GPL3 and providing encryption keys
Posted Jan 26, 2006 22:42 UTC (Thu) by giraffedata
In reply to: Suits and Patents: A Report from the GPLv3 Launch Conference
Parent article: Suits and Patents: A Report from the GPLv3 Launch Conference
Yes, this clause was added to GPLv3 to specifically ensure that entities that modify GPL'd code can't escape the requirement to provide source code by appearing to give it to you... but then not giving you the key or password necessary to open it up. There were a couple examples given such as one where in the past someone had provided source code in an encrypted ZIP file, but then failed to provide the password. Similarly someone had done something which required an encryption key to decode it.
Giving someone the code in encrypted form is such an outrageous failure to deliver the code that I'm sure any court would find it doesn't satisfy GPLv2 either. It's like being ordered by a court to turn over your accounting records to an investigator and you give him an encrypted copy. You think you wouldn't wind up in jail?
In the press over the past few years, they have said that the encryption issue is about code that won't run without keys. E.g. you get all the source code for your Tivo, but the Tivo boot loader won't load it unless you sign it with a key you don't have.
On the public key encryption (GnuPG) thing, I can see where someone might think that GPL poses a problem. If I give you a signed object code file, derived from material I got under GPL, one might think the conditions of GPL require me to give you the key required to reproduce the exact bits I gave you, to wit my private key.
to post comments)