List Archive: gentoo-dev
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
On 15 June 2012 15:58, Richard Farina <sidhayn@...> wrote:
> On 06/15/2012 03:12 AM, Ben de Groot wrote:
>> On 15 June 2012 13:24, Arun Raghavan <firstname.lastname@example.org> wrote:
>>> On 15 June 2012 10:33, Ben de Groot <email@example.com> wrote:
>>>> On 15 June 2012 12:45, Arun Raghavan <firstname.lastname@example.org> wrote:
>>>>> On 15 June 2012 09:58, Greg KH <email@example.com> wrote:
>>>>>> So, anyone been thinking about this? I have, and it's not pretty.
>>>>>> Minor details like, "do we have a 'company' that can pay Microsoft to
>>>>>> sign our bootloader?" is one aspect from the non-technical side that I've
>>>>>> been wondering about.
>>>>> Sounds like something the Gentoo Foundation could do.
>>>> I'm certainly not the only one who would be averse to paying Microsoft
>>>> any ransom money.
>>> And our refusal to pay for the signing affects precisely nobody except
>>> for our users, who will have to jump through an extra hoop to make
>>> their system work.
>>> On the flip side, having a simple way to use this infrastructure means
>>> that people who care about security can get a chain of trust from the
>>> firmware to the kernel (heck, maybe even userspace one day). This is
>>> something that is worth having as well.
>> I agree that security is a worthwhile goal. I just don't trust Microsoft.
> It's more of a "pay us or your system can't boot" that I'm opposed to.
That's why I called it ransom money. I'm very opposed to that too.
But if we're talking about security and a chain of trust, then Microsoft
has no place in that either.
> Saying "I just don't trust Microsoft" is second to "I just don't trust
> corporations that extort money from me just so I can boot". I don't
> care who we are paying, I'm offended by the idea. If users can't build
> their own fully functional boot loader that's an issue.
> I'm all for the signed "work-around signatures" idea as it is the least
> objectionable... if such a thing is even possible.
Ben | yngwin
Gentoo Qt project lead