One thing I have yet to see discussed about systemd and the "unified package manager" proposed by Poettering is the stated objective [among others] of tivoisation of linux:
We want our images to be trustable (i.e. signed). In fact we want a fully trustable OS, with images that can be verified by a full trust chain from the firmware (EFI SecureBoot!), through the boot loader, through the kernel, and initrd. Cryptographically secure verification of the code we execute is relevant on the desktop (like ChromeOS does), but also for apps, for embedded devices and even on servers (in a post-Snowden world, in particular).
Am I the only one who is scared of this "tivoisation" by design? If this ever makes it to arm devices, say goodbye to DD-WRT, OpenWRT, Tomato, etc. And that will be just the beginning. Be ready for all your devices becoming appliances, non-customizable and to be thrown out as soon as they become obsolete by design. Being allowed to only run signed code will probably be good for redhat, but will it be good for the user?
Strange that a few years ago "trusted computing" was stopped, and now it seems almost inevitable even in Linux.
(Score: 2) by tangomargarine on Monday September 15 2014, @04:04PM
A lot of developments the last few years have been trying to crowbar us away from the original spirit of computing: This is my hardware. It runs the bits I tell it to. If they don't work, it crashes.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 1) by wantkitteh on Monday September 15 2014, @04:29PM
That's completely understandable. For the vast majority, computers are the applications you are productive in, not the underpinnings that someone else sets up and maintains for you. Any time spent away from those productive applications is a bad thing that harms your bottom line, so any method you have of trusting your infrastructure even more to reduce preventative maintenance, the better. And yes, I'm disappointed this attitude seems to be popping up in Linux, but I won't be worried until it turns up in Debian Stable standard distros.
(Score: 2) by q.kontinuum on Tuesday September 16 2014, @05:25AM
I'm worried already, I just maintain that the actual problem is not the implementation of the feature in the Linux kernel but the abusive way it might be used by vendors (e.g. by not allowing the customer to install his own root-certificate).
Registered IRC nick on chat.soylentnews.org: qkontinuum