On Sun, 8 Jan 2012 22:46:13 -0500 Jeffrey Walton <noloa...@gmail.com> wrote:
> Hi All, > > I was reading on CyanogenMod (a custom ROM project for Android) and > "The story behind the mysterious CyanogenMod update" > (http://lwn.net/Articles/448134/). > > Interestingly, it seems some privaye keys were circulated to comply > with GPL V3 with some nasty side effects (could anything else be > expected?). My understanding is that this is not necessary for GPLv3 compliance, as the license does not require the disclosure of private keys (which would undermine the entire package signing system used by GNU/Linux distributions) but instead requires that people be allowed to modify the software configuration of the system. That could mean allowing unsigned software to be installed or allowing a user to add their own public keys to their system. > Some interesting points were brought up, including how to > comply with GPL V3. Someone else made the same point that I made above: there is nothing in the GPLv3 that requires the release of private keys. It only requires that users be allowed to install, modify, or remove software. > Is anyone aware of papers on integrity/signature schemes or protocols > tailored for GPL V3? Or does this reduce to (1) allow the > hardware/firmware to load additional [trusted] public keys; or (2) > provide the private key for the hardware? Like I said, you can allow users to add additional trusted keys to the system, or you can allow users to run unsigned code. The only situation that would necessitate publishing a private key would be if the hardware itself refused to run code that was not signed by a single, fixed key -- and then GPLv3 compliance will be the least of your problems. -- Ben > Jeff > _______________________________________________ > cryptography mailing list > cryptography@randombit.net > http://lists.randombit.net/mailman/listinfo/cryptography -- Benjamin R Kreuter UVA Computer Science brk...@virginia.edu -- "If large numbers of people are interested in freedom of speech, there will be freedom of speech, even if the law forbids it; if public opinion is sluggish, inconvenient minorities will be persecuted, even if laws exist to protect them." - George Orwell
signature.asc
Description: PGP signature
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography