On Fri, 2012-06-01 at 19:03 +0200, Tomasz Torcz wrote:
On Fri, Jun 01, 2012 at 06:32:25PM +0200, Kevin Kofler wrote:
Peter Jones wrote:
I can see the loss of freedom, and I find it unfortunate, but despite
what you've said above, you *are* distorting it. There's nothing you
won't be
On Fri, 2012-06-01 at 18:58 +0200, Kevin Kofler wrote:
Cosimo Cecchi wrote:
The point I'm trying to make is the default setting might actually be
the most important thing that matters when it comes to new users that
want to install Fedora.
- You need to disable SecureBoot in the BIOS
On Jun 1, 2012, at 9:54 AM, drago01 wrote:
In case enabled secureboot is the only option (i.e we somehow refuse
to boot with it disabled) then (and only then) you can talk about
removed freedom otherwise this is just FUD.
It's an assumption there will be an option to disable it. This is up to
Once upon a time, Kevin Kofler kevin.kof...@chello.at said:
Nonsense. They will be able to install it very easily, they just need to set
a single boolean in their BIOS setup from Enabled to Disabled.
For many users, telling them to change a BIOS setting is Greek to them.
There are a lot of
Once upon a time, Kevin Kofler kevin.kof...@chello.at said:
It is not acceptable that the kernel and GRUB maintainers are trying to
sneak this in through the backdoor with no mandate whatsoever from our
governance structure.
Please stop with the conspiracy theories and stick to technical
On Fri, Jun 1, 2012 at 6:46 PM, Kevin Kofler kevin.kof...@chello.at wrote:
drago01 wrote:
On Fri, Jun 1, 2012 at 3:30 PM, Kevin Kofler wrote:
They just work as long as you don't try to actually exercise one of the
freedoms we stand for.
Which one?
The freedom to study how the program
Chris Adams wrote:
For many users, telling them to change a BIOS setting is Greek to them.
So we need step-by-step instructions for the common BIOSes. Not
unsurmountable.
There are a lot of options, and some can break your computer; it is far
from an easy change.
The option they need to
On Fri, Jun 1, 2012 at 6:56 PM, Kevin Kofler kevin.kof...@chello.at wrote:
drago01 wrote:
Secureboot support does *NOT* limit your freedom as long as it is
optional (the default setting does not matter).
Then why are we bothering to support it in the first place?
Because it is *easier* for
On Fri, Jun 1, 2012 at 7:44 PM, Chris Murphy li...@colorremedies.com wrote:
On Jun 1, 2012, at 9:54 AM, drago01 wrote:
In case enabled secureboot is the only option (i.e we somehow refuse
to boot with it disabled) then (and only then) you can talk about
removed freedom otherwise this is just
Adam Williamson wrote:
KK's position is that this is not true. He is arguing that it's better
to require people to disable Secure Boot and use this as an opportunity
to explain the problems with it, than to come up with a compromise that
allows us to install in Secure Boot-enabled mode but:
Once upon a time, Kevin Kofler kevin.kof...@chello.at said:
The option they need to change has a very specific name (Secure Boot).
IMHO, users should be able to find it even without more detailed
instructions.
I haven't seen such a system myself yet, but when I look at the UEFI
specs, it
Cosimo Cecchi wrote:
How do you think somebody ignorant of the politics behind Free Software
would trust the FSF (or Fedora) more than the hardware vendor (or
Microsoft)?
If they don't trust us, why would they try our software in the first place?
Kevin Kofler
--
devel mailing list
Jon Ciesla wrote:
For all available firmware vendors and models?
For the ones that end users are actually likely to have, which aren't that
many. There are much fewer BIOS vendors than hardware vendors.
Kevin Kofler
--
devel mailing list
devel@lists.fedoraproject.org
On Fri, 2012-06-01 at 18:16 +0200, Kevin Kofler wrote:
Adam Jackson wrote:
False. Quoting from Matthew's original post:
A system in custom mode should allow you to delete all existing keys
and replace them with your own. After that it's just a matter of
re-signing the Fedora
On Fri, 1 Jun 2012 11:44:17 -0600
Chris Murphy li...@colorremedies.com wrote:
On Jun 1, 2012, at 9:54 AM, drago01 wrote:
In case enabled secureboot is the only option (i.e we somehow refuse
to boot with it disabled) then (and only then) you can talk about
removed freedom otherwise this
2012/6/1 Kevin Kofler kevin.kof...@chello.at:
Cosimo Cecchi wrote:
How do you think somebody ignorant of the politics behind Free Software
would trust the FSF (or Fedora) more than the hardware vendor (or
Microsoft)?
If they don't trust us, why would they try our software in the first place?
On Fri, Jun 01, 2012 at 07:53:36PM +0200, Kevin Kofler wrote:
Jon Ciesla wrote:
For all available firmware vendors and models?
For the ones that end users are actually likely to have, which aren't that
many. There are much fewer BIOS vendors than hardware vendors.
Documenting the
On 06/01/2012 12:07 PM, Kevin Kofler wrote:
Peter Jones wrote:
Next year if we don't implement some form of Secure Boot support, the
majority of Fedora users will not be able to install Fedora on new
machines.
Nonsense. They will be able to install it very easily, they just need to set
a
Windows-8 will install/boot on existing hardware w/o SecureBoot.
Will Windows-8 install/boot on new hardware that contains SecureBoot without
SecureBoot enabled?
Can users flash BIOS to remove SecureBoot?
.
--
devel mailing list
devel@lists.fedoraproject.org
On 06/01/2012 12:38 PM, Adam Williamson wrote:
On Fri, 2012-06-01 at 12:10 -0400, Tom Callaway wrote:
We include wireless device firmware even though it isn't free. And we
don't like doing that, but it is the only way to get wireless support
out of the box in Fedora.
Tiny nit: no, it
On Fri, 01 Jun 2012 14:16:45 -0400
Gerry Reno gr...@verizon.net wrote:
Windows-8 will install/boot on existing hardware w/o SecureBoot.
My understanding: no.
Will Windows-8 install/boot on new hardware that contains SecureBoot
without SecureBoot enabled?
My understanding: no.
Can
On 06/01/2012 12:58 PM, Kevin Kofler wrote:
Cosimo Cecchi wrote:
The point I'm trying to make is the default setting might actually be
the most important thing that matters when it comes to new users that
want to install Fedora.
- You need to disable SecureBoot in the BIOS settings in order to
On Fri, 1 Jun 2012 20:08:13 +0200
Tomasz Torcz to...@pipebreaker.pl wrote:
On Fri, Jun 01, 2012 at 07:53:36PM +0200, Kevin Kofler wrote:
Jon Ciesla wrote:
For all available firmware vendors and models?
For the ones that end users are actually likely to have, which
aren't that many.
On 06/01/2012 02:19 PM, Kevin Fenzi wrote:
On Fri, 01 Jun 2012 14:16:45 -0400
Gerry Reno gr...@verizon.net wrote:
Windows-8 will install/boot on existing hardware w/o SecureBoot.
My understanding: no.
There are multiple examples on the web of people installing Windows-8 on
existing
On Fri, 2012-06-01 at 18:58 +0200, Kevin Kofler wrote:
Cosimo Cecchi wrote:
The point I'm trying to make is the default setting might actually be
the most important thing that matters when it comes to new users that
want to install Fedora.
- You need to disable SecureBoot in the BIOS
On Fri, Jun 01, 2012 at 02:16:45PM -0400, Gerry Reno wrote:
Windows-8 will install/boot on existing hardware w/o SecureBoot.
Yes.
Will Windows-8 install/boot on new hardware that contains SecureBoot without
SecureBoot enabled?
Yes.
Can users flash BIOS to remove SecureBoot?
No.
--
On 06/01/2012 02:24 PM, Matthew Garrett wrote:
On Fri, Jun 01, 2012 at 02:16:45PM -0400, Gerry Reno wrote:
Windows-8 will install/boot on existing hardware w/o SecureBoot.
Yes.
Will Windows-8 install/boot on new hardware that contains SecureBoot without
SecureBoot enabled?
Yes.
Can users
On Fri, 01 Jun 2012 14:26:12 -0400
Gerry Reno gr...@verizon.net wrote:
On 06/01/2012 02:24 PM, Matthew Garrett wrote:
On Fri, Jun 01, 2012 at 02:16:45PM -0400, Gerry Reno wrote:
Windows-8 will install/boot on existing hardware w/o SecureBoot.
Yes.
Will Windows-8 install/boot on new
On Fri, Jun 01, 2012 at 02:26:12PM -0400, Gerry Reno wrote:
Everyone is singing a different tune about these possibilities.
My guesses would have been:
Yes.
No.
Yes.
Your guesses would be wrong.
--
Matthew Garrett | mj...@srcf.ucam.org
--
devel mailing list
devel@lists.fedoraproject.org
On Jun 1, 2012, at 12:06 PM, Kevin Fenzi wrote:
On Fri, 1 Jun 2012 11:44:17 -0600
Chris Murphy li...@colorremedies.com wrote:
On Jun 1, 2012, at 9:54 AM, drago01 wrote:
In case enabled secureboot is the only option (i.e we somehow refuse
to boot with it disabled) then (and only then)
On Jun 1, 2012, at 12:16 PM, Gerry Reno wrote:
Can users flash BIOS to remove SecureBoot?
BIOS doesn't have Secure Boot. UEFI != BIOS.
Chris Murphy
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
On Jun 1, 2012, at 12:19 PM, Kevin Fenzi wrote:
On Fri, 01 Jun 2012 14:16:45 -0400
Gerry Reno gr...@verizon.net wrote:
Windows-8 will install/boot on existing hardware w/o SecureBoot.
My understanding: no.
I think that's untenable. My understanding is simply that the Windows
On 06/01/2012 02:26 PM, Gerry Reno wrote:
On 06/01/2012 02:24 PM, Matthew Garrett wrote:
On Fri, Jun 01, 2012 at 02:16:45PM -0400, Gerry Reno wrote:
Windows-8 will install/boot on existing hardware w/o SecureBoot.
Yes.
Will Windows-8 install/boot on new hardware that contains SecureBoot
On Fri, 2012-06-01 at 14:18 -0400, Tom Callaway wrote:
On 06/01/2012 12:38 PM, Adam Williamson wrote:
On Fri, 2012-06-01 at 12:10 -0400, Tom Callaway wrote:
We include wireless device firmware even though it isn't free. And we
don't like doing that, but it is the only way to get wireless
On 06/01/2012 01:22 PM, Chris Murphy wrote:
Is UEFI Secure Boot really the only way to prevent the problem it attempts to
solve, and if so, what about the plethora of BIOS hardware in the world
today, still even shipping as new systems? They're all unacceptably exposed?
Really?
That's the
They just work as long as you don't try to actually exercise one of the
freedoms we stand for.
Which one?
The freedom to study how the program works, and change it so it does your
computing as you wish (freedom 1).
The freedom to distribute copies of your modified versions to others
On 06/01/2012 11:54 AM, drago01 wrote:
On Fri, Jun 1, 2012 at 5:40 PM, Kevin Koflerkevin.kof...@chello.at wrote:
Cosimo Cecchi wrote:
I don't want to jump in the technicality of this discussion, but I can
only hope any solution that requires users to fiddle with BIOS
settings in order to
On 06/01/2012 12:02 PM, Cosimo Cecchi wrote:
On Fri, 2012-06-01 at 17:54 +0200, drago01 wrote:
On Fri, Jun 1, 2012 at 5:40 PM, Kevin Koflerkevin.kof...@chello.at wrote:
Cosimo Cecchi wrote:
I don't want to jump in the technicality of this discussion, but I can
only hope any solution that
On Fri, Jun 01, 2012 at 02:55:42PM -0400, Steve Clark wrote:
What about on ARM?
The inability for users to enrol keys or disable secure boot means we
have no intention of supporting it on ARM.
--
Matthew Garrett | mj...@srcf.ucam.org
--
devel mailing list
devel@lists.fedoraproject.org
On Fri, 2012-06-01 at 14:55 -0400, Steve Clark wrote:
On 06/01/2012 11:54 AM, drago01 wrote:
On Fri, Jun 1, 2012 at 5:40 PM, Kevin Kofler kevin.kof...@chello.at wrote:
Cosimo Cecchi wrote:
I don't want to jump in the technicality of this discussion, but I can
only hope any solution
On 06/01/2012 12:55 PM, Kevin Kofler wrote:
The problem there is clearly on the Window$ side, nothing we can or should
do about it.
Clearly, there is something we can do, as something has been proposed.
Also, I refuse to argue any further down the logic path of What if
someone does something
On Fri, 2012-06-01 at 14:57 -0400, Steve Clark wrote:
On 06/01/2012 12:02 PM, Cosimo Cecchi wrote:
The point I'm trying to make is the default setting might actually be
the most important thing that matters when it comes to new users that
want to install Fedora.
- You need to disable
I just read through the MS docs on SecureBoot and this is the biggest
Rube-Goldberg machine.
I could not think of a nastier solution to a problem than what they've dreamt
up here.
The whole problem they are trying to solve is that of booting only known-good
code.
That would be much easier
On Fri, 2012-06-01 at 20:08 +0200, Tomasz Torcz wrote:
On Fri, Jun 01, 2012 at 07:53:36PM +0200, Kevin Kofler wrote:
Jon Ciesla wrote:
For all available firmware vendors and models?
For the ones that end users are actually likely to have, which aren't that
many. There are much fewer
On Fri, 2012-06-01 at 12:33 -0400, Gerry Reno wrote:
On 06/01/2012 12:30 PM, Kevin Kofler wrote:
Debarshi Ray wrote:
By the way, I am assuming that you know that one can't modify Firefox and
redistribute it as Firefox without certification.
I've been pointing out this issue in several
On Fri, 2012-06-01 at 15:14 -0400, Gerry Reno wrote:
I just read through the MS docs on SecureBoot and this is the biggest
Rube-Goldberg machine.
I could not think of a nastier solution to a problem than what they've dreamt
up here.
The whole problem they are trying to solve is that
On 06/01/2012 03:22 PM, Adam Williamson wrote:
On Fri, 2012-06-01 at 15:14 -0400, Gerry Reno wrote:
I just read through the MS docs on SecureBoot and this is the biggest
Rube-Goldberg machine.
I could not think of a nastier solution to a problem than what they've
dreamt up here.
The
On Jun 1, 2012, at 1:14 PM, Gerry Reno wrote:
That would be much easier accomplished by having the OS reside on a read-only
device that could only be written to by
the user actively using hardware to enable the write during installation.
Except this hardware does not exist, and it only took
On Jun 1, 2012, at 1:16 PM, Adam Williamson wrote:
I have no goddamn
clue why. It's completely stupid. But they do it. You can't rely on a
system from HP with, say, a Phoenix firmware to have the same interface
as a system from Dell with a Phoenix firmware.
Branding and marketing is one of
On 06/01/2012 03:32 PM, Chris Murphy wrote:
On Jun 1, 2012, at 1:14 PM, Gerry Reno wrote:
That would be much easier accomplished by having the OS reside on a
read-only device that could only be written to by
the user actively using hardware to enable the write during installation.
Except
On 6/1/12 12:16 PM, Kevin Kofler wrote:
Adam Jackson wrote:
False. Quoting from Matthew's original post:
A system in custom mode should allow you to delete all existing keys
and replace them with your own. After that it's just a matter of
re-signing the Fedora bootloader (like I said, we'll
On Fri, Jun 1, 2012 at 1:16 PM, Adam Williamson awill...@redhat.com wrote:
I replied elsewhere in the thread, but I believe KK is significantly
underestimating things here. There are indeed only a few system firmware
vendors, who write the firmwares for just about all PCs under contract
from
On Jun 1, 2012, at 1:30 PM, Gerry Reno wrote:
My practical point is that Microsoft chose this particular solution not as
the best way to solve the issue of booting
known-good code but as a way of impacting Linux and it whole concept of
software freedoms.
Point declined.
practical
On Fri, Jun 01, 2012 at 12:16:59PM -0700, Adam Williamson wrote:
On Fri, 2012-06-01 at 20:08 +0200, Tomasz Torcz wrote:
On Fri, Jun 01, 2012 at 07:53:36PM +0200, Kevin Kofler wrote:
Jon Ciesla wrote:
For all available firmware vendors and models?
For the ones that end users are
On Jun 1, 2012, at 1:37 PM, Gerry Reno wrote:
Drive manufacturers need to do nothing.
One drive probably SSD at this point, gets dedicated to OS. Other drive to
everything else.
Cute, so you're requiring everyone have two drives. Well I don't want two
drives in my laptop, I want one. Now
On Fri, Jun 1, 2012 at 2:37 PM, Gerry Reno gr...@verizon.net wrote:
On 06/01/2012 03:32 PM, Chris Murphy wrote:
On Jun 1, 2012, at 1:14 PM, Gerry Reno wrote:
That would be much easier accomplished by having the OS reside on a
read-only device that could only be written to by
the user
On 06/01/2012 01:24 PM, Matthew Garrett wrote:
On Fri, Jun 01, 2012 at 02:16:45PM -0400, Gerry Reno wrote:
Windows-8 will install/boot on existing hardware w/o SecureBoot.
Yes.
Will Windows-8 install/boot on new hardware that contains SecureBoot without
SecureBoot enabled?
Yes.
Will
On 06/01/2012 03:56 PM, Jon Ciesla wrote:
On Fri, Jun 1, 2012 at 2:37 PM, Gerry Reno gr...@verizon.net wrote:
Drive manufacturers need to do nothing.
One drive probably SSD at this point, gets dedicated to OS. Other drive to
everything else.
The read-write controllable interfaces already
On Fri, Jun 01, 2012 at 03:03:54PM -0500, Michael Ekstrand wrote:
Will OEM Windows 8 installs - requiring SecureBoot to be enabled as per
logo requirements - boot on such hardware with SecureBoot disabled? Or
will only retail/upgrade installs install on SecureBoot-capable but
disabled
On 06/01/2012 12:46 PM, Kevin Kofler wrote:
Just include instructions on how to disable Secure Boot on the common
firmware types (on the website, and on the cover of the DVDs we hand out at
events). There are only a handful BIOS vendors, I don't expect this to
change much with UEFI.
Not that
On Fri, Jun 01, 2012 at 12:02:10PM -0400, Cosimo Cecchi wrote:
- You need to disable SecureBoot in the BIOS settings in order to
install Fedora
- BIOS settings? What's that? Oh a blueish DOS-like command-line thing?
Freaky. Disable SecureBoot? Why on earth would I want to make my system
On Fri, Jun 01, 2012 at 09:52:20AM +0300, Nicu Buculei wrote:
On 05/31/2012 05:13 PM, Chris Adams wrote:
Please don't spread FUD like this. You are wrong for a couple of
reasons:
- Secure boot is required to be able to be disabled on x86 (the only
platform Fedora will support it).
Peter Jones wrote:
We don't know what all firmwares' UI's will look like, and it's possible -
even somewhat reasonable - that instead of enable secure boot [X] some
vendors would implement it, for example, as [remove trusted key] or
possibly a combo box with options [user mode, setup mode,
Chris Adams wrote:
Please stop with the conspiracy theories and stick to technical
discussions. This very thread is proof that nobody is trying to sneak
this in.
No, it's not. The thread was started by one of the people opposing the plan.
Kevin Kofler
--
devel mailing list
Tomasz Torcz wrote:
Documenting the procedure may be viable after all. Kevin, could you start
writing such guides on Fedora wiki?
I cannot start documenting this before the first Secure-Boot-enabled
firmware actually ships.
Kevin Kofler
--
devel mailing list
Chris Murphy wrote:
b.) Disabling Secure Boot entirely for both operating systems.
That outcome is inherently user hostile on both counts.
I don't see how b would be hostile, at all, given that Matthew Garrett
(who has the insider information) says that Window$ 8 will boot just fine in
that
drago01 wrote:
Because it is *easier* for ordinary users to try and test fedora with
it (on new hardware).
i.e it increases the reach of free software instead of limiting it
(what you and others propose in the name of freedom).
But the software is only actually free once Restricted Boot is
Michael scherer wrote:
For the record, UEFI based motherboard would likely have a graphical
interface, so no blueish DOS-like commandline thing.
Of course, that also permit endless graphical customisation.
See for example
http://www.youtube.com/watch?v=YLwHKHqBitc
Peter Jones wrote:
Not that I don't think this is worth doing - I really do - but there's
another problem here. We're not going to know what final firmware UIs look
like until the hardware ships, and that's more than likely going to be
after F18 GA.
Web pages can be updated. We can even use
On Thu, May 31, 2012 at 11:34 AM, Peter Jones wrote:
On 05/31/2012 11:10 AM, Basil Mohamed Gohar wrote:
This will exclude a whole class of usages that are currently available
to Fedora users, such as the ReSpin projects that Fedora Unity used to
produce from stock Fedora packages as well as
Once upon a time, Kevin Kofler kevin.kof...@chello.at said:
Chris Adams wrote:
Please stop with the conspiracy theories and stick to technical
discussions. This very thread is proof that nobody is trying to sneak
this in.
No, it's not. The thread was started by one of the people
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 05/31/2012 02:48 PM, Gregory Maxwell wrote:
From Fedora 18 on, Fedora will no longer include the freedom to for
a user to create a fork or respin which is the technological equal
of the Project's output. Instead, this freedom will be available
On 05/31/2012 09:48 AM, Gregory Maxwell wrote:
From Fedora 18 on, Fedora will no longer include the freedom to for a
user to create a fork or respin which is the technological equal of
the Project's output. Instead, this freedom will be available
exclusively from Microsoft for $99 under
Once upon a time, Gregory Maxwell gmaxw...@gmail.com said:
From Fedora 18 on, Fedora will no longer include the freedom to for a
user to create a fork or respin which is the technological equal of
the Project's output. Instead, this freedom will be available
exclusively from Microsoft for $99
On Thu, May 31, 2012 at 9:56 AM, Bryn M. Reeves b...@redhat.com wrote:
abundantly clear that there are no restrictions placed on users who do
not wish to have the secure boot signature checks enforced.
Yes, I read it and spent several hours talking to MJG before he posted
it, in fact.
I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 05/31/2012 03:23 PM, Gregory Maxwell wrote:
I thought I'd pay him the respect of sleeping on it and giving
someone in support of this rather secretive move time to post about
it and discuss it, so that people wouldn't be learning about it
from
On Thu, 2012-05-31 at 10:23 -0400, Gregory Maxwell wrote:
On Thu, May 31, 2012 at 9:56 AM, Bryn M. Reeves b...@redhat.com wrote:
abundantly clear that there are no restrictions placed on users who do
not wish to have the secure boot signature checks enforced.
Yes, I read it and spent
On 05/31/2012 10:23 AM, Gregory Maxwell wrote:
On Thu, May 31, 2012 at 10:04 AM, Peter Jonespjo...@redhat.com wrote:
You're wrong. Users will have the ability to create their own signing
certificates with openssl and sign their own binaries. Using MS as a signer
only buys you the convenience
Once upon a time, Gregory Maxwell gmaxw...@gmail.com said:
Under this model there will be two classes of distributor: One which
loads easily on systems, and one which requires the additional effort
of disabling secure boot or installing user keys. (And ARM will be
even more interesting...)
On Thu, 2012-05-31 at 10:23 -0400, Gregory Maxwell wrote:
this will mean that Fedora will be losing a freedom it
once had— the freedom to make forks at no cost which are technically
equal to the projects, ones which are just as compatible and easy to
install.
I don't really think this is
On 05/31/2012 10:52 AM, Chris Adams wrote:
Once upon a time, Gregory Maxwell gmaxw...@gmail.com said:
Under this model there will be two classes of distributor: One which
loads easily on systems, and one which requires the additional effort
of disabling secure boot or installing user keys.
On 05/31/2012 11:10 AM, Basil Mohamed Gohar wrote:
This will exclude a whole class of usages that are currently available
to Fedora users, such as the ReSpin projects that Fedora Unity used to
produce from stock Fedora packages as well as any other downstream
projects that build on Fedora.
It
On 05/31/2012 11:47 AM, Gregory Maxwell wrote:
On Thu, May 31, 2012 at 10:32 AM, Bryn M. Reevesb...@redhat.com wrote:
That discussion is happening right now. You're welcome to join in.
That wasn't my understanding, my understanding is that this is a done
deal and not up for discussion. I'm
http://www.fsf.org/campaigns/secure-boot-vs-restricted-boot/statement
SecureBoot is not about security. It is about restriction.
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
On 05/31/2012 12:04 PM, Gerry Reno wrote:
SecureBoot is not about security. It is about restriction.
If you're looking for a mantra to recite ad infinitum, that's a fine one, but
right now we're looking for ideas that are helpful and productive instead.
--
Peter
--
devel mailing list
On 05/31/2012 12:06 PM, Peter Jones wrote:
On 05/31/2012 12:04 PM, Gerry Reno wrote:
SecureBoot is not about security. It is about restriction.
If you're looking for a mantra to recite ad infinitum, that's a fine one, but
right now we're looking for ideas that are helpful and productive
On Thu, May 31, 2012 at 6:04 PM, Gerry Reno gr...@verizon.net wrote:
http://www.fsf.org/campaigns/secure-boot-vs-restricted-boot/statement
SecureBoot is not about security. It is about restriction.
That is just untrue. SecureBoot can be used to make sure you only run
the software you
On 05/31/2012 12:06 PM, Peter Jones wrote:
On 05/31/2012 12:04 PM, Gerry Reno wrote:
SecureBoot is not about security. It is about restriction.
If you're looking for a mantra to recite ad infinitum, that's a fine
one, but
right now we're looking for ideas that are helpful and productive
On 05/31/2012 12:13 PM, Miloslav Trmač wrote:
On Thu, May 31, 2012 at 6:04 PM, Gerry Reno gr...@verizon.net wrote:
http://www.fsf.org/campaigns/secure-boot-vs-restricted-boot/statement
SecureBoot is not about security. It is about restriction.
That is just untrue. SecureBoot can be used
On Thu, May 31, 2012 at 6:16 PM, Gerry Reno gr...@verizon.net wrote:
On 05/31/2012 12:13 PM, Miloslav Trmač wrote:
On Thu, May 31, 2012 at 6:04 PM, Gerry Reno gr...@verizon.net wrote:
http://www.fsf.org/campaigns/secure-boot-vs-restricted-boot/statement
SecureBoot is not about security.
On 05/31/2012 12:18 PM, Miloslav Trmač wrote:
On Thu, May 31, 2012 at 6:16 PM, Gerry Reno gr...@verizon.net wrote:
On 05/31/2012 12:13 PM, Miloslav Trmač wrote:
On Thu, May 31, 2012 at 6:04 PM, Gerry Reno gr...@verizon.net wrote:
On Thu, May 31, 2012 at 12:11 PM, Gerry Reno gr...@verizon.net wrote:
This is a monopolistic attack disguised as a security effort.
The highly restrictive technological approach that has been taken needs to be
challenged in the courts.
I'd rather see Microsoft users have to attach a dongle to
Basil Mohamed Gohar (basilgo...@librevideo.org) said:
Remove Microsoft's keys, problem solved.
Ah, yes, but then you also won't be able to run Fedora, under the
currently proposed solution. Oops! See how slick the slope is?
If you're dumb enough to 1) remove all the keys without putting a
On 05/31/2012 12:11 PM, Gerry Reno wrote:
This is a monopolistic attack disguised as a security effort.
The argument that it's a security effort is bolstered in many vendors eyes
by the existence of attacks in the wild which Secure Boot would prevent.
As a practical matter, I'm going to go
On 05/31/2012 12:21 PM, Bill Nottingham wrote:
Basil Mohamed Gohar (basilgo...@librevideo.org) said:
Remove Microsoft's keys, problem solved.
Ah, yes, but then you also won't be able to run Fedora, under the
currently proposed solution. Oops! See how slick the slope is?
If you're dumb
On 05/31/2012 12:22 PM, Peter Jones wrote:
On 05/31/2012 12:11 PM, Gerry Reno wrote:
This is a monopolistic attack disguised as a security effort.
The argument that it's a security effort is bolstered in many vendors eyes
by the existence of attacks in the wild which Secure Boot would
On Thu, May 31, 2012 at 6:22 PM, Gregory Maxwell gmaxw...@gmail.com wrote:
On Thu, May 31, 2012 at 12:11 PM, Gerry Reno gr...@verizon.net wrote:
On Thu, May 31, 2012 at 12:13 PM, Miloslav Trmač m...@volny.cz wrote:
That is just untrue. SecureBoot can be used to make sure you only run
the
On 05/31/2012 12:16 PM, Gerry Reno wrote:
On 05/31/2012 12:13 PM, Miloslav Trmač wrote:
On Thu, May 31, 2012 at 6:04 PM, Gerry Renogr...@verizon.net wrote:
http://www.fsf.org/campaigns/secure-boot-vs-restricted-boot/statement
SecureBoot is not about security. It is about restriction.
On 05/31/2012 12:46 PM, Peter Jones wrote:
On 05/31/2012 12:16 PM, Gerry Reno wrote:
On 05/31/2012 12:13 PM, Miloslav Trmač wrote:
On Thu, May 31, 2012 at 6:04 PM, Gerry Renogr...@verizon.net wrote:
http://www.fsf.org/campaigns/secure-boot-vs-restricted-boot/statement
SecureBoot is not
On 05/31/2012 12:53 PM, Gerry Reno wrote:
On 05/31/2012 12:51 PM, Matthew Garrett wrote:
On Thu, May 31, 2012 at 12:49:53PM -0400, Gerry Reno wrote:
The issue could be solved by having the SecureBoot default setting depend
on the OS being booted:
SecureBoot should only be Default:ON for
401 - 500 of 555 matches
Mail list logo
