I've got a question which could possibly be answered by the sysdev.microsoft.com site were it not "offline for maintenance" right now.
You say users can "rebuild the shim loader with their own key installed and then pay $99 and sign that with Microsoft. That means that they'll be able to give copies to anyone else and let them install it without any fiddling." But without audits and strict rules for how they use and handle their own signing keys, it seems like this makes the whole system completely useless. It would be as if the Certificate Authorities of the https PKI sold subordinate roots willy-nilly (which it turns out they actually do, but for a whole lot more than $99 and they don't advertise it to the general public!). What am I missing here?
Also, what is Fedora's plan if Microsoft changes these terms of their $99 signing program to exclude you?
no subject
I've got a question which could possibly be answered by the sysdev.microsoft.com site were it not "offline for maintenance" right now.
You say users can "rebuild the shim loader with their own key installed and then pay $99 and sign that with Microsoft. That means that they'll be able to give copies to anyone else and let them install it without any fiddling." But without audits and strict rules for how they use and handle their own signing keys, it seems like this makes the whole system completely useless. It would be as if the Certificate Authorities of the https PKI sold subordinate roots willy-nilly (which it turns out they actually do, but for a whole lot more than $99 and they don't advertise it to the general public!). What am I missing here?
Also, what is Fedora's plan if Microsoft changes these terms of their $99 signing program to exclude you?