On Tue, Dec 28, 2021 at 8:07 PM Samuel Sieb <samuel(a)sieb.net> wrote:
On 12/28/21 16:45, Nico Kadel-Garcia wrote:
> On Tue, Dec 28, 2021 at 4:35 AM Mattia Verga via devel
> <devel(a)lists.fedoraproject.org> wrote:
>>
>> Il 28/12/21 04:28, Kevin Kofler via devel ha scritto:
>>> But even off by default, I do not see how the "feature"
implemented by this
>>> Change provides any value at all that does not contradict the very
>>> definition of Free Software.
>>>
>>> Kevin Kofler
>>
>> I do not see how this change goes against the definition of Free
>> Software. It doesn't deny a user to install any software they want, it
>> is about preventing unwanted/unsolicited/malevolent software from being
>> installed without user (admin) approval.
>
> This looks like pure DRM. While there are security benefits to
> controlling access to data or to executables, doing so deep in the
> kernel takes away too much desirable freedom.
How is this taking away any freedom? You, as the owner of the computer,
are free to enable or disable or reconfigure this security system as you
please. No one is forcing you to use it. Why is it bad that it's
implemented in the kernel? If it wasn't, it probably wouldn't be very
useful.
From one of the patches:
It accomplishes this task by storing reference values coming from
software vendors and by reporting whether or not the
digest of file content or metadata calculated by IMA (or EVM) is found
among those values.
That has no use but digital rights management.