UserBusybox
Rich Felker
dalias at aerifal.cx
Sat Sep 16 05:50:06 UTC 2006
On Fri, Sep 15, 2006 at 08:19:40PM -0400, Rob Landley wrote:
> The question is whether or not the signed hash is, from a copyright
> perspective, a derived work of the GPLv2 binary, even if it's in a separate
> file...
IMO the hash by itself is not; however, if the party distributing the
hash is also distributing the binary based on GPLv2-covered code, they
are using the GPL (to allow them to distribute it) and thus they must
provide the _complete_ source code needed to generate the "binary" (the
machine-executable version of the program which includes the hash) as
well as binaries of modified versions of the program.
The hash plus the hashless binary is definitely not a case of "mere
aggregation". They're intended to be used together and one is useless
without the other.
> I expect that one to be appealed to at least a circuit court. Dunno if the
> supremes would be interested...
Actually I doubt it will go to court at all. The types who will use
disgusting code signing like this are way too paranoid of GPL already.
If they use GPL code they'll run it through obfuscators, rename all
the symbols and strings, etc. then lie about it rather than
distributing the source but claiming they don't have to distribute
keys.
That's what they're already doing anyway. I suspect every significant
piece of commercial software contains large amounts of stolen GPL
code. Imagine the scandals if someone found a good way to detect and
prove it...
Rich
More information about the busybox
mailing list