On 29 October 2014 10:29, Kevin Brubeck Unhammer <[email protected]> wrote: > Mikel Artetxe <[email protected]> writes: >> Sure. In fact, that's exactly what I was proposing from the beginning. >> Jim's point was that we would be forced to publish our private key >> because of GPL, but it looks like that wouldn't be necessary after >> all. > > apt-get is GPL, and it uses a set of public keys to check the downloaded > software. It lets you change its keyring of course, but a user could do > that with Mitzuli as well by downloading the source and swapping out the > public key for their own and signing their own language pairs etc. >
apt is quite different; firstly, it's demonstrably not intended primarily for use on "User Devices"; but it also allows you to rebuild the package from (possibly modified) source, as well as install your own keys, or install unsigned packages -- the latter two were both possibilities Mikel mentioned for Mitzuli. > I don't know the details of how the GPL works on this, but I thought the > issue arose when you packaged some *private* key, and had to decrypt > something[1]. In Mitzuli's case, however, only public keys are packaged, > and public signatures are downloaded. No private key is required in the > software for any functionality. > > > [1] The obvious unfree example would be if we wanted people not to make > copies of the language pair (say they were paid for), and so we > encrypted the language pairs and shipped a private key in the app. > That, I'm fairly sure is GPL-infringing. I couldn't honestly say if that's covered or not; if you sold someone a binary and gave them the private key (= used for signing) instead of the public key (= used for validating), then they wouldn't be able to run it; if this was done deliberately, it would most likely come under fraud or consumer protection laws (i.e., knowingly selling something not fit for purpose), rather than copyright. -- <Sefam> Are any of the mentors around? <jimregan> yes, they're the ones trolling you ------------------------------------------------------------------------------ _______________________________________________ Apertium-stuff mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/apertium-stuff
