LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

FSF should separate GPLv3 changes (Linux.com)

FSF should separate GPLv3 changes (Linux.com)

Posted Oct 19, 2006 11:12 UTC (Thu) by Zack (guest, #37335)
In reply to: FSF should separate GPLv3 changes (Linux.com) by paulpach
Parent article: FSF should separate GPLv3 changes (Linux.com)

I think I understand your objections, but I'm not sure whether the problems you pose are insurmountable.

>Note we LEASED the appliances, so they where ours, yet we where clearly distributing software.

For the remainder please assume I'm arguing from a "SOLD" and not "LEASED" perspective to simplify.

>Also the customers actually LIKED this since this allowed them to sleep better at night knowing they did not have to trust anyone else other than us.

Then your customers were somewhat foolish and may not have been informed enough to see the implications of their behaviour. Their minds may have been not so at ease if they considered the possibility of bankruptcy, or a possible compromise of security on your side divulging keys common between unrelated customers or devices.

One of the basic rules of security is that you should never be forced to trust anyone.

>We would completelly break their trust (and maybe some contract agreement) if we gave our keys to anyone else.

The solution may have been to have per-customer or per-device keys.
This may have been more expensive, but on the other hand "you can trust us if you want to, not because you have to" is a valuable sales argument when it comes to security.

>It would be imposible for the company to include any GPLv3 software in that device. If most of the tools moved to GPLv3, we would not be able to use linux at all,

It should be perfectly possible for the receiving end to say, "We do not wish to directly receive the unlocking mechanism for our devices and would like you (or a third party) to, under contract, safekeep these in escrow for us because we do not feel anyone within our organisation can be safely entrusted with it."

This combined with a suspension of service and/or warranty upon retrieval of the customers/devices private key would give them the necessary freedoms should they opt to exercise them.

>The company is very gratefull to the linux kernel developers and busybox developers for not going to the GPLv3 as it would most likelly bankrupt the company.

Few companies go bankrupt for adapting their practices and making a good faith effort to ensure customer independence.

>On all the time I was there, I NEVER heard anyone complain or even want to modify the code inside the appliance. Quite the opposite, customers where relieved when told about this feature. Developers also did not care, they happily received our patches and NEVER complained.

And many probably never would make use of their private key under GPLv3, assuming that your company provides a valuable and honest service. So very little would change in that regard.

So yes, the GPLv3 as currently envisioned might complicate things for a distributor (especially those in the embedded market) and increase costs, but it's not impossible to work out a solution that respects the four software freedoms yet provides true "trusted computing".

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds