Re: the ghost of UEFI and Micr0$0ft
On Wed, Jun 6, 2012 at 6:06 AM, Scott Ferguson
> On 06/06/12 19:23, Tom H wrote:
>> On Wed, Jun 6, 2012 at 12:18 AM, Scott Ferguson
>> <email@example.com> wrote:
>>> ;consider also that Fedora has *not* said they won't be sharing the key
>> They won't share their Secure Boot key in the same way that they don't
>> share their RPM-signing key(s).
> I'm unable to find anything from the RedHat/Fedora community who
> supports that assertion, and it's not supported by the article:-
> "Adopting a distribution-specific key and encouraging hardware companies
> to adopt it *would have been hostile to other distributions*. We want to
> compete on merit, not because we have better links to OEMs.
In this para, MG's saying that Fedora didn't want to buy a
99-dollar-key and have it loaded into the firmware of the hardware
manufacturers who'd agree to do so.
> An alternative was producing some sort of overall Linux key. It turns
> out that this is also difficult, since it would mean finding an entity
> who was willing to take responsibility for managing signing or key
> distribution. That means having the ability to keep the root key
> absolutely secure and perform adequate validation of people asking for
> signing. That's expensive. Like millions of dollars expensive. It would
> also take a lot of time to set up, and that's not really time we had.
> And, finally, nobody was jumping at the opportunity to volunteer. So no
> generic Linux key."
> Hardly "we don't want to share", more "we can't afford to"
In this para, he isn't discussing a Fedora 99-dollar-key purchased
from Verisign, but a cross-distribution Linux key infrastructure
similar to the one that Microsoft's developed/developing.
Nowhere is the proposed Fedora 99-dollar-key being offered to other
distributions. Since it only costs USD 99 it wouldn't make sense for
Debian, for example, not to get its own rather than use Fedora's. And
Fedora wouldn't want to take the risk of loaning its key to Debian,
having the latter screwing up, and having Fedora's key being