Re: Why don't gnu.org and RMS sign mail? - FDE Crypto

[Marcel]

On 11/5/19 4:05 PM, Florian Weimer wrote:
> * Marcel:
> 
>> On 11/5/19 4:11 AM, Florian Weimer wrote:
>>> The FSF has given out an award in support of Secure Boot-related work,
>>> so its approach to the matter is rather ambiguous.
>>
>> Looking through fsf.org I couldn't find any award in support of "Secure
>> Boot" related work, would you mind pointing me to it?
> 
> <https://www.fsf.org/news/free-software-award-winners-announced>

Thank you.

> It's difficult to argue that the FSF wasn't supportive when it handed
> out an award for Secure Boot work.  It also suggests that the issue
> has a solution and is therefore manageable.

The award was for working to keep "Secure Boot" Free Software
Compatible, I don't see how that automatically translates to "The FSF
supports 'Secure Boot'" TBH.

>> The FSF seems to have a very clear position on "Secure Boot" vs.
>> "Restricted Boot", and has been running a campaign opposing "Restricted
>> Boot" for the best part of this decade:
>>
>> https://www.fsf.org/campaigns/campaigns-summaries#secureboot
> 
> Matthew's work shifted the onus of supporting GNU-compatible Secure
> Boot from Microsoft and hardware vendors to GNU/Linux distributions
> and was a strategic mistake.

I don't know enough about the unfolding of events to comment on this.

>>> I knew this would happen and wrote extensively against Secure Boot.
>>> That became a futile exercise when the FSF started supporting it, too.
>>
>> AFAIK, the only thing the FSF said is that when implemented correctly,
>> Secure Boot" is designed to protect the user against malware. They urged
>> manufacturers to respect user freedoms when implementing "Secure Boot"
>> by doing it correctly.
>>
>> How you interpret this as support for "Secure Boot"?
> 
> Nobody knows what Secure Boot was originally designed to do—and what
> its current security objectives are.  

Agreed. Please don't think that my first response implies that I endorse
"Secure Boot". I don't, and find it very dangerous and inline with the
computer-as-a-jail model. It is also inconvenient at a personal level. I
would rather it did not exist.


> The main problem I have with the FSF approach to Secure Boot is that
> there was a time when we could have killed it, by not supporting it,
> and force Microsoft to come up with a different approach to avoid the
> obvious anti-trust issues.  

I would like to hear from those that took the decisions.

If I had to guess I would have said that the FSF did not want to be seen
giving a negative opinion of the idea itself, and strategically decided
to focus on the impacts on Software Freedom only.

If you consider that "Secure Boot" could have made GNU/Linux unbootable
but it has not, then there is room to see the way things played out as a
strategic victory for the weaker party.

I would be very surprised if the GNU/Linux related communities would
have had enough power to kill it, given the fact that we cannot even get
many companies to release peripheral firmware under free software
compatible licenses.

Thanks for the detailed explanation.