[cryptography] Complying with GPL V3 (Tivoization)

Benjamin Kreuter brk7bx at virginia.edu
Mon Jan 9 17:26:20 EST 2012


On Sun, 8 Jan 2012 22:46:13 -0500
Jeffrey Walton <noloader at gmail.com> wrote:

> Hi All,
> 
> I was reading on CyanogenMod (a custom ROM project for Android) and
> "The story behind the mysterious CyanogenMod update"
> (http://lwn.net/Articles/448134/).
> 
> Interestingly, it seems some privaye keys were circulated to comply
> with GPL V3 with some nasty side effects (could anything else be
> expected?).

My understanding is that this is not necessary for GPLv3 compliance,
as the license does not require the disclosure of private keys (which
would undermine the entire package signing system used by GNU/Linux
distributions) but instead requires that people be allowed to modify
the software configuration of the system.  That could mean allowing
unsigned software to be installed or allowing a user to add their own
public keys to their system.

> Some interesting points were brought up, including how to
> comply with GPL V3.

Someone else made the same point that I made above:  there is nothing
in the GPLv3 that requires the release of private keys.  It only
requires that users be allowed to install, modify, or remove software.  

> Is anyone aware of papers on integrity/signature schemes or protocols
> tailored for GPL V3? Or does this reduce to (1) allow the
> hardware/firmware to load additional [trusted] public keys; or (2)
> provide the private key for the hardware?

Like I said, you can allow users to add additional trusted keys to the
system, or you can allow users to run unsigned code.  The only
situation that would necessitate publishing a private key would be if
the hardware itself refused to run code that was not signed by a
single, fixed key -- and then GPLv3 compliance will be the least of
your problems.

-- Ben

> Jeff
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography


-- 
Benjamin R Kreuter
UVA Computer Science
brk7bx at virginia.edu

--

"If large numbers of people are interested in freedom of speech, there
will be freedom of speech, even if the law forbids it; if public
opinion is sluggish, inconvenient minorities will be persecuted, even
if laws exist to protect them." - George Orwell
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20120109/638b491e/attachment.asc>


More information about the cryptography mailing list