[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Mass bug filing: Cryptographic protection against modification

Don Armstrong <don@donarmstrong.com> wrote:
> On Tue, 04 May 2004, Florian Weimer wrote:
>> A few packages contain "software" (well, everything's software these
>> days) which is cryptographically protected against modification.
>> This seems to violate DFSG ?3.
> Uh, if you're refering to the PGP keys and certificates inclosed in
> these works, you really need to reread DFSG ?3 very carefully.
> Presumably the licenses[1] of these works allows modified works,
> derived works, and distribution of said works. If it does, there is no
> DFSG ?3 violation.

I'm not sure that it is as simple as that.

Consider the hypothetical case of a piece of firmware for a peripheral
device that is protected by a cryptographic signature such that the
device will reject anything that is not signed using a specific key.

Let's further assume that that the said firmware is distributed with
full source (but without the private key used to make the signature)
and a license saying that you can do whatever you wish with it.

Do you consider this piece of firmware to be distributable in Debian main?

Substitute firmware with software for Digital Rights Management.
Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ )
Email:  Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Reply to: