Man in the middle
From GPLv3 Wiki
Revision as of 12:09, 2 March 2006 ciaran (Talk | contribs) fix tyop ← Previous diff |
Revision as of 09:37, 22 August 2006 jonaso (Talk | contribs) Added opinon on man-in-the-middle Next diff → |
||
Line 4: | Line 4: | ||
[[User:ciaran]]: Maybe party A is ''not'' required to give its signing keys? if party A has not distributed GPLv3'd code, the requirements in the GPLv3 cannot apply to party A. This would mean that there is a problem which GPLv3 does not solve. The other alternative is that the firmware (or other software) in Party A's device could be considered a work based on Party B's code (a derivative work) and would therefore have to be distributed under the GPLv3 - and the outcome would be that the Party A cannot distribute their device because they cannot comply with the GPLv3. | [[User:ciaran]]: Maybe party A is ''not'' required to give its signing keys? if party A has not distributed GPLv3'd code, the requirements in the GPLv3 cannot apply to party A. This would mean that there is a problem which GPLv3 does not solve. The other alternative is that the firmware (or other software) in Party A's device could be considered a work based on Party B's code (a derivative work) and would therefore have to be distributed under the GPLv3 - and the outcome would be that the Party A cannot distribute their device because they cannot comply with the GPLv3. | ||
+ | |||
+ | [[User:jonaso]]: I believe the way to read this is that Party A has no problem distributing their hardware. They are not infringing on any license by doing so. Part B is required by the license to also include, in the Corresponding Source with their binary, also any encryption or authorization keys required to use modified versions in the | ||
+ | == recommended or principal context of use ==. So if the recommended or principal context of use is for the software to be used in the machine of Party A, then Party B must supply the necessary signing keys to make modified binaries useable with such machines. |
Revision as of 09:37, 22 August 2006
Situation: Party A builds a machine that will only run binaries signed by party B.
Outcome #1: Party B is not required to give its signing keys, but party A is--except he doesn't have it, since he never got it from party B. What happen(s)? (Take off every "sig"? :D)
User:ciaran: Maybe party A is not required to give its signing keys? if party A has not distributed GPLv3'd code, the requirements in the GPLv3 cannot apply to party A. This would mean that there is a problem which GPLv3 does not solve. The other alternative is that the firmware (or other software) in Party A's device could be considered a work based on Party B's code (a derivative work) and would therefore have to be distributed under the GPLv3 - and the outcome would be that the Party A cannot distribute their device because they cannot comply with the GPLv3.
User:jonaso: I believe the way to read this is that Party A has no problem distributing their hardware. They are not infringing on any license by doing so. Part B is required by the license to also include, in the Corresponding Source with their binary, also any encryption or authorization keys required to use modified versions in the == recommended or principal context of use ==. So if the recommended or principal context of use is for the software to be used in the machine of Party A, then Party B must supply the necessary signing keys to make modified binaries useable with such machines.