Comment by DaanDeMeyer

Comment by DaanDeMeyer 6 days ago

4 replies

View on Hacker News

So adding all of this technology will certainly make it more easy to be used for either good or bad. And it will certainly become possible to build an OS that will be less hackable than your run of the mill Linux distro.

But we will never enforce using any of these features in systemd itself. It will always be up to the distro to enable and configure the system to become an immutable monolith. And I certainly don't think distributions like Fedora or Debian will ever go in that direction.

We don't really have any control over what Microsoft decides to do with Secure Boot. If they decide at one point to make Secure Boot reject any Linux distribution and hardware vendors prevent enrolling user owned keys, we're in just as much trouble as everyone else running Linux will be.

I doubt that will actually happen in practice though.

cwillu 5 days ago

I would be _shocked_ if, conditional on your project being successful, this _wasn't_ commonly used to lock down computing abilities commonly taken for granted today. And I think you know this.

Reply View 0 replies
jacquesm 5 days ago

> So adding all of this technology will certainly make it more easy to be used for either good or bad.

Then maybe you shouldn't be doing it?

Reply View 0 replies
egorfine 4 days ago

> we will never enforce using any of these features in systemd itself. It will always be up to the distro

So, plausible deniability. It's not the systemd project, it's the distro.

> I certainly don't think distributions like Fedora or Debian will ever go in that direction.

In the past they made decisions that we can call unexpected. I believe that in the short term future they won't but in say ten years? I'm not sure. The technology (created by Amutable?) will be mature by that time and ready to close Linux down.

Reply View 0 replies
alextingle 5 days ago

Building stuff like this is wrong. You should find a different job.

Reply View 0 replies