“I’m certainly not a huge UEFI fan, but at the same time I see why you might want to have signed bootup etc. And if it’s only $99 to get a key for Fedora, I don’t see what the huge deal is.” “Yes, yes, the sky is falling, and I should be running around like a headless chicken in despair over signing keys. But as long as you can disable the key checking in order for kernel developers to be able to do their job, signed binaries really can be a (small) part of good security. I could see myself installing a key of my own in a machine that supports it.” Torvalds on the effectiveness of the whole UEFI adventure:
“The real problem, I feel, is that clever hackers will bypass the whole key issue either by getting a key of their own (how many of those private keys have stayed really private again? Oh, that’s right, pretty much none of them) or they’ll just take advantage of security bugs in signed software to bypass it without a key at all.”Seems to be a pragmatic guy. Source]]>
Makes sense to me. It is not a bad idea, increased security. Red Hat found a way to work with Microsoft instead of against them and they both come out good. Too bad more Linux users arent so anti Microsoft. MS isnt holding Linux down. At least while Linux isnt a threat. MS has its sights on Apple and Google, not Linux. OK, now it is time for people to say Apple and Google both run on Linux. Somehow, I dont think the Open GNU community would agree. They maybe run on a Linux or BSD cores, but they are anything but open.