Mageia forum

[gohlip]

http://www.pcworld.com/article/2029542/ ... -plan.html

Finally....it is said, long overdue, and happy it is said by Torvalds himself.
ps :warning. Website contains course language. Viewer discretion is advised.

[oj]

Yep. Just disable it all and use traditional BIOS boot. The only problem is making sure any hardware you buy has a BIOS that allows you to disable UEFI.

[martinw]

Actually it's just secure boot you have to disable. UEFI boot is not necessarily a problem, and does have some advantages. See my comments here.

[oj]

more fathoming than eg Ford v Chevy, but equally a matter of taste (--)

[doktor5000]

Maybe you want to read at:

http://mjg59.dreamwidth.org/20303.html
http://mjg59.dreamwidth.org/23113.html

[gohlip]

Somehow I feel compelled to elucidate the issue here as I think we are still missing the point.
The following quotes are all from Linus. Hope these explains clearly.
(But obviously, course language is therefore unavoidable)

http://thread.gmane.org/gmane.linux.ker ... us=1445405

Quite frankly, this is f*cking moronic. The whole thing seems to be
designed around stupid interfaces, for completely moronic reasons. Why
should we do this?

[this quote from Ts'o, the ext4 guy]

....if the LF wanted to support this whole code signing
insanity. (Which I really think is completely overblown...

If Red Hat wants to deep-throat Microsoft, that's *your* issue. That
has nothing what-so-ever to do with the kernel I maintain. It's
trivial for you guys to have a signing...
....Do this in user land on a trusted machine

- why do you bother with the MS keysigning of Linux kernel modules to
begin with?
Your arguments only make sense if you accept those insane assumptions
to begin with. And I don't.

On Mon, Feb 25, 2013 at 7:42 PM, Matthew Garrett <mjg59 <at> srcf.ucam.org> wrote:
>
> The user Microsoft care about isn't running Linux

How f*cking hard is it for you to understand?

Stop arguing about what MS wants. We do not care. We care bout the
*user*. You are continually missing the whole point of security, and
then you make some idiotic arguments about what MS wants you to do.

It's irrelevant. The only thing that matters is what our *users* want
us to do, and protecting *their* rights. As long as you seem to treat
this as some kind of "let's please MS, not our users" issue, all your
arguments are going to be crap.

- a distro should sign its own modules AND NOTHING ELSE by default.
And it damn well shouldn't allow any other modules to be loaded at all
by default, because why the f*ck should it? And what the hell should a
microsoft signature have to do with *anything*?
.
.
.
Because it really shouldn't be about MS blessings, it should be about
the *user* blessing kernel modules.

.....but on the other hand the default should definitely
*not* be "enable random third party modules signed indirectly by MS",
which is what your crazy world-view seems to be.
.
.
The *second* order should be: "we encourage and tell people how to add
their own keys and sign modules they trust".
.
.
The third order should...
....But by the time you get this far,
you've already failed the first few normal levels.