lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 15 Jun 2007 02:15:29 +0200
From:	Krzysztof Halasa <khc@...waw.pl>
To:	Daniel Hazelton <dhazelton@...er.net>
Cc:	Adrian Bunk <bunk@...sta.de>, Alexandre Oliva <aoliva@...hat.com>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Alan Cox <alan@...rguk.ukuu.org.uk>, Greg KH <greg@...ah.com>,
	debian developer <debiandev@...il.com>, david@...g.hm,
	Tarkan Erimer <tarkan@...one.net.tr>,
	linux-kernel@...r.kernel.org,
	Andrew Morton <akpm@...ux-foundation.org>, mingo@...e.hu
Subject: Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3

Daniel Hazelton <dhazelton@...er.net> writes:

> Nope. Merely stating a distinction. Either a device is distributed, like the 
> common PC, that is designed for the user to change and update the software 
> on, or, like the PS2 it isn't designed for that. If I find a way to update my 
> PS2 to run Linux and find that it doesn't want to start the "Linux Firmware" 
> because I'm lacking a signing key...
>
> In the case of a device that internally runs Linux (or any other GPL'd 
> software) and wasn't designed for the end-user to change the software running 
> on it then the signing keys aren't part of the source. OTOH, if I sell a PC 
> running Linux that requires the kernel be signed then the signing keys *are* 
> part of the source, since a PC is designed for the end-user to change the 
> software running on it.

Come on, GPL is software licence, the hardware isn't part of the
equation. One can argue that keys are or aren't part of the source
(= that digital signature is or isn't part of the executable) but
it's totally independent of any hardware and its purpose.

For example, it doesn't matter if the signature is merely for checking
file integrity (and any signature would do) or if it's for restricting
users from running something.
-- 
Krzysztof Halasa
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ