From: Linus Torvalds <torvalds@transmeta.com>
To: Greg KH <greg@kroah.com>
Cc: Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: Flame Linus to a crisp!
Date: Wed, 23 Apr 2003 21:57:17 -0700 (PDT) [thread overview]
Message-ID: <Pine.LNX.4.44.0304232146020.19326-100000@home.transmeta.com> (raw)
In-Reply-To: <20030424044328.GA15360@kroah.com>
On Wed, 23 Apr 2003, Greg KH wrote:
> On Wed, Apr 23, 2003 at 08:59:45PM -0700, Linus Torvalds wrote:
> >
> > Btw, one thing that is clearly _not_ allowed by the GPL is hiding private
> > keys in the binary. You can sign the binary that is a result of the build
> > process, but you can _not_ make a binary that is aware of certain keys
> > without making those keys public - because those keys will obviously have
> > been part of the kernel build itself.
>
> The GPL does allow you to embed a public key in the kernel
Absolutely. That's why I said "private key".
It's clearly ok to embed any number of keys you damn well want inside the
kernel itself - it's just that the GPL requires that they be made
available as source, so by implication they had damn well better be
public.
So yes, it's perfectly fine to embed a public key inside the kernel, and
use that public key to verify some external private key.
> I know a lot of people can (and do) object to such a potential use of
> Linux, and I'm glad to see you explicitly state that this is an
> acceptable use, it helps to clear up the issue.
The reason I want to make it very explicit is that I know (judging from
the private discussions I've had over the last few weeks) that a lot of
people think that the GPL can be interpreted in such a way that even just
the act of signing a binary would make the key used for the signing be
covered by the GPL. Which obviously would make the act of signing
something totally pointless.
And even if some lawyer could interpret it that way (and hey, they take
limbo classes in law school explicitly to make sure that the lawyers _are_
flexible enough. Really! Look it up in the dictionary - right next to
"gullible"), I wanted to make sure that we very explicitly do NOT
interpret it that way.
Because signing is (at least right now) the only way to show that you
trust something. And if you can't show that you trust something, you can't
have any real security.
The problem with security, of course, is exactly _whom_ the security is
put in place to protect. But that's not a question that we can (or should)
try to answer in a license. That's a question that you have to ask
yourself when (and if) you're presented with such a device.
Linus
next prev parent reply other threads:[~2003-04-24 4:44 UTC|newest]
Thread overview: 230+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-04-24 3:59 Flame Linus to a crisp! Linus Torvalds
2003-04-24 4:40 ` Joel Jaeggli
2003-04-24 4:43 ` Greg KH
2003-04-24 4:57 ` Linus Torvalds [this message]
2003-04-24 5:02 ` Clemens Schwaighofer
2003-04-24 5:39 ` viro
2003-04-24 5:56 ` Valdis.Kletnieks
2003-04-24 8:46 ` Dax Kelson
2003-04-24 9:46 ` Clemens Schwaighofer
2003-04-24 10:54 ` Felipe Alfaro Solana
2003-04-25 0:07 ` Clemens Schwaighofer
2003-04-24 4:54 ` Andre Hedrick
2003-04-24 5:16 ` Linus Torvalds
2003-04-24 13:08 ` Shawn
2003-04-24 20:12 ` Kenneth Johansson
2003-04-24 17:32 ` Andreas Boman
2003-04-24 17:41 ` William Lee Irwin III
2003-04-24 19:39 ` Balram Adlakha
2003-04-26 17:05 ` Riley Williams
2003-04-24 5:02 ` Mark J Roberts
2003-04-24 5:13 ` Clemens Schwaighofer
2003-04-24 5:15 ` William Lee Irwin III
2003-04-24 5:43 ` Linus Torvalds
2003-04-24 6:15 ` William Lee Irwin III
2003-04-24 7:44 ` Jamie Lokier
2003-04-24 8:03 ` Jan-Benedict Glaw
2003-04-25 1:16 ` Jan Harkes
2003-04-25 1:35 ` Stan Bubrouski
2003-04-24 8:16 ` John Bradford
2003-04-24 8:31 ` Jamie Lokier
2003-04-24 8:59 ` John Bradford
2003-04-24 8:50 ` Jamie Lokier
2003-04-24 14:45 ` Linus Torvalds
2003-04-24 15:00 ` Jeff Garzik
2003-04-24 19:03 ` Daniel Phillips
2003-04-24 19:32 ` Timothy Miller
2003-04-24 19:22 ` Linus Torvalds
2003-04-24 20:19 ` Jamie Lokier
2003-04-24 20:35 ` Timothy Miller
2003-04-24 19:39 ` Balram Adlakha
2003-04-24 21:02 ` Jamie Lokier
2003-04-24 18:58 ` Daniel Phillips
2003-04-24 21:08 ` Jamie Lokier
2003-04-24 21:37 ` Timothy Miller
2003-04-24 21:30 ` Jamie Lokier
2003-04-24 21:38 ` John Bradford
2003-04-25 3:20 ` Shawn
2003-04-25 5:47 ` Jamie Lokier
2003-04-25 7:02 ` John Bradford
2003-04-25 8:05 ` Simple x86 Simulator (was: Re: Flame Linus to a crisp!) Steven Augart
2003-04-25 15:38 ` Timothy Miller
2003-04-25 16:10 ` John Bradford
2003-04-25 11:44 ` Antonio Vargas
2003-04-25 8:52 ` Flame Linus to a crisp! Helge Hafting
2003-04-25 14:03 ` Mike Dresser
2003-04-24 21:42 ` Russell King
2003-04-25 6:08 ` Jan-Benedict Glaw
2003-04-25 11:46 ` Antonio Vargas
2003-04-24 10:57 ` Giuliano Pochini
2003-04-24 22:51 ` Adrian Bunk
2003-04-24 7:55 ` Jamie Lokier
2003-04-24 8:37 ` Andreas Jellinghaus
2003-04-24 8:59 ` Jamie Lokier
2003-04-24 12:52 ` Andreas Jellinghaus
2003-04-24 15:37 ` Timothy Miller
2003-04-24 18:35 ` Alan Cox
2003-04-24 20:46 ` Timothy Miller
2003-04-24 20:50 ` Jamie Lokier
2003-04-24 21:03 ` Chris Adams
2003-04-24 22:29 ` Werner Almesberger
2003-04-24 22:41 ` Jamie Lokier
2003-04-24 22:54 ` Werner Almesberger
2003-04-25 0:26 ` Jamie Lokier
2003-04-24 22:41 ` Alan Cox
2003-04-27 14:21 ` Matthias Andree
2003-04-27 16:13 ` Stephan von Krawczynski
2003-04-27 16:59 ` Why DRM exists [was Re: Flame Linus to a crisp!] Larry McVoy
2003-04-27 17:04 ` Ben Collins
2003-04-27 17:34 ` Michael Buesch
2003-04-27 18:41 ` Henrik Persson
2003-04-27 17:35 ` Måns Rullgård
2003-04-27 17:49 ` Mirar
2003-04-27 23:15 ` H. Peter Anvin
2003-04-27 17:59 ` Michael Buesch
2003-04-27 21:28 ` Alan Cox
2003-04-28 1:48 ` rmoser
2003-04-28 9:05 ` Måns Rullgård
2003-04-28 10:44 ` The X-Window System John Bradford
2003-04-28 14:37 ` Herman Oosthuysen
2003-04-28 16:28 ` uaca
2003-05-06 3:55 ` Miles Bader
2003-04-27 18:07 ` Why DRM exists [was Re: Flame Linus to a crisp!] Matthias Schniedermeyer
2003-04-27 18:35 ` Chris Adams
2003-04-27 18:50 ` Larry McVoy
2003-04-27 19:11 ` Davide Libenzi
2003-04-27 20:13 ` Frank van Maarseveen
2003-04-27 20:34 ` walt
2003-04-27 21:26 ` Alan Cox
2003-04-27 22:07 ` Ross Vandegrift
2003-04-27 22:32 ` Larry McVoy
2003-04-27 22:05 ` Alan Cox
2003-04-27 23:28 ` Larry McVoy
2003-04-28 0:06 ` Ross Vandegrift
2003-04-28 11:03 ` Alan Cox
2003-04-29 18:06 ` Timothy Miller
2003-04-28 9:06 ` Eric W. Biederman
2003-04-28 14:55 ` Michael Buesch
2003-04-28 20:04 ` Matthias Schniedermeyer
2003-04-28 20:18 ` Larry McVoy
2003-04-28 20:22 ` Chris Adams
2003-04-28 21:24 ` Larry McVoy
2003-04-28 21:40 ` Roman Zippel
2003-04-28 22:13 ` Alan Cox
2003-04-28 22:16 ` Alan Cox
2003-04-29 0:09 ` Larry McVoy
2003-04-29 4:07 ` Dax Kelson
2003-04-29 5:08 ` Larry McVoy
2003-04-29 16:40 ` Scott Robert Ladd
2003-04-29 21:45 ` Helge Hafting
2003-04-30 9:58 ` Jamie Lokier
2003-04-30 15:06 ` Scott Robert Ladd
2003-04-29 5:59 ` Theodore Ts'o
2003-04-29 16:41 ` Scott Robert Ladd
2003-04-29 14:35 ` Alan Cox
2003-04-27 22:34 ` Matthias Andree
2003-04-27 22:51 ` Matthew Kirkwood
2003-04-27 23:53 ` Larry McVoy
2003-04-28 0:00 ` rmoser
[not found] ` <20030428001001.GP23068@work.bitmover.com>
2003-04-28 0:19 ` rmoser
2003-04-28 0:37 ` Larry McVoy
2003-04-28 0:40 ` rmoser
2003-04-28 11:38 ` Jan-Benedict Glaw
2003-04-29 14:21 ` Timothy Miller
2003-04-29 14:27 ` Henrik Persson
2003-04-29 19:56 ` Timothy Miller
2003-04-29 20:35 ` Henrik Persson
2003-04-30 8:39 ` Jamie Lokier
2003-04-27 18:47 ` William Lee Irwin III
2003-04-27 18:56 ` Werner Almesberger
2003-04-27 19:20 ` Geert Uytterhoeven
2003-04-27 21:30 ` Jon Portnoy
2003-04-27 21:32 ` Alan Cox
2003-04-27 22:36 ` Larry McVoy
2003-04-27 21:56 ` Alan Cox
2003-04-27 23:08 ` Matthew Kirkwood
2003-04-27 22:16 ` Alan Cox
2003-04-27 23:35 ` Matthias Andree
2003-04-27 22:07 ` Matthias Andree
2003-04-28 0:36 ` Scott Robert Ladd
2003-04-28 9:57 ` Stephan von Krawczynski
2003-05-06 15:58 ` Henning P. Schmiedehausen
2003-05-07 14:44 ` Stephan von Krawczynski
2003-05-07 14:28 ` Alan Cox
2003-05-07 21:40 ` Henning P. Schmiedehausen
2003-05-07 22:16 ` Alan Cox
2003-05-08 0:33 ` Kurt Wall
2003-04-28 11:26 ` Jan-Benedict Glaw
2003-05-06 15:59 ` Henning P. Schmiedehausen
2003-04-28 22:50 ` Timothy Miller
2003-04-29 14:46 ` Jeffrey Souza
2003-04-29 15:16 ` venom
2003-04-30 9:35 ` Jamie Lokier
[not found] ` <20030427171007$6d24@gated-at.bofh.it>
2003-04-27 20:08 ` Why DRM exists Florian Weimer
2003-04-24 19:23 ` Flame Linus to a crisp! Jamie Lokier
2003-04-24 19:50 ` Balram Adlakha
2003-04-24 8:57 ` Arjan van de Ven
2003-04-24 9:19 ` Russell King
2003-04-24 11:38 ` Shachar Shemesh
2003-04-24 17:46 ` Shachar Shemesh
2003-04-24 14:59 ` Linus Torvalds
2003-04-24 12:39 ` Mark Mielke
2003-04-24 15:53 ` Elladan
2003-04-24 18:31 ` Daniel Phillips
2003-04-24 23:15 ` Werner Almesberger
2003-04-25 11:28 ` Eric W. Biederman
2003-04-27 1:31 ` Werner Almesberger
2003-04-27 1:59 ` David Wagner
2003-04-25 14:37 ` Daniel Phillips
2003-04-25 15:17 ` Valdis.Kletnieks
2003-04-25 17:37 ` Werner Almesberger
2003-04-26 21:59 ` Daniel Phillips
2003-04-26 13:00 ` Geert Uytterhoeven
2003-04-26 18:22 ` Linus Torvalds
2003-04-26 18:41 ` viro
2003-04-26 18:48 ` Linus Torvalds
2003-04-28 14:20 ` John Stoffel
2003-04-26 19:23 ` Michael Buesch
2003-04-28 10:35 ` Andre Hedrick
2003-04-28 12:12 ` Jörn Engel
2003-04-28 14:01 ` Zack Gilburd
2003-04-28 14:30 ` Geert Uytterhoeven
2003-04-26 18:21 ` Rik van Riel
2003-04-26 23:34 ` Jamie Lokier
2003-04-27 3:59 ` Werner Almesberger
2003-04-24 20:16 ` Nils Holland
2003-04-25 4:46 ` My take on Trusted Computing and DRM Joseph Pingenot
[not found] <20030424041004$113a@gated-at.bofh.it>
2003-04-24 4:53 ` Flame Linus to a crisp! Tony 'Nicoya' Mantler
2003-04-24 12:36 Downing, Thomas
2003-04-24 14:12 ` Timothy Miller
2003-04-24 22:48 ` Werner Almesberger
2003-04-25 12:29 ` Ragnar Hojland Espinosa
2003-04-25 15:45 ` Timothy Miller
2003-04-24 20:39 Downing, Thomas
2003-04-24 21:28 ` Jamie Lokier
2003-04-24 21:42 ` Daniel Phillips
2003-04-24 22:45 ` Alan Cox
2003-04-24 23:59 ` Daniel Phillips
2003-04-25 9:07 ` Helge Hafting
2003-04-25 13:01 ` David Luyer
2003-04-25 8:13 ` Andreas Jellinghaus
2003-04-25 19:12 ` Jamie Lokier
2003-04-25 20:56 ` Andreas Jellinghaus
2003-04-25 21:50 ` Jamie Lokier
2003-04-24 21:55 Daniel Callahan
2003-04-24 22:10 Downing, Thomas
2003-04-24 22:36 ` Jamie Lokier
2003-04-25 12:23 Downing, Thomas
2003-04-25 12:36 Downing, Thomas
2003-04-27 7:25 ` Adrian Bunk
2003-04-25 12:41 Downing, Thomas
2003-04-25 12:57 Downing, Thomas
[not found] <Pine.LNX.4.44.0304232012400.19176-100000@home.transmeta.co m>
2003-04-27 10:52 ` Houston, I think we have a problem Mike Galbraith
2003-04-27 14:41 ` Martin J. Bligh
2003-04-27 17:25 ` Mike Galbraith
2003-04-27 17:29 ` Martin J. Bligh
2003-04-27 17:41 ` Mike Galbraith
2003-04-27 17:54 ` Mike Galbraith
2003-04-28 5:17 ` Mike Galbraith
2003-04-28 6:15 ` Jan Harkes
2003-04-28 9:30 Flame Linus to a crisp! Martin_List-Petersen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Pine.LNX.4.44.0304232146020.19326-100000@home.transmeta.com \
--to=torvalds@transmeta.com \
--cc=greg@kroah.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).