Web lists-archives.com

Re: Q: secure boot




On Tue, Nov 06, 2018 at 09:21:32AM -0800, Russ Allbery wrote:
> >> What is non-free?  Signing stuff does not change the freeness of the
> >> software.
> > it does introduce https://en.wikipedia.org/wiki/Tivoisation however.
> I'm not sure how us signing our stuff does that. 

you are right and I was sloppy to express what I meant. Sorry about
this.

> The computer's firmware
> may do this if it enforces secure boot and doesn't provide a way to turn
> it off.

this is what I meant with "it" in the above sentence...

> But only running signed software is a valid and sometimes
> desirable security configuration, which our users may want to choose.
> 
> By default, apt will only install software signed by Debian's archive keys
> and will refuse to install anything else.  We rightfully don't consider
> that to be Tivoisation.  I feel like supporting secure boot is similar.
> 
> By this, I am not trying to defend hardware vendors who lock the owners
> of the hardware out of installing software of their choice, only
> contending that Debian signing its software doesn't create that problem.

agreed.
 
thanks for correcting me!


-- 
cheers,
	Holger

-------------------------------------------------------------------------------
               holger@(debian|reproducible-builds|layer-acht).org
       PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C

Attachment: signature.asc
Description: PGP signature