Re: GPL version 3

To: Debian Live <debian-live@lists.debian.org>
Subject: Re: GPL version 3
From: Juergen Fiedler <juergen.fiedler@gmail.com>
Date: Wed, 29 Apr 2009 00:06:47 -0400
Message-id: <[🔎] 41c724120904282106j1854411fm51f029b99ac34c53@mail.gmail.com>
In-reply-to: <[🔎] 1240961575.3611.35.camel@Debian.mshome.net>
References: <[🔎] 1240894616.3611.21.camel@Debian.mshome.net> <[🔎] 49F6E683.2010002@debian.org> <[🔎] 1240961575.3611.35.camel@Debian.mshome.net>

IANAL, but:

On Tue, Apr 28, 2009 at 7:32 PM, David Cottrill
<david.cottrill@nchsoftware.com> wrote:
> So of, but not really.
>
> Making, for example, a mythbuntu box using Debian-live it is a security
> flaw to install ssh where it is not needed and a usability flaw to
> include root access for a box intended for those ignorant of Linux.

ssh: Yes, but you are not required to do so.

root access: Why? Because it makes it easier to nuke the device? I am
fairly certain that you can still 'protect' users from root access
without running afoul of the GPL3. Have different access levels and
require the user to take a certain, well documented action to switch
to root. 'sudo' comes to mind.

> I have no problem giving access to the source, or even of having a
> obfuscated method of access to the system but at what point does that
> obfuscated access become tivoisation?

Obfuscated access becomes tivoisation when it is specifically intended
to hinder modification of the software that is covered by the GPL3.

> Making it easy to access the underlying system is a serious usability
> flaw. An experienced Linux user could crack almost any system with a
> removable hard drive (like the one I'm planning on) in under 2 minutes.
> An inexperienced user could brick an embedded system in even less.

You don't have to make it easy, i.e., you don't have to jump through
hoops to help users to modify the software in your device. They have
to be able to do it, and the way to go about it needs to be
documented. If that includes removing the hard drive and hooking it up
to another computer, you should be fine as long as you didn't take any
measures to disable your device once the user does so.
In other words, you don't have to add an Ethernet port to your MP3
player just so users can TFTP into it to replace the firmware.

I don't quite understand why making access to the underlying system
easy would be a usability flaw. True, requiring use of the command
line to get the full benefit of the device would probably be
considered a detriment to the usability of the product, but offering
it as an easily accessible option should be rather d\safe in that
respect.

As for users bricking the system: Put up a warning that this is a
possibility and specifically disclaim any warranty in case of any
modifications by the user.

Just my two cents...
 --Juergen

Reply to:

References:
- GPL version 3
  - From: David Cottrill <david.cottrill@nchsoftware.com>
- Re: GPL version 3
  - From: Daniel Baumann <daniel@debian.org>
- Re: GPL version 3
  - From: David Cottrill <david.cottrill@nchsoftware.com>

Prev by Date: Re: GPL version 3
Next by Date: linux-libre Kernel
Previous by thread: Re: GPL version 3
Next by thread: Re: GPL version 3
Index(es):
- Date
- Thread