Theo de Raadt, the founder of the OpenBSD project and a well-known figure in the open-source community, attacked commercial Linux vendors Red Hat and Canonical in an interview with ITWire for their plans to work with Microsoft's secure boot system.
"I fully understand that Red Hat and Canonical won't be doing the right thing, they are traitors to the cause, mostly in it for the money and power. They want to be the new Microsoft," de Raadt told ITWire.
Red Hat declined to comment on de Raadt's assertions, but said the company's policy was outlined in a June 5 blog post by Linux engineering vice president Tim Burke. Canonical has also been contacted for comment.
Secure boot, via the Universal Extensible Firmware Interface, has been a source of controversy in the open source community since its announcement. Critics paint it as an anti-competitive attempt to squeeze out alternative operating systems, forcing computer makers to comply with Microsoft's secure boot standards - which, in the case of ARM-based systems, require that no option to turn off UEFI be provided. (X86 users will have the option of disabling secure boot.)
This put Linux developers in a tough spot, and some - including Red Hat and Canonical - have opted to simply fall in line with Microsoft's plans, purchasing the required keys from the Redmond giant in the hopes of avoiding any loss of functionality.
Advocates like de Raadt, however, see this as capitulation to Microsoft's whims. "I sense that disaster is coming, and hope that someone has the moral strength to do the right thing," he told ITWire. Richard Stallman also referred to UEFI as a "disaster" in a recent interview with Bytes Media, saying that the practice amounts to "abuse of the users. I think it ought to be illegal."
Others in the community, however, are less alarmed by secure boot. Linus Torvalds told ZDNet in June that simply buying a $99 key to cover an entire distribution didn't seem like a "huge deal" to him.
"Yes, yes, the sky is falling, and I should be running around like a headless chicken in despair over signing keys. But as long as you can disable the key checking in order for kernel developers to be able to do their job, signed binaries really can be a (small) part of good security. I could see myself installing a key of my own in a machine that supports it," he said.
Email Jon Gold at [email protected] and follow him on Twitter at @NWWJonGold.
Read more about software in Network World's Software section.