Posted by: Anonymous Coward
on February 05, 2006 12:46 AM
Torvalds is a pretty smart guy, and I'm surprised to see how badly he has missunderstood what the new GPL3 clauses actually say. The new "DRM" clauses do two things, and both of them protect the original intent and function of the GPL.
(1) It grants you the legal right to modify and redistribute the software. In particular it says you sall not be denied that right under the DMCA or the equivalant EUCD. This is in no way a restriction on people using the software or a restriction on people applying this license to their software. It simply says that courts are not to treat covered software as an "effective technical protection mechanism" and thus programmers should not be imprisoned for modifying it.
(2) It grants you the practical ability to modify and redistribute the software. In particular it says that the full source code must be provided, and it defines "full source code" to included everything required to be able to make functional modifications. If leaving out some crypto key would make it impossible for a modified program to continue to operate, then that key must be included.
This does not apply or interfere with any normal security issues. If you want to use signed files, and if you want your computer not to run files unless they are properly signed, then there is no problem. You properly have the right and ability to modify and run that software, you have the right and ability to add or alter or remove that key and key code and the software continues to work exactly the way you want. The issue only comes up when someone attempts to defeat the GPL. The issue only comes up if you are denied the legal right or the practical ability to modify the software and for that modified software to continue to operate. The issue comes up if modifed software is prevented from working because they did not include the full source - if the modified software is prevented from continuing to work because a specific key was missing.
That second issue might be hard to understand or may seem weird, becuase it is an issue that has never arisen before. In normal software on normal hardware it would be impossible for that situation to arise. Normally it would be impossible to prevent modifed software from operating in that manner. Normally a specific key is not and cannot be required to get modified and compiled source to continue to run. But on the new PCs currently hitting the market it is in fact possible for such a situation to occur. Such software will not work on a normal old computer, and the new computers are incapable of getting the modified software to work without the secret key. That key has effectively become a part of the source code, a required part of the source to be able to compile code that *can* continue to operate on your computer.