Re: Mass bug filing: Cryptographic protection against modification
On Tue, May 04, 2004 at 11:09:14PM +1000, Matthew Palmer wrote:
> On Tue, May 04, 2004 at 07:44:15AM -0500, John Hasler wrote:
> > Herbert Xu wrote:
> > > Consider the hypothetical case of a piece of firmware for a peripheral
> > > device that is protected by a cryptographic signature such that the
> > > device will reject anything that is not signed using a specific key.
Such devices exist.
> > > Let's further assume that that the said firmware is distributed with
> > > full source (but without the private key used to make the signature)
> > > and a license saying that you can do whatever you wish with it.
> > Matt writes:
> > > I'll be interested to see what happens when we get software in that
> > > situation proposed for Debian.
> > Doesn't seem likely. What purpose would such a thing serve?
> The attempted inclusion of otherwise-DFSG software into Debian main intended
> to run on hardware which will only accept a crypto-signed binary?
> Presumably because someone wants Debian to support the hardware in question.
> I will find it interesting to see whether that software is accepted by
> ftpmasters and the debian-legal mavens, as the software licence is Free, but
> the source code is of near-to-zero usefulness,
I'm not sure that's true, since the source code lets you see what the
device is doing: it might be easier to figure out how the interface is
supposed to work, for instance.
Building or modifying the source would be of less use, of course;
although perhaps you might want to emulate modified hardware for testing
Colin Watson [firstname.lastname@example.org]