LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Relicensing and rebasing LibreOffice

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

But what is "signing"?

But what is "signing"?

Posted May 1, 2003 4:31 UTC (Thu) by kcannon (guest, #4867)
Parent article: Linus on digital rights management

Mr. Torvalds' position is that it is compatible with the GPL to distribute a signed binary of the Linux kernel without providing the means by which users can sign their own binaries. This essentially means that he does not consider the private key required to produce the final binary output to be part of that binary's "source code".

Perhaps it is possible to make that distinction. The problem with this position, however, is that Mr. Torvalds assumes we all agree on what is meant by "signing". To be clear: signing involves taking the output of the normal build process (the compiled kernel) and modifying it in some unspecified way so as to add functionality not present in the compiler's output alone that only a unique party can reproduce. Sure this can mean adding a hash of the binary image to the end of the file but it can also mean adding a proprietary I/O scheduler, memory management subsystem, or anything else. It might even mean overwriting the whole darn thing with a proprietary software product leaving only one particular device driver intact to be incorporated into that new product.

Make no mistake about it: all of these acts are examples of the Linux kernel being "signed" and if the licensor says signing is OK then you can be sure that's what all of the above will be called.

Mr. Torvalds says he doesn't want to interfer with what people do with their kernels. Of course: the GPL allows everyone to "sign" their own copy of the Linux kernel. When, however, they distribute their "signed" product, if the information needed to reproduce all of the functionality of that product is not supplied, then the source code has not been supplied and the GPL has been violated.

-Kipp

(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds