How about providing dev. keys for G1G1 laptops with no delay ? Would you consider it an improvement ?
wad On Oct 1, 2008, at 10:15 PM, John Gilmore wrote: > Mitch and I have come up with a way to ship G1G1 laptops so that they > will pretty-boot, but still come from the factory without any need > for developer keys (in the Forth "disable-security" setting). > > This requires a small edit to /boot/olpc.fth in the OS build, > to load the XO child image, freeze the screen, and put the > first "progress dot" down just before jumping to Linux. It's > detailed here: > > http://dev.laptop.org/ticket/7896 > > I know the support crew would be much happier if G1G1 laptops were > shipped able to run test builds and patched software, if users could > interact with Forth to diagnose their hardware, if they could run > unsigned Forth code from USB collector keys, etc. > > Unfortunately, an IRC discussion with Scott today revealed that the > engineering team has decided that we *must* ship G1G1 laptops with a > requirement for development keys. The reason: because too many kids > in the third world will be getting lockdown laptops, and we want the > G1G1 recipients to be guinea pigs to debug the laptops, to be sure the > laptops work even when locked down (and that they unlock properly when > the kid requests a jailbreak key). > > I see this is utterly backwards. The countries that want DRM on their > laptops should be paying the price in support problems and > infrastructure. Not the donors who sponsor a G1G1 laptop, and not the > free software community who donate to help push this project along. > As believers in freedom, we shouldn't be defaulting EVERY laptop to > being locked by its manufacturer. Yet that's the argument: because > some of them are locked, all of them must be locked. Or perhaps it's > slightly more nuanced: A country that orders thousands can order them > without DRM, but G1G1 users can't. That sounds reasonable, but I've > interacted with several country teams (Nepal and South Pacific), who > had come away from OLPC with the impression that it would be > incredibly dangerous to turn off the "security" of the laptops. In > Nepal's case I was unable to disabuse them of this odd notion. So no > country asks for freedom in their laptop shipments, and no G1G1 is > shipped with freedom, and thus every OLPC laptop is jailed, like every > iPhone. > > John > > Date: Wed, 1 Oct 2008 08:34:09 -0400 > From: "Walter Bender" <[EMAIL PROTECTED]> > To: "John Gilmore" <[EMAIL PROTECTED]> > Subject: Re: devkeys, prettyboot, and G1G1 > Cc: "Mitch Bradley" <[EMAIL PROTECTED]> > > If Mitch is comfortable with his fix, I cannot see any reason not to > ship developer keys with G1G1 machines--it would save everyone > headaches, especially on support; but of course I cannot speak for > OLPC these days. > > -walter > > On Tue, Sep 30, 2008 at 7:26 PM, John Gilmore <[EMAIL PROTECTED]> wrote: >>> I recall discussing this last time but don't recall the reasons not >>> to do it this way. We did ship them all pre-activated. >> >> I questioned people after the fateful meeting, and it seemed to me >> that the problem was that Nicholas wanted pretty-boot, and Mitch was >> unwilling to try to disentangle pretty-boot from secure-boot. >> Secure-boot >> was already a tangle of ugly Forth code, and he was sure that adding >> more complexity there would result in security holes or bugs. >> >> Since then, he has figured out the one-line circumvention that's >> documented in bug #7896. The circumvention is in the OS (since OFW >> keeps no state). >> >> John > > > -- > Walter Bender > Sugar Labs > http://www.sugarlabs.org > > > [gnu: I also cc'd this to support-gang, but that required sending it > from a different email address, due to how I am subscribed there.] > _______________________________________________ > Devel mailing list > Devel@lists.laptop.org > http://lists.laptop.org/listinfo/devel _______________________________________________ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel