Who gets to decide? I.e. if I were to "accidentally" leak my own private key, which authority has the right to revoke my signed binaries across other computers?
Key revocation normally works because the key owner decides to revoke it.
Otherwise, all sorts of problems could arise (for example, some nasty malware could try to revoke the MS key).
> What makes you think the planned Fedora approach compromises the designed
Well, I see how Fedora can try to make use of signed boot as a rather trivial featurelet - but I thought that in most cases, the Linux community would like secure boot to just go away, and therefore most of the effort is going into following the letter but not the spirit of the process.