| ▲ | DaanDeMeyer 3 hours ago |
| Daan here, founding engineer and systemd maintainer. So we try to make every new feature that might be disruptive optional in systemd and opt-in. Of course we don't always succeed and there will always be differences in opinion. Also, we're a team of people that started in open source and have done open source for most of our careers. We definitely don't intend to change that at all. Keeping systemd a healthy project will certainly always stay important for me. |
|
| ▲ | bayindirh 2 hours ago | parent | next [-] |
| Hi Daan, Thanks for the answer. Let me ask you something close with a more blunt angle: Considering most of the tech is already present and shipping in the current systemd, what prevents our systems to become a immutable monolith like macOS or current Android with the flick of a switch? Or a more grave scenario: What prevents Microsoft from mandating removal of enrollment permissions for user keychains and Secure Boot toggle, hence every Linux distribution has to go through Microsoft's blessing to be bootable? |
| |
| ▲ | DaanDeMeyer 2 hours ago | parent | next [-] | | So adding all of this technology will certainly make it more easy to be used for either good or bad. And it will certainly become possible to build an OS that will be less hackable than your run of the mill Linux distro. But we will never enforce using any of these features in systemd itself. It will always be up to the distro to enable and configure the system to become an immutable monolith. And I certainly don't think distributions like Fedora or Debian will ever go in that direction. We don't really have any control over what Microsoft decides to do with Secure Boot. If they decide at one point to make Secure Boot reject any Linux distribution and hardware vendors prevent enrolling user owned keys, we're in just as much trouble as everyone else running Linux will be. I doubt that will actually happen in practice though. | | |
| ▲ | cwillu 2 hours ago | parent [-] | | I would be _shocked_ if, conditional on your project being successful, this _wasn't_ commonly used to lock down computing abilities commonly taken for granted today. And I think you know this. |
| |
| ▲ | ongy 9 minutes ago | parent | prev | next [-] | | Hopefully cartel regulation would prevent Microsoft from using their market leader position to force partners to remove all support for competitors. But I'm losing hope with those. | |
| ▲ | noosphr 2 hours ago | parent | prev [-] | | Nothing, but openbsd is amazing and just works. Anyone still using Linux on the desktop in 2026 should switch. | | |
| ▲ | yjftsjthsd-h 28 minutes ago | parent | next [-] | | (I like OpenBSD, but) It is extremely hard to compete with Linux on hardware support / driver coverage. | |
| ▲ | johnny22 an hour ago | parent | prev | next [-] | | I like the GPL for the kernel, so I wouldn't switch. | |
| ▲ | bayindirh 2 hours ago | parent | prev [-] | | "Just don't use X" doesn't solve any problems in any space, unfortunately. Plus, it's an avoidant and reductionist take. Note: I have nothing against BSDs, but again, this is not the answer. | | |
| ▲ | noosphr 2 hours ago | parent | next [-] | | It works for me and for millions of others. Stop trying to make everyone act like you act. | | |
| ▲ | bayindirh 2 hours ago | parent | next [-] | | I'm not trying to make everyone act like I act. Also, I know. A few of my colleagues run {open, free, dragonfly}BSD as their daily drivers for more than two decades. Also, we have BSD based systems at a couple of places. However, as a user of almost all mainstream OSes (at the same time, for different reasons), and planning to include OpenBSD to that roster (taking care of a fleet takes time), I'd love to everyone select the correct tool for their applications and don't throw stones at people who doesn't act like them. Please remember that we all sit in houses made of glass before throwing things to others. Oh, also please don't make assumptions about people you don't know. | |
| ▲ | justinsaccount an hour ago | parent | prev [-] | | > Stop trying to make everyone act like you act. Yeah! Telling people what to do is rude! > Anyone still using Linux on the desktop in 2026 should switch Oh. |
| |
| ▲ | waynesonfire an hour ago | parent | prev [-] | | You could describe Richard Stallman as someone who refuses to use proprietary software because he sees using it as becoming complicit--however indirectly--in a technology ecosystem that violates the values he’s committed to. "Just don't use X" is in fact a very engaged and principled response. Try again. |
|
|
|
|
| ▲ | devsda 2 hours ago | parent | prev | next [-] |
| Thanks Daan for your contributions to systemd. If you were not a systemd maintainer and have started this project/company independently targeting systemd, you would have to go through the same process as everyone and I would have expected the systemd maintainers to, look at it objectively and review with healthy skepticism before accepting it. But we cannot rely on that basic checks and balances anymore and that's the most worrying part. > that might be disruptive optional in systemd > we don't always succeed and there will always be differences in opinion. You (including other maintainers) are still the final arbitrator of what's disruptive. The differences of opinion in the past have mostly been settled as "deal with it" and that's the basis of current skepticism. |
| |
| ▲ | DaanDeMeyer 2 hours ago | parent [-] | | Systemd upstream has reviewers and maintainers from a bunch of different companies, and some independent: Red Hat, Meta, Microsoft, etc. This isn't changing, we'll continue to work through consensus of maintainers regardless of which company we work at. |
|
|
| ▲ | s_dev 2 hours ago | parent | prev [-] |
| >We are building cryptographically verifiable integrity into Linux systems. Every system starts in a verified state and stays trusted over time. What problem does this solve for Linux or people who use Linux? Why is this different from me simply enabling encryption on the drive? |
| |
| ▲ | NekkoDroid 2 hours ago | parent | next [-] | | Drive encryption is only really securing your data at rest, not while the system is running. Ideally image based systems also use the kernels runtime integrity checking (e.g. dm-verity) to ensure that things are as they are expected to be. | | |
| ▲ | cwillu 2 hours ago | parent [-] | | “ensure that things are as they are expected to be” according to who, and for who's benefit? Certainly not the person sitting in front of the computer. | | |
| ▲ | NekkoDroid an hour ago | parent | next [-] | | The system owner. Usually that is the same entity that owns the secure boot keys, which can be the person that bought a device or another person if the buyer decides to delegate that responsibility (whether knowingly or unknowingly). In my case I am talking about myself. I prefer to actually know what is running on my systems and ensure that they are as I expect them to be and not that they may have been modified unbeknownst to me. | |
| ▲ | rcxdude an hour ago | parent | prev [-] | | This is only the case if the person sitting in front of it does not own the keys. | | |
| ▲ | cwillu 8 minutes ago | parent [-] | | And from this you can safely conclude that users will be under severe pressure to surrender them. |
|
|
| |
| ▲ | Nextgrid 2 hours ago | parent | prev [-] | | It prevents malware that obtained root access once from forever replacing your kernel/initrd and achieving persistence that way. |
|
