Fedora, secure boot, and an insecure future

If a Linux desktop distribution was ever commercially successful in a meaningful way, the first thing that would happen is black hats would create fake copies of the distribution with spyware and adware installed, or worse. We've seen this time and time again.

If you don't have a trademark, then you can't do anything about it. This is also the reason why Linus Torvalds has a trademark on "Linux."

It's all very well and good to say "well, those people are stupid. They should have gone to the REAL fedoraproject.org." But if you don't have a trademark, there's nothing stopping the black hats from registering therealfedoraproject.org and putting the badware there.

tl;dr Trademark law exists for a reason and it's not evil.

It really doesn't. In the US, at least, the rights scoped by trademark are substantially limited to cases which would create confusion or the potential for misrepresentation. And as I said before— regardless of how Fedora is licensed it remains just as unlawful to use Fedora to kill people or rob banks, and yet we don't consider fedora this problematic for software freedom.

The analogous cases is that I release software under a copyleft license and then FooCorp takes my software an enhances it so that it can run on some new class of devices and then redistributes it. However, downstream recipients are prohibited from making modifications to these enhanced copies unless they pay $99 for a non-transferable right to modify, or if they remove the enhancement. This would generally be prohibited by a copyleft license if accomplished via copyright restrictions.

In this case the enhancement the modification of the software by the addition of a cryptographic signature with a key only known by RedHat and the prohibition is the digital rights management function of the bios instead of a licensing restriction. The fact that there is some obfuscation where the distributor and the device maker are distinct entities isn't really important relative to the recipient's freedom, and for all I know the UEFI firmware makers are just shell companies for RedHat (not that I think they are, but could be for the next party trying to enhance+lockdown Linux systems).

The difference in mechanism may make this behavior pattern compatible with current copyleft licenses. But because the end effect can be the same people can reasonably hold that it's incompatible with the intent and spirit of copyleft licenses, and that perhaps new licenses ought to be authored which prevent gatekeepers from extracting rents on making free software usable by licensing out signing key.