Personal tools

Man in the middle

From GPLv3 Wiki

Situation: Party A builds a machine that will only run binaries signed by party B.

Outcome #1: Party B is not required to give its signing keys, but party A is--except he doesn't have it, since he never got it from party B. What happen(s)? (Take off every "sig"? :D)

User:ciaran: Maybe party A is not required to give its signing keys? if party A has not distributed GPLv3'd code, the requirements in the GPLv3 cannot apply to party A. This would mean that there is a problem which GPLv3 does not solve. The other alternative is that the firmware (or other software) in Party A's device could be considered a work based on Party B's code (a derivative work) and would therefore have to be distributed under the GPLv3 - and the outcome would be that the Party A cannot distribute their device because they cannot comply with the GPLv3.

User:jonaso: I believe the way to read this is that Party A has no problem distributing their hardware. They are not infringing on any license by doing so. Part B is required by the license to also include, in the Corresponding Source with their binary, also any encryption or authorization keys required to use modified versions in the == recommended or principal context of use ==. So if the recommended or principal context of use is for the software to be used in the machine of Party A, then Party B must supply the necessary signing keys to make modified binaries useable with such machines.

User:jcarr: My gut tells me this is outside the scope of copywrite law; therefore the GPL can't protect you from it. jcarr 20:04, 29 August 2006 (EDT)