Holger Levsen <hol...@layer-acht.org> writes: > On Tue, Nov 06, 2018 at 10:08:10AM +0100, Bastian Blank wrote: >> On Tue, Nov 06, 2018 at 01:09:50AM +0100, Adam Borowski wrote:
>>> But only the stock kernel, which turns it non-free software. >> What is non-free? Signing stuff does not change the freeness of the >> software. > it does introduce https://en.wikipedia.org/wiki/Tivoisation however. I'm not sure how us signing our stuff does that. The computer's firmware may do this if it enforces secure boot and doesn't provide a way to turn it off. But only running signed software is a valid and sometimes desirable security configuration, which our users may want to choose. By default, apt will only install software signed by Debian's archive keys and will refuse to install anything else. We rightfully don't consider that to be Tivoisation. I feel like supporting secure boot is similar. By this, I am not trying to defend hardware vendors who lock the owners of the hardware out of installing software of their choice, only contending that Debian signing its software doesn't create that problem. One could argue that we should refuse to ever sign anything on the grounds that it makes it possible to use Debian with hardware that requires signatures, and we should be boycotting such hardware. And indeed I wouldn't be surprised to see an FSF distribution take such a stance. But I think that would be incompatible with our project choice to allow our users to run Debian on non-free hardware and leave that choice up to the user. (I also don't think this would be useful from a tactical standpoint; vendors making such locked-down hardware don't care whether Debian runs on it.) -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/>
