IANAL, but: On Tue, Apr 28, 2009 at 7:32 PM, David Cottrill <[email protected]> wrote: > So of, but not really. > > Making, for example, a mythbuntu box using Debian-live it is a security > flaw to install ssh where it is not needed and a usability flaw to > include root access for a box intended for those ignorant of Linux.
ssh: Yes, but you are not required to do so. root access: Why? Because it makes it easier to nuke the device? I am fairly certain that you can still 'protect' users from root access without running afoul of the GPL3. Have different access levels and require the user to take a certain, well documented action to switch to root. 'sudo' comes to mind. > I have no problem giving access to the source, or even of having a > obfuscated method of access to the system but at what point does that > obfuscated access become tivoisation? Obfuscated access becomes tivoisation when it is specifically intended to hinder modification of the software that is covered by the GPL3. > Making it easy to access the underlying system is a serious usability > flaw. An experienced Linux user could crack almost any system with a > removable hard drive (like the one I'm planning on) in under 2 minutes. > An inexperienced user could brick an embedded system in even less. You don't have to make it easy, i.e., you don't have to jump through hoops to help users to modify the software in your device. They have to be able to do it, and the way to go about it needs to be documented. If that includes removing the hard drive and hooking it up to another computer, you should be fine as long as you didn't take any measures to disable your device once the user does so. In other words, you don't have to add an Ethernet port to your MP3 player just so users can TFTP into it to replace the firmware. I don't quite understand why making access to the underlying system easy would be a usability flaw. True, requiring use of the command line to get the full benefit of the device would probably be considered a detriment to the usability of the product, but offering it as an easily accessible option should be rather d\safe in that respect. As for users bricking the system: Put up a warning that this is a possibility and specifically disclaim any warranty in case of any modifications by the user. Just my two cents... --Juergen -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
