BT Home Hub: Continued violation

Arnoud Engelfriet arnoud at engelfriet.net
Mon Apr 14 08:51:58 CEST 2008 

Alexandre Oliva wrote:
> On Apr 13, 2008, Arnoud Engelfriet <arnoud at engelfriet.net> wrote:
> 
>> It is a perfectly acceptable custom in software to create signatures
>> for particular executables (or source code tarballs).
> 
> For the purpose of enabling a user to verify that the executables (or
> source code tarballs) are from the origin they claim to be, and decide
> whether or not to use them.
> 
> When they become a means for a computer system to decide it on its
> own, and prevent the user from installing or running the executable,
> then it becomes software.

What do you mean, "becomes software"? Software is software regardless of its 
purpose.

> I could agree that this distinction may be artificial, that perhaps it
> would be wise for Free Software licenses to grant distributors the
> right to distribute signatures, as long as their expected use is
> limited to authentication (rather than authorization).

This explains the Installation Information clause in GPLv3.

> But I don't see how to argue that instructions for a computer system
> as to whether to authorize the execution of a piece of software,
> distributed along with the software, could be regarded as (i) not part
> of the piece of software, or (ii) not software at all.

The question is whether it's part of the complete corresponding source code of 
the program that the signature applies to. That is, as per GPLv2, all source for 
all modules that the program contains plus the configure & install scripts.

My position is that since the signature is a separate data item that is not
used by the program, it's not a module in the above sense. Further, the 
configure and install scripts also do not use the signature.

The decision whether to execute the program is outside the control of the 
configuration and install scripts. The filesystem could be sticky so that the 
execute bit would be disabled. Then what?

>   when you distribute the same sections as part of a whole which is a
>   work based on the Program, the distribution of the whole must be on
>   the terms of this License, whose permissions for other licensees
>   extend to the entire whole, and thus to each and every part
>   regardless of who wrote it.

This refers to separately identifiable *modules* of the program.

But in any case, this one is easy: I'll just distribute the signature 
separately. Or I'll generate signatures for programs from well-known third 
parties with whom I have no affiliation. I'll sign the GNU coreutils as made 
available by the GNU project. I'll patch Linux to only accept coreutils if it 
finds a valid signature from me. Have I now just made coreutils undistributable 
because the GNU project can no longer deliver the CCSC?

Arnoud

-- 
Arnoud Engelfriet, Dutch & European patent attorney - Speaking only for myself
Patents, copyright and IPR explained for techies: http://www.iusmentis.com/
               Arnoud blogt nu ook: http://blog.iusmentis.com/

More information about the legal mailing list