|
|
Subscribe / Log in / New account

The Python Software Foundation on European cybersecurity

The Python Software Foundation on European cybersecurity

Posted Apr 24, 2023 10:12 UTC (Mon) by edeloget (subscriber, #88392)
In reply to: The Python Software Foundation on European cybersecurity by mat2
Parent article: The Python Software Foundation on European cybersecurity

> This regulation can also cause trouble for those wishing to replace software in their digital devices: for example routers,
> Android phones, lightbulbs, etc. The manufacturers may be forced to (or have better excuses to) better "secure" these devices
> against "unauthorized" modifications.

Unless I'm mistaken, this is already the case. The (very) limited number of Android devices that allows you to be root and install your own updates seems to show that.

Anyway, the proposal does not mandate a vendor to lock the bootloader of his devices (although you have to admit that it makes sense for some vategory of devices) but it will have an impact on the way vendors distributes their updates and how the update process operates. Remember that one of the goal is to avoid having your firmware modified or replaced by a malicious actor. It's fortunately possible de develop solutions that forbid unauthorized updates while still allowing you to replace the firmware if you want to (as long as you agree that the vendor is no longer responsible for any security-related problems after that).

to post comments

The Python Software Foundation on European cybersecurity

Posted Apr 24, 2023 19:46 UTC (Mon) by mat2 (guest, #100235) [Link] (1 responses)

> Unless I'm mistaken, this is already the case. The (very) limited number of Android devices that allows you to be root and install your own updates seems to show that.

While shopping wisely, it is possible to choose devices whose bootloader can be (easily) unlocked and are supported by LineageOS / Magisk.

The more important problem is that an increasing number of apps try to detect that the phone is modified and refuse to run if it is so. This includes some government and financial applications that are getting important in daily life. This is pure DRM (Digital Restrictions Management).

There is unfortunately little done to counter developers of these apps. For example, I haven't heard FSF and SFConservacy speak about this issue.

The Python Software Foundation on European cybersecurity

Posted Apr 25, 2023 5:07 UTC (Tue) by pabs (subscriber, #43278) [Link]

The app problem you mention is exactly what TiVo did; deliberately breaking proprietary software when it runs on top of modified GPL software. Bradley Kuhn had a talk related to this, mostly in the context of GPL usage in cars. I believe the summary is that this is allowed by both GPLv2 and GPLv3. Its arguable whether this is a good thing or a bad thing; for eg it incentivises the reverse engineering of those proprietary apps and their replacement with new libre implementations, but it makes it a lot harder for non-technical users to switch from a locked down system to a libre one.

https://events19.linuxfoundation.org/wp-content/uploads/2...


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds