There was an EU-wide one that gota lot of its funding redirected to AI stuff recently that you might be thinking of.
There was an EU-wide one that gota lot of its funding redirected to AI stuff recently that you might be thinking of.
No, that is an entirely unrelated bad decision. It being okay to not have a popup to opt out of secure boot when it does its one job and notices you’re about to run insecure code in kernel mode doesn’t make every other user-hostile thing Microsoft ever does magically okay.
It’s upstream GRUB that’s decided the older GRUB versions are insecure and not to be trusted. Microsoft just propagated that to machines running distros that weren’t shipping patched GRUB builds yet. Up-to-date Debian wouldn’t be affected provided that they downstreamed fixes quickly.
https://fedia.io/m/linux@lemmy.ml/t/1111595/-/comment/6916699 says that Debian’s GRUB wasn’t affected, but another part of the boot sequence was.
You can’t trust users to make informed decisions about cybersecurity as most users don’t have the necessary background knowledge, so won’t think beyond this popup is annoying me and has a button to make it go away and I am smart and therefore immune to malware. Microsoft don’t want Windows to have the reputation for being infested with malware like it used to have, and users don’t want their bank details stolen. If something’s potentially going to be a bad idea, it’s better to only give the decision to people capable of making it an informed decision. That’s why we don’t let children opt into surgery or decide whether to have ice cream for dinner, and have their parents decide instead.
The comment you’re quoting was replying to someone suggesting a warning popup, and saying it would be a bad idea, rather than suggesting the secure boot UEFI option should be taken away. You need at least a little bit more awareness of the problem to know to toggle that setting.
It’s easy to get pressured into thinking it’s your responsibility. There’s also the risk that an unhappy company will make a non-copyleft clone of your project, pump resources into it until it’s what everyone uses by default, and then add proprietary extensions so no one uses the open-source version anymore, which, if you believe in the ideals of Free Software, is a bad thing.