Re: Mass bug filing: Cryptographic protection against modificatio n
@ 04/05/2004 08:26 : wrote Henrique de Moraes Holschuh :
no, it does not. It's Free Software, comes with the source, the /proper/
source, the license permits modification, redistribution, etc etc etc.
It's useless, for a lot of people. But then, there is a lot of drivers
in Debian that are useless to me, because I don't have the hardware to
use them. It's absolutely the same situation. If you go in a certain
place and get the key to crypto-sign your modifications, presto! It's
useful -- *for you*. If you go to a country where reverse engineering is
lawful, you crack a new key, and you post it to the internet, liberating
its use, now it's useful to anyone who has the appropriate hardware.
On Tue, 04 May 2004, Herbert Xu wrote:
Consider the hypothetical case of a piece of firmware for a peripheral
device that is protected by a cryptographic signature such that the
device will reject anything that is not signed using a specific key.
Let's further assume that that the said firmware is distributed with
full source (but without the private key used to make the signature)
and a license saying that you can do whatever you wish with it.
Do you consider this piece of firmware to be distributable in Debian
That depends on the availability of another device that could use the
firmware, and which would not check the cryptographic signature, I