0 wrote:
  Doing this in my mind should not be allowed as it discriminates
  against a subset of users. Whether this is legally allowed or not I
  hope no one would consider doing it.
 
 I agree. Either Fedora supports Secure Boot or it doesn't, doing this per 
 package is a very bad idea (unless there's a technical reason requiring it).

The only time I think it would be appropriate may be for things that
wouldn't work under the Secure Boot kernel.  Somebody said that some
proprietary modules might be restricted (I'm not sure if that's the case
or not or which might be affected).  If for example a video driver
kernel module wouldn't load, it might be nice for the setup utility for
the driver for it to note that Secure Boot needs to be disabled.

-- 
Chris Adams cmad...@hiwaay.net
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

On Sat, Jun 2, 2012 at 1:18 PM, Kevin Kofler wrote:
 inode0 wrote:
 Doing this in my mind should not be allowed as it discriminates
 against a subset of users. Whether this is legally allowed or not I
 hope no one would consider doing it.

 I agree. Either Fedora supports Secure Boot or it doesn't, doing this per
 package is a very bad idea (unless there's a technical reason requiring it).


I think doing this at the software level is to be left to the software
developer's discretion. And the software developer has all the rights
to do so, for either technical or philosophical reasons.

I am more concerned about the package maintenance level. At the
package maintenance level, it does not make sense to patch against the
upstream decision. On the other hand, a package maintainer should have
the right to not support users filing bugs that potentially originate
from secure boot. This, I think, is equivalent to the fact that a
provenpackager is not responsible for all the packages in the
distribution, although he has the necessary permissions for
modification.
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

2012-06-02 Thread Rahul Sundaram

On 06/02/2012 11:05 PM, Orcan Ogetbil wrote:
 
 I am more concerned about the package maintenance level. At the
 package maintenance level, it does not make sense to patch against the
 upstream decision. On the other hand, a package maintainer should have
 the right to not support users filing bugs that potentially originate
 from secure boot. This, I think, is equivalent to the fact that a
 provenpackager is not responsible for all the packages in the
 distribution, although he has the necessary permissions for
 modification.

Thats a poor analogy.  Provenpackagers are not responsible for your
packages. You are responsible as a package maintainer for bugs against
the package.  If you don't want to deal with it, give up the package or
find a co-maintainer who will deal with such issues.  When you work
within a community, it is a project wide decision.  Not just personal
preference on which bugs you can reasonably ignore.

Rahul
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

On Sat, Jun 2, 2012 at 2:07 PM, Kevin Kofler kevin.kof...@chello.at wrote:
 drago01 wrote:
 You can even download the kernel source, study and modify it compile
 and resign it and use it just fine with secureboot.
 Either by using your own key or by using one from a CA (in this case
 MS) for 99$.

 The CA will only sign kernels meeting its arbitrary security requirements
 (and possibly additional even more arbitrary requirements). That is a
 restriction on the modifications you can do and thus non-Free.

Even if this is the case you still have two other options 1) use your
own key 2) disable secureboot.
So in any case you can do your modification just fine = it is free software.

 Or you don't do the later and just disable secureboot.

 Right, and I don't see why we can't just require this in the first place.

You seem to entirely  miss the point here.
One more time supporting secureboot does not limit what you can do in any way.
It allows you to do more then without (out of the box support on newer
hardware, secure boot process).

You don't like it which is fine, but claiming that supporting
secureboot will make fedora non free is just wrong PERIOD.
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

On Sat, Jun 2, 2012 at 1:53 PM, Rahul Sundaram wrote:
 You are responsible as a package maintainer for bugs against
 the package.  If you don't want to deal with it, give up the package or
 find a co-maintainer who will deal with such issues.  When you work
 within a community, it is a project wide decision.  Not just personal
 preference on which bugs you can reasonably ignore.


In which part of the agreement [1] that I signed is this stated?

Thanks,
Orcan


[1] https://fedoraproject.org/wiki/Legal:Fedora_Project_Contributor_Agreement
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

2012-06-02 Thread Pierre-Yves Chibon

On Sat, 2012-06-02 at 14:02 -0400, Orcan Ogetbil wrote:
 On Sat, Jun 2, 2012 at 1:53 PM, Rahul Sundaram wrote:
  You are responsible as a package maintainer for bugs against
  the package.  If you don't want to deal with it, give up the package or
  find a co-maintainer who will deal with such issues.  When you work
  within a community, it is a project wide decision.  Not just personal
  preference on which bugs you can reasonably ignore.
 
 
 In which part of the agreement [1] that I signed is this stated?


Software components included in Fedora needs to be maintained actively
and bugs, especially security issues needs to be fixed in a timely
manner. As a Fedora package maintainer, it is your primary
responsibility to ensure this. We encourage you to get co-maintainers
and seek the help of the Fedora community via the development mailing
list whenever needed.


https://fedoraproject.org/wiki/Join_the_package_collection_maintainers#Understand_your_responsibilities

Pire
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

On Sat, Jun 2, 2012 at 5:38 PM, Gregory Maxwell gmaxw...@gmail.com wrote:
 On Sat, Jun 2, 2012 at 5:32 AM, drago01 drag...@gmail.com wrote:
 Or you don't do the later and just disable secureboot. Your freedom is
 in *no way* limited by having secureboot support.
 Let me repeat it again supporting secureboot on x86 does *NOT* limit
 your freedom.

 After all this discussion you'll still make that claim?  I feel insulted.

Yes and I explained that (the intend was never to insult anyone you included).

 When I create a fork, respin, or remix of Fedora and distribute it to
 people it will not run for them like Fedora does without a level of
 fiddling  which the people advocating this have made clear is entirely
 unacceptable.  This is because Fedora will be cryptographically
 signing the distribution with keys these systems require and not
 sharing the keys with me.  Fedora be doing this even with software
 that I wrote, enhancing it with a signing key only they have access
 too, making it much more useful on hardware where it is not otherwise,
 and not allowing me and or downstream recipients to enjoy the same
 improvements for their modified versions.

 What is unclear about this?

That it isn't entirely correct.
1) Fedora still ships the source you can do whatever its license allows with it.
2) You are free to sign your respin with MS key for $99,  your own key
or no key at all.

= Your freedom is in now way limited.

OK the later two options will screw your users that don't understand
/ want to fiddle with firmware.
You decide to just screw everyone instead.
How is that better?
Does Fedora have a competitive advantage over your respin (in case you
decide not to sign with the MS key)? Yes but it always had by the
trademarks and having way more money for marketing and infrastructure
then you probably have. Free software never guaranteed that all
redistributers have the same stand in the market. That's not the point
of free software.

What is unclear about this?

 Let me offer this in the form of a question:   Why don't Fedora
 developers just disable SecureBoot on their own systems and not bother
 implementing anything with it in the distribution?

Because it is unacceptable from a user's pov. For someone for whom
changing firmware options is simple like you or me it does not matter.
But think about other types of user that you limit from access to free
operating systems. Unless you only deal with developers that point
shouldn't be that hard to get really.
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

On Sat, Jun 2, 2012 at 2:12 PM, Pierre-Yves Chibon  wrote:
 On Sat, 2012-06-02 at 14:02 -0400, Orcan Ogetbil wrote:
 On Sat, Jun 2, 2012 at 1:53 PM, Rahul Sundaram wrote:
  You are responsible as a package maintainer for bugs against
  the package.  If you don't want to deal with it, give up the package or
  find a co-maintainer who will deal with such issues.  When you work
  within a community, it is a project wide decision.  Not just personal
  preference on which bugs you can reasonably ignore.
 

 In which part of the agreement [1] that I signed is this stated?

 
 Software components included in Fedora needs to be maintained actively
 and bugs, especially security issues needs to be fixed in a timely
 manner. As a Fedora package maintainer, it is your primary
 responsibility to ensure this. We encourage you to get co-maintainers
 and seek the help of the Fedora community via the development mailing
 list whenever needed.
 

 https://fedoraproject.org/wiki/Join_the_package_collection_maintainers#Understand_your_responsibilities


That is not the answer to my question (hint: read the question).

Even if this paragraph were in the agreement, it would not apply
directly to the case. In order to apply, the project has to accept
that the secure boot feature is a bug by definition. Also Rahul's
find a co-maintainer order is only at the encouragement level in the
above paragraph.

Best,
Orcan
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

On Sat, Jun 2, 2012 at 7:35 PM, Orcan Ogetbil oget.fed...@gmail.com wrote:
 On Sat, Jun 2, 2012 at 1:18 PM, Kevin Kofler wrote:
 inode0 wrote:
 Doing this in my mind should not be allowed as it discriminates
 against a subset of users. Whether this is legally allowed or not I
 hope no one would consider doing it.

 I agree. Either Fedora supports Secure Boot or it doesn't, doing this per
 package is a very bad idea (unless there's a technical reason requiring it).


 I think doing this at the software level is to be left to the software
 developer's discretion. And the software developer has all the rights
 to do so, for either technical or philosophical reasons.

 I am more concerned about the package maintenance level. At the
 package maintenance level, it does not make sense to patch against the
 upstream decision. On the other hand, a package maintainer should have
 the right to not support users filing bugs that potentially originate
 from secure boot.

If that really happens (I doubt it but still) you are free to reassign
the bug to the packages responsible for implementing secureboot.
Simply refusing to run because secureboot is enabled (unless there are
technical reasons) is simply limiting the users freedom in the name
of freedom which is unacceptable.

 This, I think, is equivalent to the fact that a
 provenpackager is not responsible for all the packages in the
 distribution, although he has the necessary permissions for
 modification.

That's nonsense.
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

On Sat, Jun 2, 2012 at 2:26 PM, drago01  wrote:
 Simply refusing to run because secureboot is enabled (unless there are
 technical reasons) is simply limiting the users freedom in the name
 of freedom which is unacceptable.


I am making a clear distinction between simply refusing to run and
simply refusing to provide support, which you conveniently ignore.

 This, I think, is equivalent to the fact that a
 provenpackager is not responsible for all the packages in the
 distribution, although he has the necessary permissions for
 modification.

 That's nonsense.

It's perfect analogy to me.

Thanks,
Orcan
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

2012-06-02 Thread Pierre-Yves Chibon

On Sat, 2012-06-02 at 14:26 -0400, Orcan Ogetbil wrote:
 That is not the answer to my question (hint: read the question).

Indeed, it is not, but do you really want to put in the CLA the
responsibilities of every role past present and future available in the
project ?
Meaning that every time one is added, the CLA changes and thus that
everyone has to re-sign it ?

Pierre
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

On Sat, Jun 2, 2012 at 2:31 PM, Pierre-Yves Chibon wrote:
 On Sat, 2012-06-02 at 14:26 -0400, Orcan Ogetbil wrote:
 That is not the answer to my question (hint: read the question).

 Indeed, it is not, but do you really want to put in the CLA the
 responsibilities of every role past present and future available in the
 project ?
 Meaning that every time one is added, the CLA changes and thus that
 everyone has to re-sign it ?


Good questions. While I think the project could benefit from having at
least the top level responsibilities listed in the agreement, this
would end up burdening maintainers with legal responsibilities. I
don't honestly know what is the best way out.

At the same time I don't want to be obliged to support something I
don't want to. There are many more important things to deal with in
the distribution than a stupid secure boot feature.

Thanks,
Orcan
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

2012-06-02 Thread Chris Murphy


On Jun 2, 2012, at 5:56 AM, Pedro Lamarão wrote:
 
 Who exactly is this We person who cannot accomplish the goal of
 dealing with multiple vendors shipping multiple interfaces on
 different machines?
 
 The Free Software Movement certainly can.

This is very naive, IMO. Where is the influence of free software movement in 
UEFI and the hardware vendors?

As much as people want to ignore reality, and stand entirely on idealism, the 
reality is we're all sharing the same swimming pool whether we use Windows or 
not. We are affected by what Microsoft does. And if you want to consider the MS 
logo/certification requirement akin to pissing in the swimming pool, well you 
can complain about it, that's fair and all, but it doesn't actually produce any 
incentive whatsoever for the offending party to alter their behavior.

 
 Do nothing. Stand in the way. Wait patiently. Explain to those who
 ask, tolerate a little laughter, a little violence.
 
 Gandhi style.

Doing nothing is the exact opposite of providing an incentive for MS to change 
their behavior voluntarily. This is not a case of a small number of British 
occupying the native land of others, while out manned 1:1 by the natives. 
This is a case of being minority in terms of numbers as well as power. Even if 
Red Hat went out on a limb and came up with their own hardware certification 
that exactly contradicts the negative parts of the Microsoft certification, I 
think we all know approximately what that would translate into. It may have an 
effect for some servers. It would likely have zero effect for the vastly larger 
desktop and laptop market, the market for Fedora.


Chris Murphy
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

2012-06-02 Thread Chris Murphy


On Jun 1, 2012, at 12:50 PM, Peter Jones wrote:

 On 06/01/2012 01:22 PM, Chris Murphy wrote:
 Is UEFI Secure Boot really the only way to prevent the problem it attempts to
 solve, and if so, what about the plethora of BIOS hardware in the world
 today, still even shipping as new systems? They're all unacceptably exposed?
 Really?
 
 That's the position Microsoft has taken, yes.

Do you share this position that Microsoft has taken? If not, why not? Do you 
think there are alternatives to UEFI Secure Boot - including a possible spec 
change?

Chris Murphy
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

On Sat, Jun 2, 2012 at 12:36 PM, Matthew Garrett mj...@srcf.ucam.org wrote:
 Per spec the machine simply falls back to attempting to execute the next
 entry in the boot list. An implementation may provide some feedback that
 that's the case, but there's no requirement for it to do so, so it's
 perfectly valid for it to just fall back to booting Windows with no
 notification.

If the issue were just the opaque and unpredictable behavior on
failure this could be addressed without signing any of the
distribution proper.

Create a pre-bootloder.  If secureboot is enabled only permitting this
boot because it's signed with the msft key,  then display the most
helpful instructions WRT secureboot we can display and then halt.   If
secureboot is not enabled, pass control to grub.

This should meet the signing requirements and it removes the opacity
without locking down any of Fedora.  Such a bootloader should meet
whatever requirements to get signed, since if secureboot is turned on
it wont boot anything at all.

I strongly encourage this mode to be created and included with Fedora
even if goes down the route of locking down the operating system... so
when people do replace their bootloaders/kernels they're not just
stuck booting into windows or getting a black screen.
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

2012-06-02 Thread Kevin Fenzi

On Sat, 2 Jun 2012 15:28:03 -0400
Gregory Maxwell gmaxw...@gmail.com wrote:

 
 If the issue were just the opaque and unpredictable behavior on
 failure this could be addressed without signing any of the
 distribution proper.
 
 Create a pre-bootloder.  If secureboot is enabled only permitting this
 boot because it's signed with the msft key,  then display the most
 helpful instructions WRT secureboot we can display and then halt.   If
 secureboot is not enabled, pass control to grub.

Sure, this gets back to the what do we tell the user. 

Go into your EFI setup somehow (depends on vendor) and find something
like secure boot (but it may be called something else) and find the
thing that disables that (it may be called disable, or you may have to
set 'custom mode' or you may have to remove all keys from it, then
reboot 

I think we all agree this whole thing sucks, but I think the above is
less than ideal for our users. 

 This should meet the signing requirements and it removes the opacity
 without locking down any of Fedora.  Such a bootloader should meet
 whatever requirements to get signed, since if secureboot is turned on
 it wont boot anything at all.
 
 I strongly encourage this mode to be created and included with Fedora
 even if goes down the route of locking down the operating system... so
 when people do replace their bootloaders/kernels they're not just
 stuck booting into windows or getting a black screen.

Sure, this is a valid option... and presenting our users with the best
info we can at any of these steps is good. 

kevin


signature.asc
Description: PGP signature
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

On Sat, Jun 02, 2012 at 03:28:03PM -0400, Gregory Maxwell wrote:

 This should meet the signing requirements and it removes the opacity
 without locking down any of Fedora.  Such a bootloader should meet
 whatever requirements to get signed, since if secureboot is turned on
 it wont boot anything at all.

But you're happy to sacrifice the freedom for people to modify the error 
text that's provided? What's your threshold?

-- 
Matthew Garrett | mj...@srcf.ucam.org
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

On Sat, Jun 2, 2012 at 4:02 PM, Matthew Garrett mj...@srcf.ucam.org wrote:
 On Sat, Jun 02, 2012 at 03:28:03PM -0400, Gregory Maxwell wrote:

 This should meet the signing requirements and it removes the opacity
 without locking down any of Fedora.  Such a bootloader should meet
 whatever requirements to get signed, since if secureboot is turned on
 it wont boot anything at all.

 But you're happy to sacrifice the freedom for people to modify the error
 text that's provided? What's your threshold?

I'm not quite sure where my threshold is, I'd have to think really hard on that.

But I don't have to think hard about this particular example, because
wherever the threshold a program that just displays a help screen on
how to disable the restriction is on the least troublesome extreme of
the continuum.

In particular, I can just conclude that this bootloader is not free
software. And that including a small piece of non-free-software that
simply serves the purpose of helping the user figure out how to permit
installing free software is unfortunate but is strictly less bad than
the blobby firmware Fedora already ships.
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

On Sat, Jun 02, 2012 at 04:08:45PM -0400, Gregory Maxwell wrote:
 On Sat, Jun 2, 2012 at 4:02 PM, Matthew Garrett mj...@srcf.ucam.org wrote:
  But you're happy to sacrifice the freedom for people to modify the error
  text that's provided? What's your threshold?
 
 I'm not quite sure where my threshold is, I'd have to think really hard on 
 that.
 
 But I don't have to think hard about this particular example, because
 wherever the threshold a program that just displays a help screen on
 how to disable the restriction is on the least troublesome extreme of
 the continuum.

That's fine as long as you speak English. Now how about if you want to 
release a localised translation? Your users get an error message in a 
language they don't speak. But you've arbitrarily decided that the 
freedom to do anything about that isn't one that you care about? There 
are no easy answers here. You've just drawn your This freedom is 
worthwhile line in a slightly different place to me.

-- 
Matthew Garrett | mj...@srcf.ucam.org
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

On Sat, Jun 2, 2012 at 4:21 PM, Matthew Garrett mj...@srcf.ucam.org wrote:
 That's fine as long as you speak English.

Come on now, you're building a strawman argument. I never said that it
had to be in a single language—notice messages I _normally_ write get
put into many languages.

I don't see why the text of the screen couldn't be outside the signed
area so people could continue to develop it in an efficient manner.

 But you've arbitrarily decided that the
 freedom to do anything about that isn't one that you care about? There
 are no easy answers here. You've just drawn your This freedom is
 worthwhile line in a slightly different place to me.

There isn't an easy answer here because you've defined a higher goal
then just getting information to people.

The goal you've set—Fedora working out of the box on this hardware
without user fuss—can't be accomplished via technical means, except by
restricting the bootloader and kernel.  There is no law of nature
which says that this must be your goal, however.

When it comes down to it, your drawing the line argument just
doesn't make sense.  There is always injustice in the world.  If you
want to be pedantic, anyone who ever seeks a more lawful or more
ethical path is simply drawing a line, because there is always some
more fundamental injustice they've left unsolved for the moment.

We have an operating system where the users can modify it—top to
bottom—and distribute the results, and have them just as able to be
used as Fedora itself is, where they all stand sharing with each other
as technological equals without having to ask permission.  This
freedom is both an ethical stance, embodied in the vision of the
Fedora project and in the licenses of the many thousands of free
software packages Fedora ships, and also a competitive advantage,
because this kind of freedom is precluded by the the business models
of Apple and Microsoft.

This isn't just the practical advantage of being able to twiddle with
our own machines, but also the advantage of having a cooperative
ecosystem rather than a co-opting ecosystem.  But with this change,
for the majority of users, Fedora will become a lot more like
Microsoft's offering—a locked kernel which you can load userspace apps
on top of— which you can jailbreak to get more freedom. This is
practically a twenty-year step backwards in software freedom, a loss
of a practical advantage of our software, and an affront to the
developers of copylefted software—some written as a direct attack on
these kinds of restrictions. And it is the loss of a strong principled
position which we have used to market free software: that the concept
of jailbreaking is foreign to us because we don't, as a matter of
principle and of license compliance, restrict our users.

There are places where the freedoms provided by Fedora have practical
limits—and in those places we find people arguing to advance those
causes (such as preemptively renaming trademarked packages). But that
in no way excuses a new loss of freedom; if it is to be justified, it
must stand on its own merits. These merits must be judged not against
the weakest strawmen, but against the best alternatives. A signed help
screen is an alternative.

Fedora installs are easier than they were ten years ago when you did
have to frequently mess with the BIOS—and where the failures never had
a nice help screen—but being realistic, our install instructions still
have people raw-writing images to usb sticks, and it is still not that
uncommon to have to muck around in the BIOS to get the boot order
right. A totally clueless person with an install disk can easily wipe
out a system full of their data.  I think regressing to the installs
being somewhat easier than ten yearsish ago is still a better place to
be than the cryptographic lockdown.

Why not try the half step— a restricted help screen display module—
and only go the whole way if it proves inadequate?
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

On Sat, Jun 2, 2012 at 11:14 PM, Gregory Maxwell gmaxw...@gmail.com wrote:

 I think regressing to the installs
 being somewhat easier than ten yearsish ago is still a better place to
 be than the cryptographic lockdown.

I disagree and once again it is not a lockdown as people who care
enough can disable it, while having it enabled by default makes things
easier for a large set of (potential) users.

And if we have the choice between make it easier to modify every part
of the OS vs. make it easier to instal the OS in the first place
... no one thinking rationally would opt for the former.

Besides installation and modification aside it does provide another
additional value ... which is added security which is a welcome
addition in some environments.
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

On Sat, Jun 2, 2012 at 5:26 PM, drago01 drag...@gmail.com wrote:
 On Sat, Jun 2, 2012 at 11:14 PM, Gregory Maxwell gmaxw...@gmail.com wrote:
 I think regressing to the installs
 being somewhat easier than ten yearsish ago is still a better place to
 be than the cryptographic lockdown.

 I disagree and once again it is not a lockdown as people who care
 enough can disable it, while having it enabled by default makes things
 easier for a large set of (potential) users.

You can disable the lockdown on iOS devices too—and the lawfulness of
this activity is well established in the US.
I understand that when the Copyright Office hit its periodic review
for that particular DMCA exemption Apple didn't even fight it this
time.

It is still a lockdown even if there is some complicated procedure to
disable it—you can't argue this both ways. Either it's an
inconsequential restriction because it's so easy to disable, or it's a
practical problem for people installing the OS.

And what happens when OEMs leave out the option, which isn't even
required by the UEFI spec itself, and Microsoft fails to enforce that
particular requirement?  Not our fault?

 And if we have the choice between make it easier to modify every part
 of the OS vs. make it easier to instal the OS in the first place
 ... no one thinking rationally would opt for the former.

If it were so simple we'd never have free software at all,  because it
was always easier to continue using whatever commercial offering came
bundled with your system.

In this case it's make it easier to install vs. preserve an
ecosystem of cooperating publishers, keep software freedom as a
top-line priority, keep it easy to modify every part, and don't put
Red Hat in the business of defending semi-tivoization against license
enforcement by free software authors.

 Besides installation and modification aside it does provide another
 additional value ... which is added security which is a welcome
 addition in some environments.

There is no additional security provided by the feature as so far
described—only security theater.   So I can't modify the kernel or
bootloader, great—but the kernel wouldn't have let me do that in the
first place unless it had an exploit. So I just put my rootkit inside
systemd so that it executes the kernel exploit right after reboot, and
the exploited kernel now silently keeps updates from being applied.
This has hardly made any attacks more difficult at all.  You don't get
security benefits from this without a much more elaborate and fragile
system, or without mandating the signing of a much larger portion of
the software stack so that updates can run before any unsigned code
(and even then only after the horse has left the barn: the attacker
has stolen your data and wiped the system before reboot).

If you want to improve the security of Fedora, there are a great many
things that can be done which don't have sticky compromises and which
would provide greater actual security.  Moreover, I can find no
feature requests for this functionality. (Instead the internet is
flooded by people asking how to turn off the security facilities
Fedora already has, people on the IRC channel reflexively tell people
to disable SELinux even when doing so isn't required, etc.)
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

2012-06-02 Thread Michael Scherer

Le samedi 02 juin 2012 à 09:46 +0100, phantomjinx a écrit :
Michael scherer m...@zarb.org wrote:
On Sat, Jun 02, 2012 at 02:10:38AM +0200, Kevin Kofler wrote:
Tomasz Torcz wrote:
Documenting the procedure may be viable after all. Kevin, could
you start
writing such guides on Fedora wiki?

I cannot start documenting this before the first
Secure-Boot-enabled
firmware actually ships.

Sure you can, just send a email to OEMs to have access to engineering
samples.

You can also start to organize the effort to review UEFI interface,
by creating
a UEFI documenting SIG, and let all the people who want to document
as a alternative
to paying 99$ to Verisign take care of the logistics.
--
Michael Scherer
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

While this reply is informative, it tends to imply that KK should do
this without any support from those that disagree with his position.

Well, from what I red from KK position, this seems to be not be a big
problem to document, so does he really need support from others ?

And there is enough people agreeing with him to be something that can be
done fast, no ?

Of course, if in the end, the solution requires a massive amount of work
and no one is motivated enough to do it, then it may not workable, and
then people who think the solution of getting a certificate from
Verisign are right, and KK is wrong, but the only way to know is to try
to do it.

Having watched this thread over the last 24 hours I would like to
understand where we are going with it. There are different positions
with increasingly shrill talking at and talking past replies.

The media has already posted articles on this as fedora selling out
to Microsoft. This cannot be good long term for the reputation of the
project.

I think you underestimate the lack of long term memory of people, and
the fact that most people do not really care. Yes, there is a few people
that would remember that. But technically, they would factually wrong,
since the money is paid to Verisign, not Microsoft ( cf update to the
blog post of MG ).
And I think no one would be happy if someone start to use some stuff
like Bluepill ( http://en.wikipedia.org/wiki/Blue_Pill_%28software%29 )
to root them. Security researcher have found also some weird stuff
( like http://events.ccc.de/congress/2010/Fahrplan/events/4174.en.html )
on hardware, so that's at least something that can be done by people
motivated enough.

Maybe you would not be attacked, maybe that's pure paranoia. And maybe
not. And I am pretty sure we would all hate seeing people saying that
Linux is less secure than Windows due to such problem ( and in fact,
people already imply that Bitlocker is safer because it use TPM :
http://theinvisiblethings.blogspot.fr/2009/01/why-do-i-miss-microsoft-bitlocker.html,
even if that something that can be done
http://publib.boulder.ibm.com/infocenter/lnxinfo/v3r0m0/index.jsp?topic=%2Fliaai%2Fecrypts%2Fliaaiecryptfs.htm
but not integrated for now )

Having a free BIOS/EFI would surely be a step toward a better solution,
but frankly who here tried to use coreboot on real hardware ?

I do not like the current situation, do not get me wrong. But yet, if
people who say we should let people change their settings do not even
know what a modern firmware interface does look like, I do not have much
confidence in their capacity to fully see what is going on.

UEFI was marketing as being a platform to add value, ie interface
variation.

A lot of work has been put into this by MG and his article seemed to
imply almost a despairing resignation about the decision (if not the
case then I misread it -sorry). Based on the comments of this thread
can a working group or sig be set up to build on MG and Co's work to
find the most workable solution that preserves the reputation of the
project. Otherwise I fear the distro will gain zero new users but
worse lose the ones it already has!

I think most users would not see any difference at all, because cds
would work without them seeing anything, that's the whole point of
offering a seamless experience.

And if people are following only Slashdot headlines ( who are quite
often misleading IMHO ) without searching in depth what goes one to make
their decision, I doubt they would be the one _I_ would try to get ( and
I realize that rather elitist to say, yes, but I am speaking for myself
). There is never a shortage of people too quick to judge.
If people do not care to even understand what goes behind a compromise,
how would they care to contribute enough ?

--
Michael Scherer

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

On Sat, Jun 02, 2012 at 05:14:12PM -0400, Gregory Maxwell wrote:

 When it comes down to it, your drawing the line argument just
 doesn't make sense.  There is always injustice in the world.  If you
 want to be pedantic, anyone who ever seeks a more lawful or more
 ethical path is simply drawing a line, because there is always some
 more fundamental injustice they've left unsolved for the moment.

There is always injustice. You're arguing that one level of injustice is 
acceptable and that another isn't, and you're justifying your 
distinction because you think the benefits of providing that information 
are greater than the costs of the loss of freedom. But there's no 
absolute rational measure of that, in the same way that there's no way 
to rationally say that the loss of freedom in terms of users not being 
able to produce their own signed bootloader or kernel for free is more 
or less significant than the benefit of having an operating system that 
users can install without firmware reconfiguration.

You're fine with one level of injustice. I'm fine with another level of 
injustice. Both compromise the freedoms that Fedora currently gives you.

-- 
Matthew Garrett | mj...@srcf.ucam.org
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

On Sat, Jun 2, 2012 at 5:57 PM, Matthew Garrett mj...@srcf.ucam.org wrote:
 You're fine with one level of injustice. I'm fine with another level of
 injustice. Both compromise the freedoms that Fedora currently gives you.

I'm not fine with it. It's an unfortunate situation too. But producing
a single special case trivial display program for users who couldn't
run anything which was truly free at all is hardly comparable to
cryptographically locking down the core of an OS— millions of lines of
code written by other people, and missing an opportunity to help users
regain their complete freedom at a time when they are most ready and
willing to accept a little inconvenience.

You've made the argument that we didn't choose the lockdown the
systems— Microsoft and the OEMs have.  Fine.  But it is we who will be
choosing to restrict Fedora in that environment rather than only a
trivial help-text shim.

I gave extensive argument on several aspect of the balance which I
believe fall in favor not adopting cryptographic lockdown in Fedora.
I'm not opposing cryptographically locking the kernel on a simple
blind principle of software freedom, and so I do not reject the
alternative of a help screen for equally weak reasons.
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

On Sat, Jun 02, 2012 at 06:09:15PM -0400, Gregory Maxwell wrote:

 I'm not fine with it. It's an unfortunate situation too. But producing
 a single special case trivial display program for users who couldn't
 run anything which was truly free at all is hardly comparable to
 cryptographically locking down the core of an OS— millions of lines of
 code written by other people, and missing an opportunity to help users
 regain their complete freedom at a time when they are most ready and
 willing to accept a little inconvenience.

It's comparable in that you're willing to give up a freedom for some 
functionality. Personally I think the functionality you'd gain is small 
compared to the freedom you'd lose, and you obviously feel the same 
about my position.

-- 
Matthew Garrett | mj...@srcf.ucam.org
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

On Sat, Jun 2, 2012 at 6:09 PM, Gregory Maxwell gmaxw...@gmail.com wrote:
 On Sat, Jun 2, 2012 at 5:57 PM, Matthew Garrett mj...@srcf.ucam.org wrote:
 You're fine with one level of injustice. I'm fine with another level of
 injustice. Both compromise the freedoms that Fedora currently gives you.

 I'm not fine with it. It's an unfortunate situation too. But producing
 a single special case trivial display program for users who couldn't
 run anything which was truly free at all is hardly comparable to
 cryptographically locking down the core of an OS— millions of lines of
 code written by other people, and missing an opportunity to help users

Apologies for the double response— but it occurs to me that this may
not be clear:

My initial take— and still my preference— is to not participate at
all: Any participation legitimizes this imposition, regardless of how
I feel about the software freedom of a help-display ship.

But people have provided excellent arguments that the silent failure
would be especially confusing and disruptive to users.  I agree with
these concerns, so I offered the idea of a help shim which would
completely address those specific problems while still preserving
99.% of user software freedom and while still being pretty
similar to complete non-participation.

I think it is poor form hold an effort to compromise and find
something that will be acceptable to people who are primarily
concerned with usability against me, or to suggest that I can't argue
that software freedom is important because I'm unwilling to stoop to
whatever fringe ethics you'd like me to uphold.
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

On Sat, Jun 2, 2012 at 11:47 PM, Gregory Maxwell gmaxw...@gmail.com wrote:
 On Sat, Jun 2, 2012 at 5:26 PM, drago01 drag...@gmail.com wrote:
 On Sat, Jun 2, 2012 at 11:14 PM, Gregory Maxwell gmaxw...@gmail.com wrote:
 I think regressing to the installs
 being somewhat easier than ten yearsish ago is still a better place to
 be than the cryptographic lockdown.

 I disagree and once again it is not a lockdown as people who care
 enough can disable it, while having it enabled by default makes things
 easier for a large set of (potential) users.

 You can disable the lockdown on iOS devices too—and the lawfulness of
 this activity is well established in the US.
 I understand that when the Copyright Office hit its periodic review
 for that particular DMCA exemption Apple didn't even fight it this
 time.

Apples and Oranges unrelated and here disable is using an exploit
not just flipping an option.

 It is still a lockdown even if there is some complicated procedure to
 disable it—you can't argue this both ways. Either it's an
 inconsequential restriction because it's so easy to disable, or it's a
 practical problem for people installing the OS.

It can be argued both ways. Modifying software requires more skills
and knowlegde anyway so it is more acceptable to accept that group of
people to fiddle with the firmware then everyone including people that
don't even know what a firmware is. Come on lets not discuss the
obvious ..

 And what happens when OEMs leave out the option, which isn't even
 required by the UEFI spec itself, and Microsoft fails to enforce that
 particular requirement?  Not our fault?

In case we refuse to support secure boot at all users on this hardware
won't have any option but to run a 100% proprietary  OS. While if we
ship signed bootloader and kernel they can enjoy the freedom to
modiify everything else of their OS. In that case it is choosing the
lesser evil option. Is this a good situation? Of chores not. But the
all or nothing approach isn't what got us where we are now.

 And if we have the choice between make it easier to modify every part
 of the OS vs. make it easier to instal the OS in the first place
 ... no one thinking rationally would opt for the former.

 If it were so simple we'd never have free software at all,  because it
 was always easier to continue using whatever commercial offering came
 bundled with your system.

We have to make our software better then the competition being free by
itself is not enough to gain market traction.  Having a complicated
installation procedure sure does not help this case.

 In this case it's make it easier to install vs. preserve an
 ecosystem of cooperating publishers, keep software freedom as a
 top-line priority, keep it easy to modify every part, and don't put
 Red Hat in the business of defending semi-tivoization against license
 enforcement by free software authors.

Lets check this using the free software definition by the FSF:

1. The freedom to run the program, for any purpose (freedom 0).

You are free to run fedora for any purpose even if we implement secure boot.

2.  The freedom to study how the program works, and change it so it
does your computing as you wish (freedom 1). Access to the source code
is a precondition for this.

The source code is available, you are free to study and change it.
Running it on specific hardware might require an additional step but
that does not contradict this.

3. The freedom to redistribute copies so you can help your neighbor
(freedom 2).
4. The freedom to distribute copies of your modified versions to
others (freedom 3). By doing this you can give the whole community a
chance to benefit from your changes. Access to the source code is a
precondition for this.

You are free to do so as long as you comply with the trademark
guidelines. You have to sign the kernel and bootloader (which costs
money) to have an easy install routine.
The later part sucks but does not restrict freedom 3 nor 4. And
according to your other mails having the user i.e your neighbor
disable secure boot is easy.
(I disagree with the later but you obviosuly don't). So if you argue
that it is fine for fedora to be shipped that way it is fine for your
redistributed copy (even though some other OSes like Fedora, Windows,
...) are easier to install. Otherwise your whole point is
hypocritical.

So yes the situation kind of sucks but claiming that supporting
secureboot will make fedora non free is just wrong.
We can have a technical discussion in how to solve this better (having
the user mess with the firmware isn't better) ... but the free vs. non
free discussion does not make any sense because the software will
remain free.

So lets have a discussion on that basis.
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

On Sun, Jun 3, 2012 at 12:09 AM, Gregory Maxwell gmaxw...@gmail.com wrote:
 On Sat, Jun 2, 2012 at 5:57 PM, Matthew Garrett mj...@srcf.ucam.org wrote:
 You're fine with one level of injustice. I'm fine with another level of
 injustice. Both compromise the freedoms that Fedora currently gives you.

 I'm not fine with it. It's an unfortunate situation too. But producing
 a single special case trivial display program for users who couldn't
 run anything which was truly free at all is hardly comparable to
 cryptographically locking down the core of an OS— millions of lines of
 code written by other people, and missing an opportunity to help users
 regain their complete freedom at a time when they are most ready and
 willing to accept a little inconvenience.

No one is preventing anyone from providing instructions on how to
disable secure boot. We should definitely do that.
But those are not mutually exclusive ... i.e we can have both
documentation *and* an OS that just works.
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

On Sat, Jun 2, 2012 at 6:23 PM, drago01 drag...@gmail.com wrote:
 It can be argued both ways. Modifying software requires more skills
 and knowlegde anyway so it is more acceptable to accept that group of
 people to fiddle with the firmware then everyone including people that
 don't even know what a firmware is. Come on lets not discuss the
 obvious ..

My personal ability to disable the cryptographic lockdown— or to
choose hardware where isn't in question— it's the ability of people I
redistribute the software to that is relevant.

If it were not then I could simply answer your desire to ship signed
binaries with Just disable that option on your computer, tada, no
problems. If thats not a viable an option for Fedora as whole, it's
not an option to someone who is executing the rights Fedora is
required to pass on either.  I don't personally think there is any
ambiguity in this regard the social contract created via copyleft
licenses, if people do then perhaps it's time to strike a new one.

[No disrespect intended, but I'm not point by pointing the rest
because I think the educated reader could easily enough anticipate my
responses from the past thread, we're becoming circular again]
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

On Sun, Jun 3, 2012 at 12:32 AM, Gregory Maxwell gmaxw...@gmail.com wrote:
 [No disrespect intended, but I'm not point by pointing the rest
 because I think the educated reader could easily enough anticipate my
 responses from the past thread, we're becoming circular again]

Yeah that's fine we both have different opinions here and won't
convince each other so lets just agree to disagree instead of going in
circles.
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only


On 06/02/2012 11:27 AM, Chris Adams wrote:

Once upon a time, Kevin Koflerkevin.kof...@chello.at  said:

And I don't think having to disable Secure Boot in the firmware is a
hurdle which will make our users simply walk away. I didn't simply walk
away either back in the day where RHL wouldn't boot without disabling the
Plug and Play operating system option in the BIOS.

You are far from an average user though.  There are lots of users that
Fedora would like to target that would flinch (at a minimum) when told
they have to change their firmware settings first.  Even more would be
disturbed when you tell them that to run Fedora you have to disable an
option called Secure Boot (but I want my system to be secure!).

You can try to explain it all you want, but they'll latch on to the
disable Secure Boot and glaze over any explanation.

Developers will not have a big problem; they're used to having to enable
special options and such for some development or testing work.  Fedora
isn't just supposed to be for developers though.

Who are these users? I have been using Linux since 0.99 while working with many 
users of Windows,none of them
expressed an interest in trying linux.

--
Stephen Clark
*NetWolves*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only


On 06/02/2012 05:26 PM, drago01 wrote:

On Sat, Jun 2, 2012 at 11:14 PM, Gregory Maxwellgmaxw...@gmail.com  wrote:


  I think regressing to the installs
being somewhat easier than ten yearsish ago is still a better place to
be than the cryptographic lockdown.

I disagree and once again it is not a lockdown as people who care
enough can disable it, while having it enabled by default makes things
easier for a large set of (potential) users.


Who are these potential users? How many people running windows have you 
convinced to also
load Linux? I have been using Linux since 0.99 and have not been able to 
convince any to use Linux.

And if we have the choice between make it easier to modify every part
of the OS vs. make it easier to instal the OS in the first place
... no one thinking rationally would opt for the former.

Besides installation and modification aside it does provide another
additional value ... which is added security which is a welcome
addition in some environments.



--
Stephen Clark
*NetWolves*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

2012-06-02 Thread Chris Adams

Once upon a time, Steve Clark scl...@netwolves.com said:
 Who are these users? I have been using Linux since 0.99 while working with 
 many users of Windows,none of them
 expressed an interest in trying linux.

Well, we obviously have different friends.  I've got lots of technical
friends (and my father) that don't spend all day working on computers,
just using them (telecom engineers, rocket scientists, etc.).  A number
of them have asked me about Linux over the years, and I've helped them
get started and help with occasional problems.

As for since 0.99: I remember when a friend told me about this post he
saw in the Minix newsgroup.  Unfortunately, I didn't have a 386 at the
time. :)

-- 
Chris Adams cmad...@hiwaay.net
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

On Sat, Jun 02, 2012 at 07:51:52PM -0400, Steve Clark wrote:

 Who are these potential users? How many people running windows have you 
 convinced to also
 load Linux? I have been using Linux since 0.99 and have not been able to 
 convince any to use Linux.

It's possible that this says more about you or the people you meet than 
anything else.

-- 
Matthew Garrett | mj...@srcf.ucam.org
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only


On 06/02/2012 07:55 PM, Chris Adams wrote:

Once upon a time, Steve Clarkscl...@netwolves.com  said:

Who are these users? I have been using Linux since 0.99 while working with
many users of Windows,none of them
expressed an interest in trying linux.

Well, we obviously have different friends.  I've got lots of technical
friends (and my father) that don't spend all day working on computers,
just using them (telecom engineers, rocket scientists, etc.).  A number
of them have asked me about Linux over the years, and I've helped them
get started and help with occasional problems.

As for since 0.99: I remember when a friend told me about this post he
saw in the Minix newsgroup.  Unfortunately, I didn't have a 386 at the
time. :)


I worked with developers where we were developing for Unix and they wanted to 
uses PC's running Windows and not
FreeBSD or Linux, go figure. I would think your friends would be able to handle 
disabling secure boot to load fedora.

--
Stephen Clark
*NetWolves*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only


On 06/02/2012 08:20 PM, Matthew Garrett wrote:

On Sat, Jun 02, 2012 at 07:51:52PM -0400, Steve Clark wrote:


Who are these potential users? How many people running windows have you 
convinced to also
load Linux? I have been using Linux since 0.99 and have not been able to 
convince any to use Linux.

It's possible that this says more about you or the people you meet than
anything else.


So an ad hominem attack as opposed to facts to answer the question - nice.

--
Stephen Clark
*NetWolves*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

On Sat, Jun 02, 2012 at 08:43:41PM -0400, Steve Clark wrote:
 On 06/02/2012 08:20 PM, Matthew Garrett wrote:
 On Sat, Jun 02, 2012 at 07:51:52PM -0400, Steve Clark wrote:
 
 Who are these potential users? How many people running windows have you 
 convinced to also
 load Linux? I have been using Linux since 0.99 and have not been able to 
 convince any to use Linux.
 It's possible that this says more about you or the people you meet than
 anything else.
 
 So an ad hominem attack as opposed to facts to answer the question - nice.

No, I mean that your anecdote tells you nothing about the population, 
only about the people involved. Spend time in Bugzilla or on the forums 
and you'll find no shortage of people who have come to Linux from 
Windows. If you've never met these people then that just means that you 
haven't met them, not that they don't exist.

-- 
Matthew Garrett | mj...@srcf.ucam.org
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

Michael Scherer wrote:
 And I think no one would be happy if someone start to use some stuff
 like Bluepill ( http://en.wikipedia.org/wiki/Blue_Pill_%28software%29 )
 to root them.

You can be blue-pilled purely from userspace, which Secure Boot does not 
protect at all. Ever heard of software emulation? It doesn't even need root 
access! It's several times slower (~50 times in my experience of running 
qemu-system-x86_64 on a 32-bit P4 to build packages), but some users are 
happily using spyware/virus/trojan-infected machines slowed down to a crawl.

Kevin Kofler

-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only


On 06/02/2012 08:56 PM, Matthew Garrett wrote:

On Sat, Jun 02, 2012 at 08:43:41PM -0400, Steve Clark wrote:

On 06/02/2012 08:20 PM, Matthew Garrett wrote:

On Sat, Jun 02, 2012 at 07:51:52PM -0400, Steve Clark wrote:


Who are these potential users? How many people running windows have you 
convinced to also
load Linux? I have been using Linux since 0.99 and have not been able to 
convince any to use Linux.

It's possible that this says more about you or the people you meet than
anything else.


So an ad hominem attack as opposed to facts to answer the question - nice.

No, I mean that your anecdote tells you nothing about the population,
only about the people involved. Spend time in Bugzilla or on the forums
and you'll find no shortage of people who have come to Linux from
Windows. If you've never met these people then that just means that you
haven't met them, not that they don't exist.


But don't you think that if they are determined enough to go to bugzilla and 
make an entry they
are smart enough to turn off secure boot? I guess my feeling is that people 
that have the where
withall to attempt to load another OS on their Windows box won't be afraid to 
disable secure boot
especially if it is explained to them why they need to.

--
Stephen Clark
*NetWolves*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

2012-06-01 Thread Nicu Buculei


On 05/31/2012 05:13 PM, Chris Adams wrote:


Please don't spread FUD like this.  You are wrong for a couple of
reasons:

- Secure boot is required to be able to be disabled on x86 (the only
   platform Fedora will support it).

- Users can generate their own keys, enroll them in the secure boot
   firmware, and use those keys to sign their kernels.


I am not sure I fully understand the technical part about UEFI so please 
make it clear for me: I can generate my own keys, enroll them in the 
secure boot firmware and then *continue* using the machine in a *dual 
boot* with Windows 8?


The presence on my own boot keys will make Windows 8 unbootable on that 
machine or not?


--
nicu :: http://nicubunu.ro :: http://nicubunu.blogspot.com/
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 05/31/2012 07:21 PM, Gerry Reno wrote:
 Not yet.  But HDD technology is changing rapidly.  Just look at
 hybrid drives, SSD.
 
 No reason they could not add this capability.

Not really. Both of these have been in development for years and have
only started to look mainstream fairly recently.

Look at the time that passed between IDEMA standardising advanced
(4KiB) sectoring and the time that that took to actually make it to
the market (not to mention that most of those parts are running in
compatibility mode today).

ATA has some existing security extensions to allow a drive to be
locked but these prevent any access until a correct password is
presented (and don't appear to be that secure against a well resourced
attacker).

If read-only support was standardised tomorrow it'd still be a number
of years before widespread support became available.

About the best you could do today would be to use an external drive
with a write-protect switch or to wire up the physical WP jumper on
the drive to an external switch on the case (I wouldn't flick it while
the system is running ;).

Regards,
Bryn.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk/Ih3wACgkQ6YSQoMYUY96v7ACfUV2nSsW4iAQDwTXXWz75cpMb
fN0AoKHV48bethNR/GKaUdNtnfeNMWlL
=mZVJ
-END PGP SIGNATURE-
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 05/31/2012 08:03 PM, Gregory Maxwell wrote:
 I wasn't responding to MJG, I was responding to Peter— who said I
 was wrong in the message where I was stating that a freedom is
 being lost, and has subsequently spoken more clearly on the
 position— and Byrn. It seemed to me that they were arguing that the
 freedom of fedora wasn't being compromised here.  My understanding
 has been refined by further discussion, though I'm still not
 completely sure if all people actually take the loss of freedom
 seriously, or if they do but just can't accept the idea that the
 alternative is actually an option.

If you read my posts carefully you might have noticed that I have not
actually taken a position on this feature. I was only responding to
the tone and content of your message which I still feel was
unnecessarily alarmist and not adding anything to the discussion.

I am not working on this feature and I'm quite capable of telling my
system's firmware to do what I want so there's little practical
implication for me.

I see the arguments on both sides and I regret that we appear to be
between a rock and a hard place here.

At the same time I have a lot of trust in the people who are working
on this in Fedora and I have faith that the project will try to seek
the best compromise between the freedoms we value and the realities of
the market and environment we find ourselves in.

Invoking the conspiracy card on these discussions and decisions really
just takes us further into the mire.

Regards,
Bryn.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk/IlYIACgkQ6YSQoMYUY95jdgCgtG2ZjWfbZ1eFbV7FJLlvvIrQ
6KcAoLY4Vfca42XC7eby578EOpENakaY
=1HB5
-END PGP SIGNATURE-
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

2012-06-01 Thread Michael scherer

On Thu, May 31, 2012 at 01:55:35PM -0500, Chris Adams wrote:
 Once upon a time, Peter Jones pjo...@redhat.com said:
  That's why we didn't simply ask vendors to ship our key.  That would be
  /less/ equitable to other distributions than the solution we're looking at
  right now.
 
 Has any thought been given to setting up group between various Open
 Source distributions (Linux, BSD) to be a Secure Boot signer (with
 security-oriented rules about what gets signed, probably similar to
 whatever Microsoft is using today) and then getting vendors to include
 the master key along site Microsoft's?

The last attempt to do something similar I can think of would be cacert.
Afaik, they are still being audited to be added to Firefox, and i think
they would be happy to explain all the issues they faced on that road.

-- 
Michael Scherer
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 05/31/2012 10:42 PM, Adam Williamson wrote:
 On Thu, 2012-05-31 at 15:07 -0400, Gerry Reno wrote:
 
 Yes, all these would currently support what I'm suggesting.
 Actually, if you're willing to flip a lot of switches, you
 could probably make your / a raid5 of floppies, but the
 performance would be suboptimal.
 
 -J
 
 
 Ok, now you're just being silly.
 
 Behold:
 
 http://www.wired.com/gadgetlab/2009/05/five-disk-floppy-raid-4mb-of-blistering-fast-storage/

Hey,
 
you might be joking but I used to demo MD RAID in Red Hat classes
using a dinky little 4-port USB1 hub (with a Shadowman logo) and four
Red Hat branded USB keys.

Worked great :-)

Regards,
Bryn.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk/ImxUACgkQ6YSQoMYUY96GcgCg0Hl2mIPTJRx4wPUujN4fPVex
fL8An1E/1Gd6DQwgzC36hXm2HFk6mCbX
=xv75
-END PGP SIGNATURE-
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

2012-06-01 Thread Steve Clark


On 05/31/2012 09:14 PM, Kevin Kofler wrote:

Chris Adams wrote:

- Secure boot is required to be able to be disabled on x86 (the only
platform Fedora will support it).

And this is exactly why we should just require our users to disable it!

I don't see any advantage at all from supporting this feature, just
problems:
* extra restrictions added to GRUB and the kernel to comply with the
security (lockout) requirements. Even if they're all conditional on
secure boot being enabled (are they really?), that still means extra code
which can cause extra breakage even when running in normal mode (the one
every Free Software user should be using).
* possible GPL violation. Did Red Hat Legal have a look at the plans
already? Are they sure they're compliant with the GPL, v2 when it comes to
the kernel, v3 when it comes to GRUB 2? (What's sure is that they aren't
compliant with the spirit of the GPL, whatever version!)
* ineffectiveness of the added restrictions: Can't you still bring up a
Blue Pill with a Window$ VM even with only unsigned userspace apps? And if
we don't even allow those, where's the freedom?
* exercising your freedom to change the kernel (or even just to load an out-
of-tree module!) requires you to disable Secure (Restricted) Boot anyway,
so why support the restricted mode? (As much as I hate proprietary drivers,
you can definitely expect a horde of their users showing up at your door
with a pitchfork...)
* implicit endorsement of M$ and their signature racket (including a
monetary payment to their racketing partner Veri$ign -- was that already
made?). It might even lead M$ to drop the requirement to allow disabling
Secure Boot (or even invert it into a prohibition as on ARM!), arguing
that Linux (sic, should be GNU/Linux) supports it too anyway.
* dependence on the racket, which can change its terms at any moment.

Just saying disable 'Secure' Boot in the BIOS is the easiest solution to
the problem. I remember the days where one had to disable PlugPlay
Operating System in the BIOS to get GNU/Linux to boot at all on some
machines, it didn't cause any real problems.

 Kevin Kofler


+100


--
Stephen Clark
*NetWolves*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.cl...@netwolves.com
http://www.netwolves.com
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

2012-06-01 Thread phantomjinx

On 06/01/2012 12:58 PM, Steve Clark wrote:
 On 05/31/2012 09:14 PM, Kevin Kofler wrote:
 Chris Adams wrote:
 - Secure boot is required to be able to be disabled on x86 (the only
 platform Fedora will support it).
 And this is exactly why we should just require our users to disable it!

 I don't see any advantage at all from supporting this feature, just 
 problems:
 * extra restrictions added to GRUB and the kernel to comply with the 
 security (lockout) requirements. Even if they're all conditional on 
 secure boot being enabled (are they really?), that still means extra code 
 which can cause extra breakage even when running in normal mode (the one 
 every Free Software user should be using).
 * possible GPL violation. Did Red Hat Legal have a look at the plans 
 already? Are they sure they're compliant with the GPL, v2 when it comes to 
 the kernel, v3 when it comes to GRUB 2? (What's sure is that they aren't 
 compliant with the spirit of the GPL, whatever version!)
 * ineffectiveness of the added restrictions: Can't you still bring up a 
 Blue Pill with a Window$ VM even with only unsigned userspace apps? And if 
 we don't even allow those, where's the freedom?
 * exercising your freedom to change the kernel (or even just to load an out-
 of-tree module!) requires you to disable Secure (Restricted) Boot anyway, 
 so why support the restricted mode? (As much as I hate proprietary drivers, 
 you can definitely expect a horde of their users showing up at your door 
 with a pitchfork…)
 * implicit endorsement of M$ and their signature racket (including a 
 monetary payment to their racketing partner Veri$ign – was that already 
 made?). It might even lead M$ to drop the requirement to allow disabling 
 Secure Boot (or even invert it into a prohibition as on ARM!), arguing 
 that Linux (sic, should be GNU/Linux) supports it too anyway.
 * dependence on the racket, which can change its terms at any moment.

 Just saying disable 'Secure' Boot in the BIOS is the easiest solution to 
 the problem. I remember the days where one had to disable PlugPlay 
 Operating System in the BIOS to get GNU/Linux to boot at all on some 
 machines, it didn't cause any real problems.

 Kevin Kofler

 +100
 
 
 -- 
 Stephen Clark
 *NetWolves*
 Director of Technology
 Phone: 813-579-3200
 Fax: 813-882-0209
 Email: steve.cl...@netwolves.com
 http://www.netwolves.com
 
 
 N�n�r)em�h�yhiם�w^��

+100

-- 
Paul Richardson

  * p.g.richard...@phantomjinx.co.uk
  * pgrichard...@linux.com


-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

2012-06-01 Thread Jon Ciesla

On Fri, Jun 1, 2012 at 5:36 AM, Bryn M. Reeves b...@redhat.com wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 On 05/31/2012 10:42 PM, Adam Williamson wrote:
 On Thu, 2012-05-31 at 15:07 -0400, Gerry Reno wrote:

 Yes, all these would currently support what I'm suggesting.
 Actually, if you're willing to flip a lot of switches, you
 could probably make your / a raid5 of floppies, but the
 performance would be suboptimal.

 -J


 Ok, now you're just being silly.

 Behold:

 http://www.wired.com/gadgetlab/2009/05/five-disk-floppy-raid-4mb-of-blistering-fast-storage/

 Hey,

 you might be joking but I used to demo MD RAID in Red Hat classes
 using a dinky little 4-port USB1 hub (with a Shadowman logo) and four
 Red Hat branded USB keys.

 Worked great :-)

Actually, with enough PCI USB port cards, USB hubs, and thumb drives,
you could use MD RAID and possibly LVM to make a poor-person's SAN.
Hot-swappable drives and all.

-J

 Regards,
 Bryn.
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.12 (GNU/Linux)
 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

 iEYEARECAAYFAk/ImxUACgkQ6YSQoMYUY96GcgCg0Hl2mIPTJRx4wPUujN4fPVex
 fL8An1E/1Gd6DQwgzC36hXm2HFk6mCbX
 =xv75
 -END PGP SIGNATURE-
 --
 devel mailing list
 devel@lists.fedoraproject.org
 https://admin.fedoraproject.org/mailman/listinfo/devel



-- 
http://cecinestpasunefromage.wordpress.com/

in your fear, seek only peace
in your fear, seek only love

-d. bowie
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 06/01/2012 01:51 PM, Jon Ciesla wrote:
 Actually, with enough PCI USB port cards, USB hubs, and thumb
 drives, you could use MD RAID and possibly LVM to make a
 poor-person's SAN. Hot-swappable drives and all.

And with LIO in the kernel you can even export it over fibre channel
or FCoE! Happy days! :)

Bryn.

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk/IvrEACgkQ6YSQoMYUY94nOACgszBwn4D4EHl3oWakWXx/XOMH
RpMAn2RKxav49G3/pnXx3UqK7rmcaFV8
=ndBc
-END PGP SIGNATURE-
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

drago01 wrote:
 The advantages is that things just work (tm).

They just work as long as you don't try to actually exercise one of the 
freedoms we stand for. Or even just install an out-of-tree kernel module 
such as the ones from RPM Fusion. I don't think this is something we should 
endorse, also because our endorsement may entice M$ to change away from the 
current situation (Secure Boot optional) which is certainly a compromise 
in their eyes.

 No one will stop you (or anyone else) from disabling it.

It's as easy as setting an option in the firmware (BIOS) setup, so I don't 
see why we can't just require it from everyone.

Kevin Kofler

-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

2012-06-01 Thread Kevin Fenzi

On Fri, 1 Jun 2012 12:21:36 +0200
Michael scherer m...@zarb.org wrote:

 On Thu, May 31, 2012 at 01:55:35PM -0500, Chris Adams wrote:
  Once upon a time, Peter Jones pjo...@redhat.com said:
   That's why we didn't simply ask vendors to ship our key.  That
   would be /less/ equitable to other distributions than the
   solution we're looking at right now.
  
  Has any thought been given to setting up group between various Open
  Source distributions (Linux, BSD) to be a Secure Boot signer (with
  security-oriented rules about what gets signed, probably similar to
  whatever Microsoft is using today) and then getting vendors to
  include the master key along site Microsoft's?
 
 The last attempt to do something similar I can think of would be
 cacert. Afaik, they are still being audited to be added to Firefox,
 and i think they would be happy to explain all the issues they faced
 on that road.

Well, I'm a bit skeptical there, since they can't even license their ca
stuff such that Fedora can actually distribute it. ;( 

kevin



signature.asc
Description: PGP signature
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

2012-06-01 Thread Cosimo Cecchi

On Fri, 2012-06-01 at 03:14 +0200, Kevin Kofler wrote:
 Chris Adams wrote:
  - Secure boot is required to be able to be disabled on x86 (the only
  platform Fedora will support it).
 
 And this is exactly why we should just require our users to disable it!

I don't want to jump in the technicality of this discussion, but I can
only hope any solution that *requires* users to fiddle with BIOS
settings in order to install Fedora won't be seriously considered as
viable.

Regards,
Cosimo

-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

On 06/01/2012 11:18 AM, Cosimo Cecchi wrote:
 On Fri, 2012-06-01 at 03:14 +0200, Kevin Kofler wrote:
 Chris Adams wrote:
 - Secure boot is required to be able to be disabled on x86 (the only
 platform Fedora will support it).
 And this is exactly why we should just require our users to disable it!
 I don't want to jump in the technicality of this discussion, but I can
 only hope any solution that *requires* users to fiddle with BIOS
 settings in order to install Fedora won't be seriously considered as
 viable.

 Regards,
 Cosimo


The better solution would be for users for want SecureBoot to have to set it in 
the BIOS.  It should be disabled by default.

Windows is the OS with all the attack vectors open.   Users of every other OS 
should not be hostage to this SecureBoot
by default.


-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

2012-06-01 Thread Jesse Keating


On 06/01/2012 08:30 AM, Gerry Reno wrote:

The better solution would be for users for want SecureBoot to have to
set it in the BIOS.  It should be disabled by default.

Windows is the OS with all the attack vectors open.   Users of every
other OS should not be hostage to this SecureBoot by default.


You say this as if we have any control over this, whatsoever.  The vast 
majority of PCs on the market are designed to run Windows.  They come 
with Windows pre-installed.  In order to come with Windows 8 
pre-installed, they will have to enable secure boot at the factory. 
There is no stopping this.


--
Jesse Keating
Fedora -- Freedom² is a feature!
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

Cosimo Cecchi wrote:
 I don't want to jump in the technicality of this discussion, but I can
 only hope any solution that requires users to fiddle with BIOS
 settings in order to install Fedora won't be seriously considered as
 viable.

Sorry, but it's the ONLY viable solution. Any solution that removes users' 
freedom (and that's the case of ANY solution which leaves Secure Boot 
enabled) cannot be seriously considered as viable.

Kevin Kofler

-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

2012-06-01 Thread Chris Adams

Once upon a time, Gerry Reno gr...@verizon.net said:
 The better solution would be for users for want SecureBoot to have to set it 
 in the BIOS.  It should be disabled by default.
 
 Windows is the OS with all the attack vectors open.   Users of every other OS 
 should not be hostage to this SecureBoot
 by default.

As has been repeatedly shown, Windows is the common attack vector in
large part because it is the widest deployed system, and users (of any
OS) are idiots that will click Ok if you give them a pop-up that says
I'm going to delete all your files right now.

Linux gets a high number of attacks as well, but mostly in the server
space today (password scanning on SSH, POP3, IMAP, SMTP AUTH, and common
web hosting control panels such as Plesk and cPanel).  PHP and common
PHP packages (such as phpBB) have had vulnerabilities that get leveraged
to attack the underlying OS.

There's a reason Fedora has things like chkrootkit and rkhunter.

-- 
Chris Adams cmad...@hiwaay.net
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

Gerry Reno wrote:
 The better solution would be for users for want SecureBoot to have to set
 it in the BIOS.  It should be disabled by default.
 
 Windows is the OS with all the attack vectors open.   Users of every other
 OS should not be hostage to this SecureBoot by default.

While I couldn't agree more, unfortunately, that isn't up to us to decide. 
The decision is theoretically up to the hardware vendors, and in practice 
their hands are tied by M$'s logo requirements.

Kevin Kofler

-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

2012-06-01 Thread drago01

On Fri, Jun 1, 2012 at 3:30 PM, Kevin Kofler kevin.kof...@chello.at wrote:
 drago01 wrote:
 The advantages is that things just work (tm).

 They just work as long as you don't try to actually exercise one of the
 freedoms we stand for.

Which one?

 Or even just install an out-of-tree kernel module
 such as the ones from RPM Fusion.

You can disable secure boot (unless we find a better solution) ...
adding secure boot support won't make this any harder.

 I don't think this is something we should
 endorse, also because our endorsement may entice M$ to change away from the
 current situation (Secure Boot optional) which is certainly a compromise
 in their eyes.

I doubt that but well we both can't know that beforehand so this point is moot.

 No one will stop you (or anyone else) from disabling it.

 It's as easy as setting an option in the firmware (BIOS) setup, so I don't
 see why we can't just require it from everyone.

It is easy for you, for me, for pretty much everyone on this mailing
list but there are different types of users out there.
And you effectively want to limit those users to a proprietary OS
(they cannot even try our live images anymore).
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

2012-06-01 Thread drago01

On Fri, Jun 1, 2012 at 5:40 PM, Kevin Kofler kevin.kof...@chello.at wrote:
 Cosimo Cecchi wrote:
 I don't want to jump in the technicality of this discussion, but I can
 only hope any solution that requires users to fiddle with BIOS
 settings in order to install Fedora won't be seriously considered as
 viable.

 Sorry, but it's the ONLY viable solution. Any solution that removes users'
 freedom (and that's the case of ANY solution which leaves Secure Boot
 enabled) cannot be seriously considered as viable.

Secureboot support does *NOT* limit your freedom as long as it is
optional (the default setting does not matter).

You are either making more complex for everyone or for those that want
do develop kernel development, run out of tree drivers etc.

In case enabled secureboot is the only option (i.e we somehow refuse
to boot with it disabled) then (and only then) you can talk about
removed freedom otherwise this is just FUD.
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

Gregory Maxwell wrote:
 My understanding is that some of the relevant legal minds believe that
 Microsoft's you can disable it concession forecloses the possibility
 of a successful legal attack on this— the law may care about the
 anti-competativeness of this stuff, but not so much as to care about a
 $99 signing key or some minor install time hurdle. (and the fact that
 fedora is willing to plan this probably justifies this position).
 
 It was arguably a strategic error to blow the whistle in advance and
 give Microsoft time to compromise. Their first attempt was much more
 likely to have created a civil cause of action as well as to have run
 afoul on antitrust grounds.   But I can hardly blame anyone for
 trying.  Hindsight 20/20 and all that.

If having the option to disable the crap even if it's enabled by default is 
sufficient to not be anti-competitive, then they would have done just that 
after being sued. So I don't think letting them go the most restrictive 
possible way and then sueing would have been any more effective than what 
actually happened.

Kevin Kofler

-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

2012-06-01 Thread Cosimo Cecchi

On Fri, 2012-06-01 at 17:54 +0200, drago01 wrote:
 On Fri, Jun 1, 2012 at 5:40 PM, Kevin Kofler kevin.kof...@chello.at wrote:
  Cosimo Cecchi wrote:
  I don't want to jump in the technicality of this discussion, but I can
  only hope any solution that requires users to fiddle with BIOS
  settings in order to install Fedora won't be seriously considered as
  viable.
 
  Sorry, but it's the ONLY viable solution. Any solution that removes users'
  freedom (and that's the case of ANY solution which leaves Secure Boot
  enabled) cannot be seriously considered as viable.
 
 Secureboot support does *NOT* limit your freedom as long as it is
 optional (the default setting does not matter).

The point I'm trying to make is the default setting might actually be
the most important thing that matters when it comes to new users that
want to install Fedora.

- You need to disable SecureBoot in the BIOS settings in order to
install Fedora
- BIOS settings? What's that? Oh a blueish DOS-like command-line thing?
Freaky. Disable SecureBoot? Why on earth would I want to make my system
less secure? *screw this Linux thing*

Cosimo

-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

Peter Jones wrote:
 Next year if we don't implement some form of Secure Boot support, the
 majority of Fedora users will not be able to install Fedora on new
 machines.

Nonsense. They will be able to install it very easily, they just need to set 
a single boolean in their BIOS setup from Enabled to Disabled.

Kevin Kofler

-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

Peter Jones wrote:
 Nothing is being swept under the rug here. You have the same access to the
 mailing list as I do. We're looking for ideas, and we're putting forth a
 plan that we're willing to implement. If you can come up with a better
 idea, that would be wonderful.

The better idea is the obvious one: Just have your users disable the crappy 
feature in their firmware. (It's required to be optional even my M$.)

Kevin Kofler

-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

2012-06-01 Thread Tom Callaway

On 06/01/2012 11:30 AM, Gerry Reno wrote:

The better solution would be for users for want SecureBoot to have to set it
in the BIOS. It should be disabled by default.

I do not disagree with you. Microsoft does. They have the influence over
the hardware OEMs. We do not. They are forcing the OEMs to enable it by
default.

Feel free to tell your OEM vendor to disable it by default. They will
not get that hardware Windows 8 Certified, won't be able to OEM preload
Windows 8 on it, if they disable it by default. Who do you think they
are going to go with at the end of the day?

Now, let us operate on the assumption that SecureBoot is enabled by
default, and that the majority of PCs are going to come with Windows 8
pre-installed.

Do we want to support dual-booting with Windows 8? Microsoft describes
SecureBoot enablement as Required for Windows 8 client [1]? What does
that mean? We're not sure. At best, it means that BitLocker isn't going
to work, at worst, big chunks of Windows 8 functionality will simply
refuse to function until you turn SecureBoot back on.

Microsoft isn't even planning on supporting dual-booting of Windows 7
and Windows 8:

If you are dual booting, it depends on whether you are booting into
another trusted operating system, van der Hoeven said. One discussion we
are having is…[with] this first firmware OK boot manager OK handshake,
you can't have a version of that that works with Windows 7. Windows 7
doesn't have the ability to check firmware. The firmware can check and
make sure it is assigned a Windows 7 boot loader. Truly, right now
today, if you want to have secure boot and you want to dual boot Windows
8 and Windows 7, you need to turn secure boot off in firmware. We are
thinking about having a way that you can go ahead and make that work,
but that's not POR [plan of record] today. [2]

So, if we want to be able to provide a dual-boot configuration with
Windows 8 (fully functional) and Fedora, how do we do it? Matthew has
come up with a way.

And if you don't care about dual-booting or SecureBoot, turn it off in
the UEFI Firmware, and Fedora continues to work just as it did before.
It's not an all-or-nothing approach. But I think it is short-sighted
(and arrogant of us) to simply say to people who have no idea what UEFI
stands for, Hey, this Fedora isn't for you, go find someone smart
enough to help you.

We include wireless device firmware even though it isn't free. And we
don't like doing that, but it is the only way to get wireless support
out of the box in Fedora.

We're proposing providing a signed bootloader to enable Fedora to run in
SecureBoot environments, even though it is immensely distasteful and
questionably non-free. And we don't like doing that, but it is the only
way we've come up with to get Fedora support out of the box on the next
generation of hardware.

If you can come up with a better way to boot Fedora on SecureBoot
enabled hardware, we're all listening.

~tom

==
Fedora Project

[1]: http://video.ch9.ms/build/2011/slides/HW-457T_van_der_Hoeven.pptx
[2]:
http://redmondmag.com/articles/2011/09/23/windows-8-dual-boot-possible-if-secure-boot-disabled.aspx
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

On 06/01/2012 12:07 PM, Kevin Kofler wrote:
 Peter Jones wrote:
 Next year if we don't implement some form of Secure Boot support, the
 majority of Fedora users will not be able to install Fedora on new
 machines.
 Nonsense. They will be able to install it very easily, they just need to set 
 a single boolean in their BIOS setup from Enabled to Disabled.

 Kevin Kofler



And what happens to all the people who now dual-boot both Linux and Windows.

How can you boot Windows w/SecureBoot  and  Linux w/o SecureBoot?

.
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

Peter Jones wrote:

 On 05/31/2012 11:47 AM, Gregory Maxwell wrote:
 Is this all set in stone?

 No. We've spent some time thinking about all of this and are happy that
 we
 can  implement it in the Fedora 18 timescale, but there's always the
 possibility that we've missed something or that a new idea will come up.
 If we can increase user freedom without making awful compromises
 somewhere else then we'll do it.
 
 This, I believe, is Matthew's way of saying that this is not all set in
 stone, and that we'd encourage you to come up with better ideas because we
 don't like this all that much.

But why are you making this decision in the first place?

This:
1. is a technical decision which affects the entirety of Fedora, and thus 
MUST go through a FESCo vote to be implemented, AND
2. affects the core values of Fedora, and thus MUST go through a Board vote 
to be implemented.

It is not acceptable that the kernel and GRUB maintainers are trying to 
sneak this in through the backdoor with no mandate whatsoever from our 
governance structure.

Kevin Kofler

-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

Adam Jackson wrote:
 False.  Quoting from Matthew's original post:
 
 A system in custom mode should allow you to delete all existing keys
 and replace them with your own. After that it's just a matter of
 re-signing the Fedora bootloader (like I said, we'll be providing tools
 and documentation for that) and you'll have a computer that will boot
 Fedora but which will refuse to boot any Microsoft code.

Removing the M$ key is not viable because the firmware on some peripheral 
hardware will be signed only with the M$ key.

Kevin Kofler

-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

2012-06-01 Thread Kevin Fenzi

On Fri, 01 Jun 2012 18:13:32 +0200
Kevin Kofler kevin.kof...@chello.at wrote:

 But why are you making this decision in the first place?

What decision ? 

They explained the issues and problem and came up with what they would
recommend we do. No decision has been made. 

 This:
 1. is a technical decision which affects the entirety of Fedora, and
 thus MUST go through a FESCo vote to be implemented, AND
 2. affects the core values of Fedora, and thus MUST go through a
 Board vote to be implemented.

 It is not acceptable that the kernel and GRUB maintainers are trying
 to sneak this in through the backdoor with no mandate whatsoever from
 our governance structure.

I honestly don't know what to say to you here... did you bother to
actually read the post? There's no sneaking, no decision, this is just
bringing the issue up for feedback. There will be a feature for FESCo,
there will be voting, all that stuff. Perhaps someone will come up with
a better solution by then. 

Attacking them for this as  sneak this in through the backdoor is
insulting. 

kevin




signature.asc
Description: PGP signature
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

Debarshi Ray wrote:
 By the way, I am assuming that you know that one can't modify Firefox and
 redistribute it as Firefox without certification.

I've been pointing out this issue in several threads. That's exactly why 
Fedora should finally follow Debian's lead and just rename Firefox.

Kevin Kofler

-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

On 06/01/2012 12:10 PM, Gerry Reno wrote:
 On 06/01/2012 12:07 PM, Kevin Kofler wrote:
 Peter Jones wrote:
 Next year if we don't implement some form of Secure Boot support, the
 majority of Fedora users will not be able to install Fedora on new
 machines.
 Nonsense. They will be able to install it very easily, they just need to set 
 a single boolean in their BIOS setup from Enabled to Disabled.

 Kevin Kofler


 And what happens to all the people who now dual-boot both Linux and Windows.

 How can you boot Windows w/SecureBoot  and  Linux w/o SecureBoot?

 .

How are you going to dual-boot:
Windows-8  and Windows-7
Windows-8  and Windows-XP
Windows-8  and Windows 2008 Server

Windows-8  and Fedora 16
Windows-8  and Fedora 17
Windows-8  and Fedora 18





-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

On 06/01/2012 12:30 PM, Kevin Kofler wrote:
 Debarshi Ray wrote:
 By the way, I am assuming that you know that one can't modify Firefox and
 redistribute it as Firefox without certification.
 I've been pointing out this issue in several threads. That's exactly why 
 Fedora should finally follow Debian's lead and just rename Firefox.

 Kevin Kofler


It's not going to matter b/c Chrome is eating Firefox lunch as far as market 
share.

.
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

Peter Jones wrote:
 I can see the loss of freedom, and I find it unfortunate, but despite
 what you've said above, you *are* distorting it. There's nothing you
 won't be able to do that you could do before. Doing it the same way
 will be harder than it was.

Then why are we not just requiring those steps from everyone?

Steps:
1. Disable Secure Boot (link to FSF explanation on what it really is)
2. Install Fedora

Kevin Kofler

-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

On 06/01/2012 12:10 PM, Gerry Reno wrote:
 On 06/01/2012 12:07 PM, Kevin Kofler wrote:
 Peter Jones wrote:
 Next year if we don't implement some form of Secure Boot support, the
 majority of Fedora users will not be able to install Fedora on new
 machines.
 Nonsense. They will be able to install it very easily, they just need to set 
 a single boolean in their BIOS setup from Enabled to Disabled.

 Kevin Kofler


 And what happens to all the people who now dual-boot both Linux and Windows.

 How can you boot Windows w/SecureBoot  and  Linux w/o SecureBoot?

 .

How are you going to dual-boot:
Windows-8  and Windows-7
Windows-8  and Windows-XP
Windows-8  and Windows 2008 Server

Windows-8  and Fedora 16
Windows-8  and Fedora 17
Windows-8  and Fedora 18





-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

2012-06-01 Thread Debarshi Ray

 By the way, I am assuming that you know that one can't modify Firefox and
 redistribute it as Firefox without certification.
 
 I've been pointing out this issue in several threads. That's exactly why 
 Fedora should finally follow Debian's lead and just rename Firefox.

Cool. Why not?

But then, you also know that trademarks have no bearing on software freedom.
Right? ;-)

Happy hacking,
Debarshi

-- 
KR is like the Bible. The fervent read it from end to end, the religious
keep a copy.  -- Arjun Shankar


pgpXt4GEE8zCj.pgp
Description: PGP signature
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

Gerry Reno wrote:
 How are you going to dual-boot:
 Windows-8  and Windows-7
 Windows-8  and Windows-XP
 Windows-8  and Windows 2008 Server
 
 Windows-8  and Fedora 16
 Windows-8  and Fedora 17
 Windows-8  and Fedora 18
 
 

You can't without changing the settings each time (or cracking Window$ 8 to 
remove the Secure Boot requirement, if such a patch comes out). But that's 
M$'s fault. As you already pointed out, it also affects multi-boots of 
different versions of their own OS.

Kevin Kofler

-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

2012-06-01 Thread Matthew Garrett

On Fri, Jun 01, 2012 at 06:16:37PM +0200, Kevin Kofler wrote:
 Adam Jackson wrote:
  False.  Quoting from Matthew's original post:
  
  A system in custom mode should allow you to delete all existing keys
  and replace them with your own. After that it's just a matter of
  re-signing the Fedora bootloader (like I said, we'll be providing tools
  and documentation for that) and you'll have a computer that will boot
  Fedora but which will refuse to boot any Microsoft code.
 
 Removing the M$ key is not viable because the firmware on some peripheral 
 hardware will be signed only with the M$ key.

It may be a little more awkward for desktops because you may have to 
handle the Microsoft-signed UEFI drivers on your graphics and network 
cards, but this is also solvable. I'm looking at ways to implement a 
tool to allow you to automatically whitelist the installed drivers.

-- 
Matthew Garrett | mj...@srcf.ucam.org
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

On 06/01/2012 12:45 PM, Matthew Garrett wrote:
 On Fri, Jun 01, 2012 at 06:16:37PM +0200, Kevin Kofler wrote:
 Adam Jackson wrote:
 False.  Quoting from Matthew's original post:

 A system in custom mode should allow you to delete all existing keys
 and replace them with your own. After that it's just a matter of
 re-signing the Fedora bootloader (like I said, we'll be providing tools
 and documentation for that) and you'll have a computer that will boot
 Fedora but which will refuse to boot any Microsoft code.
 Removing the M$ key is not viable because the firmware on some peripheral 
 hardware will be signed only with the M$ key.
 It may be a little more awkward for desktops because you may have to 
 handle the Microsoft-signed UEFI drivers on your graphics and network 
 cards, but this is also solvable. I'm looking at ways to implement a 
 tool to allow you to automatically whitelist the installed drivers.


We are all, Microsoft included, headed for signature-HELL.

This is going to gum up the entire x86 hardware ecosystem to such a point and 
Microsoft will rue the day they ever
dreamt up this nonsense.


.
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

drago01 wrote:

 On Fri, Jun 1, 2012 at 3:30 PM, Kevin Kofler wrote:
 They just work as long as you don't try to actually exercise one of the
 freedoms we stand for.
 
 Which one?

The freedom to study how the program works, and change it so it does your 
computing as you wish (freedom 1).
The freedom to distribute copies of your modified versions to others 
(freedom 3).
http://www.gnu.org/philosophy/free-sw.en.html

 It's as easy as setting an option in the firmware (BIOS) setup, so I
 don't see why we can't just require it from everyone.
 
 It is easy for you, for me, for pretty much everyone on this mailing
 list but there are different types of users out there.
 And you effectively want to limit those users to a proprietary OS
 (they cannot even try our live images anymore).

Just include instructions on how to disable Secure Boot on the common 
firmware types (on the website, and on the cover of the DVDs we hand out at 
events). There are only a handful BIOS vendors, I don't expect this to 
change much with UEFI.

Kevin Kofler

-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

Tom Callaway wrote:
 Do we want to support dual-booting with Windows 8? Microsoft describes
 SecureBoot enablement as Required for Windows 8 client [1]? What does
 that mean? We're not sure. At best, it means that BitLocker isn't going
 to work, at worst, big chunks of Windows 8 functionality will simply
 refuse to function until you turn SecureBoot back on.

You are assuming here that there will not be some cracker (or even just some 
frustrated dual boot user) patching this requirement out of Window$ 8 (no 
matter whether doing that is legal or not). (See what has been done to OS X 
and its restriction to Apple hardware only.)

The problem there is clearly on the Window$ side, nothing we can or should 
do about it.

Kevin Kofler

-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

On 06/01/2012 12:55 PM, Kevin Kofler wrote:
 Tom Callaway wrote:
 Do we want to support dual-booting with Windows 8? Microsoft describes
 SecureBoot enablement as Required for Windows 8 client [1]? What does
 that mean? We're not sure. At best, it means that BitLocker isn't going
 to work, at worst, big chunks of Windows 8 functionality will simply
 refuse to function until you turn SecureBoot back on.
 You are assuming here that there will not be some cracker (or even just some 
 frustrated dual boot user) patching this requirement out of Window$ 8 (no 
 matter whether doing that is legal or not). (See what has been done to OS X 
 and its restriction to Apple hardware only.)

wHackindows-8


-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

drago01 wrote:
 Secureboot support does *NOT* limit your freedom as long as it is
 optional (the default setting does not matter).

Then why are we bothering to support it in the first place?

Kevin Kofler

-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

2012-06-01 Thread Tomasz Torcz

On Fri, Jun 01, 2012 at 06:32:25PM +0200, Kevin Kofler wrote:
 Peter Jones wrote:
  I can see the loss of freedom, and I find it unfortunate, but despite
  what you've said above, you *are* distorting it. There's nothing you
  won't be able to do that you could do before. Doing it the same way
  will be harder than it was.
 
 Then why are we not just requiring those steps from everyone?
 
 Steps:
 1. Disable Secure Boot (link to FSF explanation on what it really is)
 2. Install Fedora

  Because the entire excercise is to allow Fedora install without tinkering
with firmware settings. It had to just work, even for people who never
ever pressed F2/Del during POST in their entire life.

-- 
Tomasz Torcz   RIP is irrevelant. Spoofing is futile.
xmpp: zdzich...@chrome.pl Your routes will be aggreggated. -- Alex Yuriev

-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

Cosimo Cecchi wrote:
 The point I'm trying to make is the default setting might actually be
 the most important thing that matters when it comes to new users that
 want to install Fedora.
 
 - You need to disable SecureBoot in the BIOS settings in order to
 install Fedora
 - BIOS settings? What's that? Oh a blueish DOS-like command-line thing?
 Freaky.

We just need to provide a step-by-step guide for fixing your firmware 
settings.

 Disable SecureBoot? Why on earth would I want to make my system less
 secure? *screw this Linux thing*

We just need to link to the FSF's explanation of what Secure Boot is 
really about, and/or write up our own.

Kevin Kofler

-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

2012-06-01 Thread Adam Williamson

On Fri, 2012-06-01 at 12:10 -0400, Tom Callaway wrote:

 We include wireless device firmware even though it isn't free. And we
 don't like doing that, but it is the only way to get wireless support
 out of the box in Fedora.

Tiny nit: no, it isn't. We could always write free firmware. This isn't
impossible, as openfwwf shows.

I think the drawing of some kind of comparison between wireless firmware
and secure boot is one of the weaker strands of argument the Pro Faction
is coming up with, to be honest. It seems to entirely ignore our
justification for why non-free firmware is 'okay' - that it's not
executed on the host processor. Last I checked, SecureBoot is.
-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora
http://www.happyassassin.net

-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

2012-06-01 Thread Jon Ciesla

On Fri, Jun 1, 2012 at 11:58 AM, Kevin Kofler kevin.kof...@chello.at wrote:
 Cosimo Cecchi wrote:
 The point I'm trying to make is the default setting might actually be
 the most important thing that matters when it comes to new users that
 want to install Fedora.

 - You need to disable SecureBoot in the BIOS settings in order to
 install Fedora
 - BIOS settings? What's that? Oh a blueish DOS-like command-line thing?
 Freaky.

 We just need to provide a step-by-step guide for fixing your firmware
 settings.

For all available firmware vendors and models?

-J

 Disable SecureBoot? Why on earth would I want to make my system less
 secure? *screw this Linux thing*

 We just need to link to the FSF's explanation of what Secure Boot is
 really about, and/or write up our own.

        Kevin Kofler

 --
 devel mailing list
 devel@lists.fedoraproject.org
 https://admin.fedoraproject.org/mailman/listinfo/devel



-- 
http://cecinestpasunefromage.wordpress.com/

in your fear, seek only peace
in your fear, seek only love

-d. bowie
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only

2012-06-01 Thread Chris Murphy

It will be interesting to see how Apple implements Secure Boot on their 
hardware. Historically their firmwares are not user configurable at all. I will 
be supremely shocked if they allow user or 3rd party installable keys, rather 
than only Apple and Microsoft keys, let alone the ability for the user to 
disable Secure Boot.

iOS devices presently use a form of secure boot. There's every reason to 
believe Apple will eventually do this on their Mac OS devices.

Is UEFI Secure Boot really the only way to prevent the problem it attempts to 
solve, and if so, what about the plethora of BIOS hardware in the world today, 
still even shipping as new systems? They're all unacceptably exposed? Really?


Chris Murphy
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Re: *countable infinities only