[olug] Fw: FC: Linus Torvalds on digital rights management inLinux kernel

Tue Apr 29 14:05:37 UTC 2003

Why can't you sign the kernel with a blank key, note the location of the
signature block in the binary, write a closed source signing tool, and
run it against the kernel?  This would mean that the key could remain
closed source and the kernel could be signed by said key.

I don't think the GPL protects against this.

Andrew

On Tue, 2003-04-29 at 08:44, Eric Johnson wrote:
> On Tue, 29 Apr 2003, Daniel G. Linder wrote:
> 
> > Nick Walter [mailto:waltern at iivip.com] wrote:
> > > I don't think DRM, in and of itself, is a bad thing.
> > >
> > > In conjunction with the absolutely crappy intellectual
> > > property/copyright
> > > laws we have in this country, it does however becomes a tool
> > > for content
> > > providers to control content users.  I agree with Linus, the
> > > place to fight
> > > this isn't on the technical front.  We need to change the crappy laws.
> > >
> > > Nick Walter
> >
> > Yup, that's my view too.  I can imagine some future implementation of a
> > firewall/vpn setup that could use the DRM within the kernel to be yet
> > another layer of ensuring that the module I am loading is the "blessed"
> > one from my distributor and not a hacked/trojaned version from some
> > nefarious entity.
> >
> > DRM should not be a valid reason to stop producing OSS products.  Just
> > because you have access to the source code and can recompile it, I won't
> > be able to "sign" it with a DRM key to make someone else believe it is
> > really the version that "Linus Torvalds" wrote, compiled, and published.
> > The only theoretical weakness is if the signing key were to be stolen.
> > Of course, the DRM system should have a way to revoke the key as a valid
> > key.  Then at least you know that new stuff coming with that signed key
> > is not to be trusted but you still have the option of loading and using
> > it (maybe your copy came from a CD that was burned before the key was
> > stolen).
> >
> > Like Nick said, the real change needs to be made in the way laws are
> > interpreted and enforced, not in the writing of more laws or making
> > technology be our chaperone.
> >
> > Dan
> 
> Linus comment did not say he approved of DRM in the kernel. In fact, I
> believe that he said that he saw no way to make that work, since the key
> would have to become part of the open source. He simply said that he had
> no problem with someon signing a kernel to make it compliant with some of
> the coming DRM-capable hardware.
> 
> -- Eric Johnson
> -- eric_j at oasis.novia.net
> 
> --------------------------------------------------------------
> "Ahh, arrogance and stupidity all in the same package.
>     How efficient of you."
> 
>     -- Londo Molari
> 
>             /*\         ASCII RIBBON CAMPAIGN
>             \ /         - AGAINST HTML EMAIL
>              X          - AGAINST MS ATTACHMENTS
>             / \
> --------------------------------------------------------------
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug