Re: the ghost of UEFI and Micr0$0ft
On 06/06/12 19:23, Tom H wrote:
> On Wed, Jun 6, 2012 at 12:18 AM, Scott Ferguson
> <email@example.com> wrote:
>> ;consider also that Fedora has *not* said they won't be sharing the key
> They won't share their Secure Boot key in the same way that they don't
> share their RPM-signing key(s).
I'm unable to find anything from the RedHat/Fedora community who
supports that assertion, and it's not supported by the article:-
"Adopting a distribution-specific key and encouraging hardware companies
to adopt it *would have been hostile to other distributions*. We want to
compete on merit, not because we have better links to OEMs.
An alternative was producing some sort of overall Linux key. It turns
out that this is also difficult, since it would mean finding an entity
who was willing to take responsibility for managing signing or key
distribution. That means having the ability to keep the root key
absolutely secure and perform adequate validation of people asking for
signing. That's expensive. Like millions of dollars expensive. It would
also take a lot of time to set up, and that's not really time we had.
And, finally, nobody was jumping at the opportunity to volunteer. So no
generic Linux key."
Hardly "we don't want to share", more "we can't afford to"
> My hypothetical friends won't be thinking of Microsoft when they
> decide that they don't want to turn Secure Boot off. They'll just see
> it as lessening or disabling security on their computer, full-stop.
That's RedHat's thinking too (and mine). Additionally it makes it
difficult to ask people to try a live GNU/Linux CD if the first step is
to "turn off Secure boot" - you know, that thing that ensures only
trusted code runs (meanwhile we insist they practise safe computing use).
Iceweasel/Firefox/Chrome/Chromium/Iceape/IE extensions for finding
answers to questions about Debian:-