[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Leverage in licensing discussions

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Josselin Mouette wrote:
> Being in favor of open-sourcing firmwares (including those controlling
> critical security devices in cars) does not mean being in favor of
> letting anyone ship their own version. In such cases, there needs to be
> some appropriate process to validate the new versions and to enforce it
> legally. Just like you are not allowed to make any modification you like
> in your engine, you should not be allowed to make modifications in the
> car’s firmware. And just like modifying the engine without the original
> plans makes it more likely to fail, the same holds for a firmware you’d
> modify without source.

Well, if there is some law preventing me from modifying the code, it's
not free software any more. It's still not 'closed software' but that
still renders it non-free and non-distributable for debian.

> Indeed. But you can still use a modified firmware, even without the
> source. If ill-intentioned people wanted to do it, this would already be
> quite feasible.

There is a difference between 'ill-intended people' (those with criminal
intentions) and interested kiddies just downloading and tampering with
freely available source code, having no idea of what harm they might
cause to others.

> Sure. We all know how closing the source of DVD decoders and Wii
> firmwares prevented people from cracking them.

I am fully in favour of open source. I'm just sceptical about (real live)
security relevant messing with everything. There is probably less
incentive to reverse engineer a working firmware than there was for DVDs
which did not work at all for linux (and still don't on Debian-only).

> To go back to the wifi transmitter example: the average hacker doesn’t
> care of being able to reach frequencies that are not standard for Wifi,
> except if he wants to see people dressed in black search in the
> surroundings. 

... or tweaking the maximum permissible signal levels, never mind that
their neighbour's wifi won't work any more...

>               However, a spy may be interested in making such
> modifications to jam military frequencies, for example. Currently there
> is nothing preventing him to do so. If the firmware was open source,
> nothing of this would change.

Open sourcing certain firmware might make it easier for 'random script
kid' to just try some things out and accidentally causing problems to
innocent bystanders.

>> Don't forget that there is good reason why even our beloved Debian
>> employs 'security by obscurity' before the DSA is out and patched
>> packages are available...
> 
> I don’t see how this is related.

'Security by obscurity' is sometimes important and sometimes it even
works. You didn't convince me, that free firmware is _always_ at least as
secure as closed firmware.

We both agree that it would be nice to see as much free software as
possible. I'm just concerned that 'real life' is sometimes a bit more
complicated than an ideal world. ;-)

Debian rules! Free software for everyone! At least on the computer.

Cheers,

Johannes

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkkUlssACgkQC1NzPRl9qEWakACbB8b3RaoOOQ/IFPBUk9iewYuT
Pa0An1sPVwkgKooOIFSOiGGH/dfsIjLL
=Jgxi
-----END PGP SIGNATURE-----
Reply to: