> The gplv3 FAQ says this: >> I use public key cryptography to sign my code to assure its authenticity. Is >> it true that GPLv3 forces me to release my private signing keys? >> >> No. The only time you would be required to release signing keys is if you >> conveyed GPLed software inside a User Product, and its hardware checked the >> software for a valid cryptographic signature before it would function. In >> that specific case, you would be required to provide anyone who owned the >> device, on demand, with the key to sign and install modified software on his >> device so that it will run. If each instance of the device uses a different >> key, then you need only give each purchaser the key for his instance. > > Everything following “No” is saying “Yes", you would have to give up private > signing keys if you are code-signing for safety.
If you can run code that is not signed, then you have "This is the unmodified, secure code", and "This is a modified code; are you sure you want to run it?". I can have an app licensed to a specific machine by giving that machine and app combination a certificate. A user can modify that app, use that certificate that is specific to that app and that machine, to resign. The hardware can check that the code is both validly signed, and that the signing key is appropriate to the local machine. I can, for example, have a machine designed for students, with no ability for the user to say "trust this" -- code has to be trustable before it will run -- and give the individual student the ability to sign custom code for their own machine. Nothing requires you to give up private keys. All you have to do is provide a machine specific key for the next step in signing, with no requirement that someone else can generate machine keys on their own. --- This is coming from Mail.app. I hate the new Gmail web look, and dislike Mail only slightly less. _______________________________________________ MacOSX-admin mailing list [email protected] http://www.omnigroup.com/mailman/listinfo/macosx-admin
