On Sat, Jun 02, 2012 at 04:57:20PM +0200, Kevin Kofler wrote:
I didn't simply walk away either back in the day where RHL wouldn't
boot without disabling the Plug and Play operating system option in
the BIOS.
You're a pretty atypical case.
I found it perfectly normal that the firmware
On Sat, Jun 2, 2012 at 12:04 PM, Chris Adams cmad...@hiwaay.net wrote:
Once upon a time, Gregory Maxwell gmaxw...@gmail.com said:
When I create a fork, respin, or remix of Fedora and distribute it to
people it will not run for them like Fedora does without a level of
fiddling which the people
On Sat, 02 Jun 2012 16:57:20 +0200
Kevin Kofler kevin.kof...@chello.at wrote:
Peter Jones wrote:
But I also think it's important for our distro to work out of the
box on new computers without having to do that. If we don't have
that, people will simply walk away.
And I don't think
On Sat, Jun 02, 2012 at 12:24:51PM -0400, Gregory Maxwell wrote:
I'd like to now summon the folks arguing for this who earlier insisted
that Fedora was being upfront about the tradeoffs here to come argue
with people that there isn't a material loss of freedom. Being
upfront means not only
On Sat, Jun 02, 2012 at 10:31:20AM -0600, Kevin Fenzi wrote:
What happens if you try and boot an unsigned image? I assume the error
you get is up to the BIOS folks? So, it could be misleading, confusing,
depressing or all three. It may be that people will see just Failed to
secure boot and
On Sat, Jun 02, 2012 at 12:18:17PM -0400, Orcan Ogetbil wrote:
Hmm, will the package maintainers have the freedom to not support
users who have the secureboot enabled? How are we going to detect
this?
Any piece of userspace can read the SecureBoot and SetupMode variables
and check that
On Sat, Jun 2, 2012 at 12:40 PM, Matthew Garrett wrote:
On Sat, Jun 02, 2012 at 12:18:17PM -0400, Orcan Ogetbil wrote:
Hmm, will the package maintainers have the freedom to not support
users who have the secureboot enabled? How are we going to detect
this?
Any piece of userspace can read
On Sat, Jun 2, 2012 at 11:40 AM, Matthew Garrett mj...@srcf.ucam.org wrote:
On Sat, Jun 02, 2012 at 12:18:17PM -0400, Orcan Ogetbil wrote:
Hmm, will the package maintainers have the freedom to not support
users who have the secureboot enabled? How are we going to detect
this?
Any piece of
On 06/02/2012 09:24 AM, Gregory Maxwell wrote:
(Users would have to disable
yum's gpg checking in order to install your unsigned package, or they would
have to install/your/ gpg key and trust it in order to install the package
signed with your key).
I distribute modified copies of
Debarshi Ray wrote:
It is not clear to me what base N stands for.
As far as I can tell, it's baseball slang. Some people seem to think
everyone in the world knows how baseball is played.
Kevin Kofler
--
devel mailing list
devel@lists.fedoraproject.org
Kevin Fenzi wrote:
What happens if you try and boot an unsigned image? I assume the error
you get is up to the BIOS folks? So, it could be misleading, confusing,
depressing or all three. It may be that people will see just Failed to
secure boot and think there's something wrong with Fedora.
On Sat, 2 Jun 2012 17:36:47 +0100
Matthew Garrett mj...@srcf.ucam.org wrote:
On Sat, Jun 02, 2012 at 10:31:20AM -0600, Kevin Fenzi wrote:
What happens if you try and boot an unsigned image? I assume the
error you get is up to the BIOS folks? So, it could be misleading,
confusing,
inode0 wrote:
Doing this in my mind should not be allowed as it discriminates
against a subset of users. Whether this is legally allowed or not I
hope no one would consider doing it.
I agree. Either Fedora supports Secure Boot or it doesn't, doing this per
package is a very bad idea (unless
Once upon a time, Kevin Kofler kevin.kof...@chello.at said:
inode0 wrote:
Doing this in my mind should not be allowed as it discriminates
against a subset of users. Whether this is legally allowed or not I
hope no one would consider doing it.
I agree. Either Fedora supports Secure Boot
On Sat, Jun 2, 2012 at 1:18 PM, Kevin Kofler wrote:
inode0 wrote:
Doing this in my mind should not be allowed as it discriminates
against a subset of users. Whether this is legally allowed or not I
hope no one would consider doing it.
I agree. Either Fedora supports Secure Boot or it
On 06/02/2012 11:05 PM, Orcan Ogetbil wrote:
I am more concerned about the package maintenance level. At the
package maintenance level, it does not make sense to patch against the
upstream decision. On the other hand, a package maintainer should have
the right to not support users filing
On Sat, Jun 2, 2012 at 2:07 PM, Kevin Kofler kevin.kof...@chello.at wrote:
drago01 wrote:
You can even download the kernel source, study and modify it compile
and resign it and use it just fine with secureboot.
Either by using your own key or by using one from a CA (in this case
MS) for 99$.
On Sat, Jun 2, 2012 at 1:53 PM, Rahul Sundaram wrote:
You are responsible as a package maintainer for bugs against
the package. If you don't want to deal with it, give up the package or
find a co-maintainer who will deal with such issues. When you work
within a community, it is a project
On Sat, 2012-06-02 at 14:02 -0400, Orcan Ogetbil wrote:
On Sat, Jun 2, 2012 at 1:53 PM, Rahul Sundaram wrote:
You are responsible as a package maintainer for bugs against
the package. If you don't want to deal with it, give up the package or
find a co-maintainer who will deal with such
On Sat, Jun 2, 2012 at 5:38 PM, Gregory Maxwell gmaxw...@gmail.com wrote:
On Sat, Jun 2, 2012 at 5:32 AM, drago01 drag...@gmail.com wrote:
Or you don't do the later and just disable secureboot. Your freedom is
in *no way* limited by having secureboot support.
Let me repeat it again supporting
On Sat, Jun 2, 2012 at 2:12 PM, Pierre-Yves Chibon wrote:
On Sat, 2012-06-02 at 14:02 -0400, Orcan Ogetbil wrote:
On Sat, Jun 2, 2012 at 1:53 PM, Rahul Sundaram wrote:
You are responsible as a package maintainer for bugs against
the package. If you don't want to deal with it, give up the
On Sat, Jun 2, 2012 at 7:35 PM, Orcan Ogetbil oget.fed...@gmail.com wrote:
On Sat, Jun 2, 2012 at 1:18 PM, Kevin Kofler wrote:
inode0 wrote:
Doing this in my mind should not be allowed as it discriminates
against a subset of users. Whether this is legally allowed or not I
hope no one would
On Sat, Jun 2, 2012 at 2:26 PM, drago01 wrote:
Simply refusing to run because secureboot is enabled (unless there are
technical reasons) is simply limiting the users freedom in the name
of freedom which is unacceptable.
I am making a clear distinction between simply refusing to run and
On Sat, 2012-06-02 at 14:26 -0400, Orcan Ogetbil wrote:
That is not the answer to my question (hint: read the question).
Indeed, it is not, but do you really want to put in the CLA the
responsibilities of every role past present and future available in the
project ?
Meaning that every time one
On Sat, Jun 2, 2012 at 2:31 PM, Pierre-Yves Chibon wrote:
On Sat, 2012-06-02 at 14:26 -0400, Orcan Ogetbil wrote:
That is not the answer to my question (hint: read the question).
Indeed, it is not, but do you really want to put in the CLA the
responsibilities of every role past present and
On Jun 2, 2012, at 5:56 AM, Pedro Lamarão wrote:
Who exactly is this We person who cannot accomplish the goal of
dealing with multiple vendors shipping multiple interfaces on
different machines?
The Free Software Movement certainly can.
This is very naive, IMO. Where is the influence of
On Jun 1, 2012, at 12:50 PM, Peter Jones wrote:
On 06/01/2012 01:22 PM, Chris Murphy wrote:
Is UEFI Secure Boot really the only way to prevent the problem it attempts to
solve, and if so, what about the plethora of BIOS hardware in the world
today, still even shipping as new systems? They're
On Sat, Jun 2, 2012 at 12:36 PM, Matthew Garrett mj...@srcf.ucam.org wrote:
Per spec the machine simply falls back to attempting to execute the next
entry in the boot list. An implementation may provide some feedback that
that's the case, but there's no requirement for it to do so, so it's
On Sat, 2 Jun 2012 15:28:03 -0400
Gregory Maxwell gmaxw...@gmail.com wrote:
If the issue were just the opaque and unpredictable behavior on
failure this could be addressed without signing any of the
distribution proper.
Create a pre-bootloder. If secureboot is enabled only permitting
On Sat, Jun 02, 2012 at 03:28:03PM -0400, Gregory Maxwell wrote:
This should meet the signing requirements and it removes the opacity
without locking down any of Fedora. Such a bootloader should meet
whatever requirements to get signed, since if secureboot is turned on
it wont boot anything
On Sat, Jun 2, 2012 at 4:02 PM, Matthew Garrett mj...@srcf.ucam.org wrote:
On Sat, Jun 02, 2012 at 03:28:03PM -0400, Gregory Maxwell wrote:
This should meet the signing requirements and it removes the opacity
without locking down any of Fedora. Such a bootloader should meet
whatever
On Sat, Jun 02, 2012 at 04:08:45PM -0400, Gregory Maxwell wrote:
On Sat, Jun 2, 2012 at 4:02 PM, Matthew Garrett mj...@srcf.ucam.org wrote:
But you're happy to sacrifice the freedom for people to modify the error
text that's provided? What's your threshold?
I'm not quite sure where my
On Sat, Jun 2, 2012 at 4:21 PM, Matthew Garrett mj...@srcf.ucam.org wrote:
That's fine as long as you speak English.
Come on now, you're building a strawman argument. I never said that it
had to be in a single language—notice messages I _normally_ write get
put into many languages.
I don't see
On Sat, Jun 2, 2012 at 11:14 PM, Gregory Maxwell gmaxw...@gmail.com wrote:
I think regressing to the installs
being somewhat easier than ten yearsish ago is still a better place to
be than the cryptographic lockdown.
I disagree and once again it is not a lockdown as people who care
enough can
On Sat, Jun 2, 2012 at 5:26 PM, drago01 drag...@gmail.com wrote:
On Sat, Jun 2, 2012 at 11:14 PM, Gregory Maxwell gmaxw...@gmail.com wrote:
I think regressing to the installs
being somewhat easier than ten yearsish ago is still a better place to
be than the cryptographic lockdown.
I disagree
Le samedi 02 juin 2012 à 09:46 +0100, phantomjinx a écrit :
Michael scherer m...@zarb.org wrote:
On Sat, Jun 02, 2012 at 02:10:38AM +0200, Kevin Kofler wrote:
Tomasz Torcz wrote:
Documenting the procedure may be viable after all. Kevin, could
you start
On Sat, Jun 02, 2012 at 05:14:12PM -0400, Gregory Maxwell wrote:
When it comes down to it, your drawing the line argument just
doesn't make sense. There is always injustice in the world. If you
want to be pedantic, anyone who ever seeks a more lawful or more
ethical path is simply drawing a
On Sat, Jun 2, 2012 at 5:57 PM, Matthew Garrett mj...@srcf.ucam.org wrote:
You're fine with one level of injustice. I'm fine with another level of
injustice. Both compromise the freedoms that Fedora currently gives you.
I'm not fine with it. It's an unfortunate situation too. But producing
a
On Sat, Jun 02, 2012 at 06:09:15PM -0400, Gregory Maxwell wrote:
I'm not fine with it. It's an unfortunate situation too. But producing
a single special case trivial display program for users who couldn't
run anything which was truly free at all is hardly comparable to
cryptographically
On Sat, Jun 2, 2012 at 6:09 PM, Gregory Maxwell gmaxw...@gmail.com wrote:
On Sat, Jun 2, 2012 at 5:57 PM, Matthew Garrett mj...@srcf.ucam.org wrote:
You're fine with one level of injustice. I'm fine with another level of
injustice. Both compromise the freedoms that Fedora currently gives you.
On Sat, Jun 2, 2012 at 11:47 PM, Gregory Maxwell gmaxw...@gmail.com wrote:
On Sat, Jun 2, 2012 at 5:26 PM, drago01 drag...@gmail.com wrote:
On Sat, Jun 2, 2012 at 11:14 PM, Gregory Maxwell gmaxw...@gmail.com wrote:
I think regressing to the installs
being somewhat easier than ten yearsish ago
On Sun, Jun 3, 2012 at 12:09 AM, Gregory Maxwell gmaxw...@gmail.com wrote:
On Sat, Jun 2, 2012 at 5:57 PM, Matthew Garrett mj...@srcf.ucam.org wrote:
You're fine with one level of injustice. I'm fine with another level of
injustice. Both compromise the freedoms that Fedora currently gives you.
On Sat, Jun 2, 2012 at 6:23 PM, drago01 drag...@gmail.com wrote:
It can be argued both ways. Modifying software requires more skills
and knowlegde anyway so it is more acceptable to accept that group of
people to fiddle with the firmware then everyone including people that
don't even know what
On Sun, Jun 3, 2012 at 12:32 AM, Gregory Maxwell gmaxw...@gmail.com wrote:
[No disrespect intended, but I'm not point by pointing the rest
because I think the educated reader could easily enough anticipate my
responses from the past thread, we're becoming circular again]
Yeah that's fine we
On 06/02/2012 11:27 AM, Chris Adams wrote:
Once upon a time, Kevin Koflerkevin.kof...@chello.at said:
And I don't think having to disable Secure Boot in the firmware is a
hurdle which will make our users simply walk away. I didn't simply walk
away either back in the day where RHL wouldn't boot
On 06/02/2012 05:26 PM, drago01 wrote:
On Sat, Jun 2, 2012 at 11:14 PM, Gregory Maxwellgmaxw...@gmail.com wrote:
I think regressing to the installs
being somewhat easier than ten yearsish ago is still a better place to
be than the cryptographic lockdown.
I disagree and once again it is not
Once upon a time, Steve Clark scl...@netwolves.com said:
Who are these users? I have been using Linux since 0.99 while working with
many users of Windows,none of them
expressed an interest in trying linux.
Well, we obviously have different friends. I've got lots of technical
friends (and
On Sat, Jun 02, 2012 at 07:51:52PM -0400, Steve Clark wrote:
Who are these potential users? How many people running windows have you
convinced to also
load Linux? I have been using Linux since 0.99 and have not been able to
convince any to use Linux.
It's possible that this says more about
On 06/02/2012 07:55 PM, Chris Adams wrote:
Once upon a time, Steve Clarkscl...@netwolves.com said:
Who are these users? I have been using Linux since 0.99 while working with
many users of Windows,none of them
expressed an interest in trying linux.
Well, we obviously have different
On 06/02/2012 08:20 PM, Matthew Garrett wrote:
On Sat, Jun 02, 2012 at 07:51:52PM -0400, Steve Clark wrote:
Who are these potential users? How many people running windows have you
convinced to also
load Linux? I have been using Linux since 0.99 and have not been able to
convince any to use
On Sat, Jun 02, 2012 at 08:43:41PM -0400, Steve Clark wrote:
On 06/02/2012 08:20 PM, Matthew Garrett wrote:
On Sat, Jun 02, 2012 at 07:51:52PM -0400, Steve Clark wrote:
Who are these potential users? How many people running windows have you
convinced to also
load Linux? I have been using
Michael Scherer wrote:
And I think no one would be happy if someone start to use some stuff
like Bluepill ( http://en.wikipedia.org/wiki/Blue_Pill_%28software%29 )
to root them.
You can be blue-pilled purely from userspace, which Secure Boot does not
protect at all. Ever heard of software
On 06/02/2012 08:56 PM, Matthew Garrett wrote:
On Sat, Jun 02, 2012 at 08:43:41PM -0400, Steve Clark wrote:
On 06/02/2012 08:20 PM, Matthew Garrett wrote:
On Sat, Jun 02, 2012 at 07:51:52PM -0400, Steve Clark wrote:
Who are these potential users? How many people running windows have you
On 05/31/2012 05:13 PM, Chris Adams wrote:
Please don't spread FUD like this. You are wrong for a couple of
reasons:
- Secure boot is required to be able to be disabled on x86 (the only
platform Fedora will support it).
- Users can generate their own keys, enroll them in the secure boot
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 05/31/2012 07:21 PM, Gerry Reno wrote:
Not yet. But HDD technology is changing rapidly. Just look at
hybrid drives, SSD.
No reason they could not add this capability.
Not really. Both of these have been in development for years and have
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 05/31/2012 08:03 PM, Gregory Maxwell wrote:
I wasn't responding to MJG, I was responding to Peter— who said I
was wrong in the message where I was stating that a freedom is
being lost, and has subsequently spoken more clearly on the
position—
On Thu, May 31, 2012 at 01:55:35PM -0500, Chris Adams wrote:
Once upon a time, Peter Jones pjo...@redhat.com said:
That's why we didn't simply ask vendors to ship our key. That would be
/less/ equitable to other distributions than the solution we're looking at
right now.
Has any thought
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 05/31/2012 10:42 PM, Adam Williamson wrote:
On Thu, 2012-05-31 at 15:07 -0400, Gerry Reno wrote:
Yes, all these would currently support what I'm suggesting.
Actually, if you're willing to flip a lot of switches, you
could probably make your /
On 05/31/2012 09:14 PM, Kevin Kofler wrote:
Chris Adams wrote:
- Secure boot is required to be able to be disabled on x86 (the only
platform Fedora will support it).
And this is exactly why we should just require our users to disable it!
I don't see any advantage at all from supporting this
On 06/01/2012 12:58 PM, Steve Clark wrote:
On 05/31/2012 09:14 PM, Kevin Kofler wrote:
Chris Adams wrote:
- Secure boot is required to be able to be disabled on x86 (the only
platform Fedora will support it).
And this is exactly why we should just require our users to disable it!
I don't
On Fri, Jun 1, 2012 at 5:36 AM, Bryn M. Reeves b...@redhat.com wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 05/31/2012 10:42 PM, Adam Williamson wrote:
On Thu, 2012-05-31 at 15:07 -0400, Gerry Reno wrote:
Yes, all these would currently support what I'm suggesting.
Actually, if
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 06/01/2012 01:51 PM, Jon Ciesla wrote:
Actually, with enough PCI USB port cards, USB hubs, and thumb
drives, you could use MD RAID and possibly LVM to make a
poor-person's SAN. Hot-swappable drives and all.
And with LIO in the kernel you can
drago01 wrote:
The advantages is that things just work (tm).
They just work as long as you don't try to actually exercise one of the
freedoms we stand for. Or even just install an out-of-tree kernel module
such as the ones from RPM Fusion. I don't think this is something we should
endorse,
On Fri, 1 Jun 2012 12:21:36 +0200
Michael scherer m...@zarb.org wrote:
On Thu, May 31, 2012 at 01:55:35PM -0500, Chris Adams wrote:
Once upon a time, Peter Jones pjo...@redhat.com said:
That's why we didn't simply ask vendors to ship our key. That
would be /less/ equitable to other
On Fri, 2012-06-01 at 03:14 +0200, Kevin Kofler wrote:
Chris Adams wrote:
- Secure boot is required to be able to be disabled on x86 (the only
platform Fedora will support it).
And this is exactly why we should just require our users to disable it!
I don't want to jump in the technicality
On 06/01/2012 11:18 AM, Cosimo Cecchi wrote:
On Fri, 2012-06-01 at 03:14 +0200, Kevin Kofler wrote:
Chris Adams wrote:
- Secure boot is required to be able to be disabled on x86 (the only
platform Fedora will support it).
And this is exactly why we should just require our users to disable it!
On 06/01/2012 08:30 AM, Gerry Reno wrote:
The better solution would be for users for want SecureBoot to have to
set it in the BIOS. It should be disabled by default.
Windows is the OS with all the attack vectors open. Users of every
other OS should not be hostage to this SecureBoot by
Cosimo Cecchi wrote:
I don't want to jump in the technicality of this discussion, but I can
only hope any solution that requires users to fiddle with BIOS
settings in order to install Fedora won't be seriously considered as
viable.
Sorry, but it's the ONLY viable solution. Any solution that
Once upon a time, Gerry Reno gr...@verizon.net said:
The better solution would be for users for want SecureBoot to have to set it
in the BIOS. It should be disabled by default.
Windows is the OS with all the attack vectors open. Users of every other OS
should not be hostage to this
Gerry Reno wrote:
The better solution would be for users for want SecureBoot to have to set
it in the BIOS. It should be disabled by default.
Windows is the OS with all the attack vectors open. Users of every other
OS should not be hostage to this SecureBoot by default.
While I couldn't
On Fri, Jun 1, 2012 at 3:30 PM, Kevin Kofler kevin.kof...@chello.at wrote:
drago01 wrote:
The advantages is that things just work (tm).
They just work as long as you don't try to actually exercise one of the
freedoms we stand for.
Which one?
Or even just install an out-of-tree kernel
On Fri, Jun 1, 2012 at 5:40 PM, Kevin Kofler kevin.kof...@chello.at wrote:
Cosimo Cecchi wrote:
I don't want to jump in the technicality of this discussion, but I can
only hope any solution that requires users to fiddle with BIOS
settings in order to install Fedora won't be seriously
Gregory Maxwell wrote:
My understanding is that some of the relevant legal minds believe that
Microsoft's you can disable it concession forecloses the possibility
of a successful legal attack on this— the law may care about the
anti-competativeness of this stuff, but not so much as to care
On Fri, 2012-06-01 at 17:54 +0200, drago01 wrote:
On Fri, Jun 1, 2012 at 5:40 PM, Kevin Kofler kevin.kof...@chello.at wrote:
Cosimo Cecchi wrote:
I don't want to jump in the technicality of this discussion, but I can
only hope any solution that requires users to fiddle with BIOS
settings
Peter Jones wrote:
Next year if we don't implement some form of Secure Boot support, the
majority of Fedora users will not be able to install Fedora on new
machines.
Nonsense. They will be able to install it very easily, they just need to set
a single boolean in their BIOS setup from Enabled
Peter Jones wrote:
Nothing is being swept under the rug here. You have the same access to the
mailing list as I do. We're looking for ideas, and we're putting forth a
plan that we're willing to implement. If you can come up with a better
idea, that would be wonderful.
The better idea is the
On 06/01/2012 11:30 AM, Gerry Reno wrote:
The better solution would be for users for want SecureBoot to have to set it
in the BIOS. It should be disabled by default.
I do not disagree with you. Microsoft does. They have the influence over
the hardware OEMs. We do not. They are forcing the
On 06/01/2012 12:07 PM, Kevin Kofler wrote:
Peter Jones wrote:
Next year if we don't implement some form of Secure Boot support, the
majority of Fedora users will not be able to install Fedora on new
machines.
Nonsense. They will be able to install it very easily, they just need to set
a
Peter Jones wrote:
On 05/31/2012 11:47 AM, Gregory Maxwell wrote:
Is this all set in stone?
No. We've spent some time thinking about all of this and are happy that
we
can implement it in the Fedora 18 timescale, but there's always the
possibility that we've missed something or that a new
Adam Jackson wrote:
False. Quoting from Matthew's original post:
A system in custom mode should allow you to delete all existing keys
and replace them with your own. After that it's just a matter of
re-signing the Fedora bootloader (like I said, we'll be providing tools
and documentation
On Fri, 01 Jun 2012 18:13:32 +0200
Kevin Kofler kevin.kof...@chello.at wrote:
But why are you making this decision in the first place?
What decision ?
They explained the issues and problem and came up with what they would
recommend we do. No decision has been made.
This:
1. is a technical
Debarshi Ray wrote:
By the way, I am assuming that you know that one can't modify Firefox and
redistribute it as Firefox without certification.
I've been pointing out this issue in several threads. That's exactly why
Fedora should finally follow Debian's lead and just rename Firefox.
On 06/01/2012 12:10 PM, Gerry Reno wrote:
On 06/01/2012 12:07 PM, Kevin Kofler wrote:
Peter Jones wrote:
Next year if we don't implement some form of Secure Boot support, the
majority of Fedora users will not be able to install Fedora on new
machines.
Nonsense. They will be able to install
On 06/01/2012 12:30 PM, Kevin Kofler wrote:
Debarshi Ray wrote:
By the way, I am assuming that you know that one can't modify Firefox and
redistribute it as Firefox without certification.
I've been pointing out this issue in several threads. That's exactly why
Fedora should finally follow
Peter Jones wrote:
I can see the loss of freedom, and I find it unfortunate, but despite
what you've said above, you *are* distorting it. There's nothing you
won't be able to do that you could do before. Doing it the same way
will be harder than it was.
Then why are we not just requiring
On 06/01/2012 12:10 PM, Gerry Reno wrote:
On 06/01/2012 12:07 PM, Kevin Kofler wrote:
Peter Jones wrote:
Next year if we don't implement some form of Secure Boot support, the
majority of Fedora users will not be able to install Fedora on new
machines.
Nonsense. They will be able to install
By the way, I am assuming that you know that one can't modify Firefox and
redistribute it as Firefox without certification.
I've been pointing out this issue in several threads. That's exactly why
Fedora should finally follow Debian's lead and just rename Firefox.
Cool. Why not?
But then,
Gerry Reno wrote:
How are you going to dual-boot:
Windows-8 and Windows-7
Windows-8 and Windows-XP
Windows-8 and Windows 2008 Server
Windows-8 and Fedora 16
Windows-8 and Fedora 17
Windows-8 and Fedora 18
You can't without changing the settings each
On Fri, Jun 01, 2012 at 06:16:37PM +0200, Kevin Kofler wrote:
Adam Jackson wrote:
False. Quoting from Matthew's original post:
A system in custom mode should allow you to delete all existing keys
and replace them with your own. After that it's just a matter of
re-signing the Fedora
On 06/01/2012 12:45 PM, Matthew Garrett wrote:
On Fri, Jun 01, 2012 at 06:16:37PM +0200, Kevin Kofler wrote:
Adam Jackson wrote:
False. Quoting from Matthew's original post:
A system in custom mode should allow you to delete all existing keys
and replace them with your own. After that it's
drago01 wrote:
On Fri, Jun 1, 2012 at 3:30 PM, Kevin Kofler wrote:
They just work as long as you don't try to actually exercise one of the
freedoms we stand for.
Which one?
The freedom to study how the program works, and change it so it does your
computing as you wish (freedom 1).
The
Tom Callaway wrote:
Do we want to support dual-booting with Windows 8? Microsoft describes
SecureBoot enablement as Required for Windows 8 client [1]? What does
that mean? We're not sure. At best, it means that BitLocker isn't going
to work, at worst, big chunks of Windows 8 functionality will
On 06/01/2012 12:55 PM, Kevin Kofler wrote:
Tom Callaway wrote:
Do we want to support dual-booting with Windows 8? Microsoft describes
SecureBoot enablement as Required for Windows 8 client [1]? What does
that mean? We're not sure. At best, it means that BitLocker isn't going
to work, at
drago01 wrote:
Secureboot support does *NOT* limit your freedom as long as it is
optional (the default setting does not matter).
Then why are we bothering to support it in the first place?
Kevin Kofler
--
devel mailing list
devel@lists.fedoraproject.org
On Fri, Jun 01, 2012 at 06:32:25PM +0200, Kevin Kofler wrote:
Peter Jones wrote:
I can see the loss of freedom, and I find it unfortunate, but despite
what you've said above, you *are* distorting it. There's nothing you
won't be able to do that you could do before. Doing it the same way
Cosimo Cecchi wrote:
The point I'm trying to make is the default setting might actually be
the most important thing that matters when it comes to new users that
want to install Fedora.
- You need to disable SecureBoot in the BIOS settings in order to
install Fedora
- BIOS settings? What's
On Fri, 2012-06-01 at 12:10 -0400, Tom Callaway wrote:
We include wireless device firmware even though it isn't free. And we
don't like doing that, but it is the only way to get wireless support
out of the box in Fedora.
Tiny nit: no, it isn't. We could always write free firmware. This isn't
On Fri, Jun 1, 2012 at 11:58 AM, Kevin Kofler kevin.kof...@chello.at wrote:
Cosimo Cecchi wrote:
The point I'm trying to make is the default setting might actually be
the most important thing that matters when it comes to new users that
want to install Fedora.
- You need to disable
It will be interesting to see how Apple implements Secure Boot on their
hardware. Historically their firmwares are not user configurable at all. I will
be supremely shocked if they allow user or 3rd party installable keys, rather
than only Apple and Microsoft keys, let alone the ability for the
Tomasz Torcz wrote:
Because the entire excercise is to allow Fedora install without tinkering
with firmware settings.
And my whole point is that our core freedoms are much more important than
this extremely minor convenience. (The required tinkering is trivial.)
It had to just work, even
301 - 400 of 555 matches
Mail list logo