* On 2012 05 Jun 14:06 -0500, Tom H wrote: > But, if a distribution didn't react post-the-white-paper either on its > own or in cooperation with Fedora and/or Ubuntu, then it has no right > to complain now.
Even if Debian had been contacted, how does this mess fit into the DFSG and Social Contract? Those basic principles guide the Debian project, in case anyone has forgotten, and I don't see UEFI (seems not that different from EULA, actually) fitting well into either principle. > This is the position of the Linux Foundation [2] and this is the > paper's conclusion: > > "The UEFI secure boot facility is designed to be readily usable by both > proprietary and open operating systems to improve the security of the > bootstrap process. Some observers have expressed concerns that secure > boot could be used to exclude open systems from the market, but, as we > have shown above, there is no need for things to be that way. If vendors > ship their systems in the setup mode and provide a means to add new KEKs > to the firmware, those systems will fully support open operating > systems while maintaining compliance with the Windows 8 logo > requirements. The establishment of an independent certificate authority > for the creation of KEKs would make interoperation easier, but is not > necessary for these platforms to support open systems." It's nice that others can accept that "If" that begins the third sentence of the above paragraph. If vendors have a choice between assuring user freedom or satisfying MSFT's demands, they have shown time and again fealty to their masters of Redmond, users be damned. I don't suspect this will be any different. Lip service is easy. Show me the code! > Debian can live in a bubble by saying that it doesn't have a > time-based schedule but the hardware manufacturers have a schedule, > that of Microsoft's release of Win8. So a solution has to be planned > and implemented before Win8 and Secure Boot boxes hit the market for > those distributions that choose to give their users the choice to use > Secure Boot. Debian might choose to tell its users "disable Secure > Boot" as the second poster in this thread said, but we don't know what > its choice is or what it's going to be. > > I suspect that at some point in the future not only will Secure Boot > be extended to servers but it'll be a criterion to fulfill in order to > pass a security audit. If a distribution doesn't get involved at the > inception of the rules, it'll just have to live by the specs that have > been developed and agreed to by others. So, we get into this predicament by over two decades of MSFT's utter refusal to take security seriously and now it's our duty to bend over and grab the ankles when and how they say so? Let them rot in their malware hell. It's about time someone in the tech industry took a stand against MSFT. I did long ago. This is not about "security" at all. This is about MSFT marginalizing and eliminating a serious competitor. It's MSFT's DNA. Anyone who cannot see right through this charade is daft. - Nate >> -- "The optimist proclaims that we live in the best of all possible worlds. The pessimist fears this is true." Ham radio, Linux, bikes, and more: http://www.n0nb.us -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120606002040.gn6...@n0nb.us