[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Mass bug filing: Cryptographic protection against modification

John Hasler <john@dhh.gt.org> writes:

>> Since you can't take the original source and rebuild the firmware image,
>> even with all the compilers and tools originally used, I would say no.
>> That would be like not shipping the Makefile.
> Not quite.  In this case you have everything you need to build an

No not quite. You can't build the (or equally functional) image Debian

I would see no problem at all distributing the source. But I see a
problem with the image. If not by the letter of the GPL then by its

On the other hand, if you take a Debian Installer and get is
cryptographically signed by Microsoft so it can boot on an XBox I
would have no problems distributing that. The signature would only be
one part of an aggregation of free software and extra things, a
neccessary evil.

Personally I would draw the distinction by looking at the intended
purpose. If the purpose of the signed binary is bigger than what needs
the signature (i.e. D-I running unsigned everywhere but the XBox) then
its ok. If the purpose is just so that Hardware XYZ works then the
signature is part of that work and the rules apply.

Lets look at it another way. I write a Raytracer under GPL. For the
tree plugin [generates a variety of nice natural looking fract trees]
that needs a set of rules, a "signature" for the trees. Without the
signature the tree plugin will just do dummy trees, with it natural
looking trees.

Would you still thing the raytracer binary with the signature
(included, not shipped seperatly) is GPL?

> executable that might even run somewhere if you've got the right cpu.
> You just can't build a binary identical to the one shipped with the
> hardware, and you can't install your binary on the hardware because the
> software already present there won't accept it.

You can't build _the_ binary distributed by Debian. If its shipped
with the hardware itself why should Debian care?

> And if you are enough of a hardware hacker you may be able to install it
> anyway.

If your enough of a makefile hacker you can write your own?  Oehm. No.
The complete build scripts are provided so you don't have to be a


PS: If a non-free signature part on the D-I example would be allowed
in main or if it violates DFSG is another matter.

Reply to: