On Thursday 25 June 2009 07:04:07 Detlev Zundel wrote: > >> >> > but when customers absolutely state their requirements are secure > >> >> > boot and the ability to lock their hardware so no one else can run > >> >> > things, then i'm not about to argue with them. their response is > >> >> > simply "fine, we'll move on to the next guy who will satisfy our > >> >> > requirements". > >> >> > >> >> It is your decision if you don't want to even understand your > >> >> customers needs. > >> > > >> > wrong, we've actually done the opposite. we know what they want to do > >> > and it is doable with GPLv2. it is not doable with GPLv3. > >> > >> From what I read, I do not get this impression. "Locking people out" is > >> not a ulterior motive but the outcome of a perceived threat to a > >> business model. It was this business model that I wanted to get a clear > >> picture of. It seems I cannot get any more informatino here. > > > > locking down a machine is part of due diligence as well when it comes to > > certification. not taking measures to prevent uncertified code from > > running is a legal liability for companies. > > An aircraft is also a certified product - won't you think? Do you > believe that an airline carrier ships its planes to the manufacturer if > they need to replace a screw? Obviously there must be ways to ensure > certification even in such cases. Why should those methods not be > applicable to other fields as well? > > It is this "certification is only possible like we say" attitude which I > seriously question.
whether you question this attitude doesnt matter. you arent a lawyer in general, you arent a lawyer for these companies, and you arent indemnifying them. their legal review says that it's a requirement, so it is now a requirement for the software. anything beyond that is irrelevant. > >> >> > they arent generally trying to lock out people who just want to > >> >> > toy, they're targeting people who want to clone their hardware or > >> >> > functionality to create knockoffs or they're trying to guarantee > >> >> > lock down so they can get certified (like medical devices). > >> >> > >> >> How does GPLv3 vs. GPLv2 touch the "we will get cloned" question? > >> >> Maybe I do not see the obvious here, but sourcecode to binaries under > >> >> either license must be available, so what's the difference? > >> > > >> > if you dont have the decryption keys, you cant read the end program. > >> > having access to the u-boot source doesnt matter. > >> > >> Having access to the physical device will. How long do you think will > >> it take to get broken into? Unfortunately physics do not follow wishes > >> of companies as seen over and over in the past. > > > > and companies understand that. i never said locking the device is a 100% > > guarantee to prevent cloning -- nothing in life is 100%. it does however > > significantly make it harder to reverse engineer a black box that is > > wiggling pins than it is to disassemble code and memory. the companies i > > work with are concerned with delaying clones for most of that product > > generation's life span, not eternity. if the clone comes in after the > > company has gotten their fair share out of it, then that's fine by them. > > clones are an unfortunate aspect of commercial life. without the secure > > boot aspect, people are able to create knockoffs with enough turn around > > time to do quite a bit of damage to the product's life span. > > It's not the first time I hear this mantra. Can you give me some facts > to back this up? i dont know what kind of "facts" you're looking for. i didnt make this scenario up, it was described to me by a customer in the US and their experience with Chinese cloners. i'm not going to give customer information or name names if that's what you want. -mike
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ U-Boot mailing list [email protected] http://lists.denx.de/mailman/listinfo/u-boot
