larry price wrote:
On 1/16/06, Patrick R. Wade <[EMAIL PROTECTED]> wrote:
http://gplv3.fsf.org/draft
Interesting Bits from GPLv3
Can't encrypt source or binaries, or access to execution environment.
""" Complete Corresponding Source Code also includes any encryption or
authorization codes necessary to install and/or execute the source code of
the work, perhaps modified by you, in the recommended or principal context
of use, such that its functioning in all circumstances is identical to that
of the work, except as altered by your modifications. It also includes any
decryption codes necessary to access or unseal the work's output.
Notwithstanding this, a code need not be included in cases where use of the
work normally implies the user already has it."""
This sounds like a really big deal but if done properly its not. Like
when your newly built SUSE box boots up for the first time it creates
the SSH keys - the code installed has everything in it in plain view
from a certain standpoint. This is also a sign of the best type of
security - you can tell an attacker exactly how you are doing it, and it
makes no difference. Always beware of secret "proprietary" encryption
or encoding schemes.
Case in point - do you live in Eugene and do you pay your bill on EWEB's
ebpp site ? The encryption they use to store your credit card I was
told was proprietary and secret ( was purchased and contracts signed
just before my hire )- and it wasnt until the VISA laws changed last
June that they actaully told me what it was .. and its barely stronger
than a bit shift ( and in my opinion doesn't meet VISA regs - though
they claim it does ) - I found countless college papers in 15min on why
its a bad idea to use what they are using. So I think the GPL is
trying to protect you from something like this.. however a wrong
interpretation of "execution environment" could be a bad thing and that
should be clarified. You should be able to secure your environment, but
HOW you are doing that should be open.
Mark
_______________________________________________
EUGLUG mailing list
[email protected]
http://www.euglug.org/mailman/listinfo/euglug
