UserBusybox

[Andy Green]

Rich Felker wrote:

>> GPL2 just talks about giving sources and build scripts to regenerate the 
>> binary, it says nothing about "intended hardware" or the ability to run 
> 
> You can't generate the same binary you received if you don't have the
> keys. Thus they're part of the source. A pre-signed binary or a script

Hum 'regenerating the binary' is my language, it does not appear in the 
GPL2.

''For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable.''

You could try to stretch "associated interface definition files" to mean 
crypto keys, but it seems to me to refer to API includes.

> If you don't believe GPLv2 is specific enough about this, then all you

A belief I would apparently share with the author of it, given what is 
in GPL3... the hope of liberating crypto keys from GPL2-only licensed 
implementations seems to me to be wishful thinking.

As a user I resonate to the wish for such abilities.  If you look into 
the hard crypto-based monitoring in new chips like Freescale iMX31 
(XBOX260-style hardware RAM block SHA-1 hash checking ongoing at 
runtime; permanent key deletion on tamper detect based on failed JTAG 
challenge-response) GPL3 demand for keys and a patent umbrella is 
commendable, visionary and ahead of its time.  But for me today is 
better served with a GPL2 busybox, since I can feed my kids thereby.

-Andy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4492 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.busybox.net/pipermail/busybox/attachments/20060915/47c4ed43/attachment-0002.bin