'You have to divulge your private key' meme
Posted Jul 2, 2012 16:17 UTC (Mon) by epa
Parent article: The FSF's advice to distributors on UEFI secure boot
The FSF notes:
Their stated concern is that someone might ship an Ubuntu Certified machine with Restricted Boot (where the user cannot disable it). In order to comply with GPLv3, Ubuntu thinks it would then have to divulge its private key so that users could sign and install modified software on the restricted system.
This fear is unfounded and based on a misunderstanding of GPLv3. We have not been able to come up with any scenario where Ubuntu would be forced to divulge a private signing key because a third-party computer manufacturer or distributor shipped Ubuntu on a Restricted Boot machine. In such situations, the computer distributor -- not Canonical or Ubuntu -- would be the one responsible for providing the information necessary for users to run modified versions of the software.
I hope this will settle the issue. You can use the GPL3 without FSF goons breaking into your house and forcing you to reveal your private signing key. Even for the computer manufacturer in the example the FSF mentions, disclosing the private key would not be necessary: they could instead release a BIOS update that allows users to boot their own operating system, for example.
to post comments)