Daniel Hazelton writes:
> On Friday 15 June 2007 05:30:09 Bernd Paysan wrote:
>> On Friday 15 June 2007 01:46, [email protected] wrote:
>> > if you cannot modify the software that runs on your Tivo hardware you
>> > haven't tried very hard.
>>
>> Yes, but the GPLv2 clearly says that you don't have to try very hard. The
>> preferred form of modification has to be distributed. I can run a
>> decompiler or disassembler on a program, and I can even modify it in place
>> with a hex editor (I have even modified programs in embedded ROMs by using
>> focussed ion beam, so I know you can modify every program if you try hard
>> enough). It's certainly possible to crack Tivo's firmware to accept my own
>> signature, but it's *not* the preferred form of modification, the source
>> code and Tivo's key for the signature.
>
> How is a signing key part of the "preferred form for modification"? It isn't a
> requirement to *modify* anything, just to *replace* something. (And I am
> *NOT* going to explain why "replace != modify" again)
The signing key determines a critical portion of the binary form that
was distributed. You cannot produce that portion of the binary form
without the signing key. Without that portion, the binary form does
not perform the function for which it is distributed. If you think
such an input is not part of "the preferred form for modification", I
have a bridge to sell you.
The work that the GPL protects a recipient's right to modify and
redistribute is not the source code -- it is each form the user
receives.
>> Since Tivo's firmware only accepts a signed kernel, the combination of
>> kernel+signature is the binary they ship. The kernel itself is useless, the
>> signature as well. Therefore, you can imply that Tivo's key is part of
>> the "other stuff" the GPLv2 mentions, because you need it to recreate the
>> same code as Tivo did and shipped (compilers insert timestamps and such),
>> and to modify that code. The source code is just a mean, the thing they
>> shipped is the end (the binary), and they have to comply with the GPL for
>> that binary - which by all means of practical understanding includes the
>> signature.
>
> I can find no such requirement in the GPLv2. In fact, it actually says that
> you don't even have to be able to *USE* the program. See section 12 of the
> GPL if you don't believe me.
Section 12 of the GPL(v2) is a warranty and liability disclaimer. It
is not an absolution of license obligations. It limits the liability
of a distributor to the end user, not to copyright owners.
Michael Poole
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]