Slashdot Mirror


Linus on DRM

Linus Torvalds weighed in on the DRM debate on the linux-kernel mailing list last night. No, don't click through, his email is reproduced below. Worth reading and thinking about.

Thread on LKML:

Date: Wed, 23 Apr 2003 20:59:45 -0700 (PDT)
From: Linus Torvalds
To: Kernel Mailing List
Subject: Flame Linus to a crisp!

Ok,
there's no way to do this gracefully, so I won't even try. I'm going to
just hunker down for some really impressive extended flaming, and my
asbestos underwear is firmly in place, and extremely uncomfortable.

I want to make it clear that DRM is perfectly ok with Linux!

There, I've said it. I'm out of the closet. So bring it on...

I've had some private discussions with various people about this already,
and I do realize that a lot of people want to use the kernel in some way
to just make DRM go away, at least as far as Linux is concerned. Either by
some policy decision or by extending the GPL to just not allow it.

In some ways the discussion was very similar to some of the software
patent related GPL-NG discussions from a year or so ago: "we don't like
it, and we should change the license to make it not work somehow".

And like the software patent issue, I also don't necessarily like DRM
myself, but I still ended up feeling the same: I'm an "Oppenheimer", and I
refuse to play politics with Linux, and I think you can use Linux for
whatever you want to - which very much includes things I don't necessarily
personally approve of.

The GPL requires you to give out sources to the kernel, but it doesn't
limit what you can _do_ with the kernel. On the whole, this is just
another example of why rms calls me "just an engineer" and thinks I have
no ideals.

[ Personally, I see it as a virtue - trying to make the world a slightly
better place _without_ trying to impose your moral values on other
people. You do whatever the h*ll rings your bell, I'm just an engineer
who wants to make the best OS possible. ]

In short, it's perfectly ok to sign a kernel image - I do it myself
indirectly every day through the kernel.org, as kernel.org will sign the
tar-balls I upload to make sure people can at least verify that they came
that way. Doing the same thing on the binary is no different: signing a
binary is a perfectly fine way to show the world that you're the one
behind it, and that _you_ trust it.

And since I can imaging signing binaries myself, I don't feel that I can
disallow anybody else doing so.

Another part of the DRM discussion is the fact that signing is only the
first step: _acting_ on the fact whether a binary is signed or not (by
refusing to load it, for example, or by refusing to give it a secret key)
is required too.

But since the signature is pointless unless you _use_ it for something,
and since the decision how to use the signature is clearly outside of the
scope of the kernel itself (and thus not a "derived work" or anything like
that), I have to convince myself that not only is it clearly ok to act on
the knowledge of whather the kernel is signed or not, it's also outside of
the scope of what the GPL talks about, and thus irrelevant to the license.

That's the short and sweet of it. I wanted to bring this out in the open,
because I know there are people who think that signed binaries are an act
of "subversion" (or "perversion") of the GPL, and I wanted to make sure
that people don't live under mis-apprehension that it can't be done.

I think there are many quite valid reasons to sign (and verify) your
kernel images, and while some of the uses of signing are odious, I don't
see any sane way to distinguish between "good" signers and "bad" signers.

Comments? I'd love to get some real discussion about this, but in the end
I'm personally convinced that we have to allow it.

Btw, one thing that is clearly _not_ allowed by the GPL is hiding private
keys in the binary. You can sign the binary that is a result of the build
process, but you can _not_ make a binary that is aware of certain keys
without making those keys public - because those keys will obviously have
been part of the kernel build itself.

So don't get these two things confused - one is an external key that is
applied _to_ the kernel (ok, and outside the license), and the other one
is embedding a key _into_ the kernel (still ok, but the GPL requires that
such a key has to be made available as "source" to the kernel).

Linus

8 of 890 comments (clear)

  1. Props to Linus by dtolton · · Score: 5, Insightful

    What Linus is saying makes complete sense to me. I think the
    Kernel level of Linux is the wrong place to make a political
    stand like that. What has made Linux successful, and what will
    make it ultimately *the* OS is it's an
    Evolvable System

    The fact that people can use Linux for whatever they need to is
    what makes it such a compelling system. The fact that you can
    tinker with it, change the source, in short make it work for you
    is what makes Linux successful.

    He also makes a good point, there is a difference between
    allowing DRM and forcing everyone that uses the OS to use DRM
    (as M$ want). There are some times when DRM is very legitimate
    (Goverment Top Secret Docs, Litigation Confidential information
    etc), and there are the times when I consider it to be
    un-ethical (most other situations I can think of).

    I have to say way to go Linus. Keep the system evolvable.
    Ultimately isn't it a catch 22 anyway? If he prohibits DRM,
    isn't that sort of like saying "this is my software and you
    can't do XX with it".

    --

    Doug Tolton

    "The destruction of a value which is, will not bring value to that which isn't." -John Galt
    1. Re:Props to Linus by FortKnox · · Score: 5, Insightful

      Linus is great in these situations. He takes rabid open source zealots and brings them back to reality before they go too far off.

      He simply shows that you don't have to be political (mp3 sharer, privacy guru, etc...) to enjoy Linux. And offshoots will always be there for you rabid-types.

      Who's loss? None.

      --
      Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
    2. Re:Props to Linus by renehollan · · Score: 5, Insightful
      He simply shows that you don't have to be political (mp3 sharer, privacy guru, etc...) to enjoy Linux

      You don't have to be political to enjoy a nice pair of new running shoes (made, possibly, with child labour), medical advances (made possible to some degree due to research done via unanesthesized vivisection of Jews by Nazis during WWII), or "free" health care (paid by tax dollars taken from those who now can't pay for their medical needs not covered by the "free" program).

      You don't have to, certainly, but you should.

      Politics, at its core, is the study of the philosophy of ethics. Ideally, the concern should be arriving at a means to determine whether actions are "right" or "wrong" without personal or group bias. Of course, "politics", as practiced, has nothing to do with ethics, and everything to do with special interests. And, no doubt, different people have different views of "right" and "wrong". It behooves them, to take part in the ethical debate.

      With regard to Linux, particularly these days, that debate extends to whether it should be "permitted" to exist at all, supposedly being a "hackers'" and "terrorists'" tool. Surely, anyone who enjoys Linux should have an interest in the ethics surrounding it.

      Now, should is not must, and people are free to live their lives in apolitical oblivion. However, the old mantra "evil prevails when good people do nothing", does nag at one's conscience, and such apathy in an individual is not a characteristic I particularly like to see.

      In this regard, RMS is right to deride Linus Torvalds as merely an "engineer". Linus' pet operating system would not even exist, and have a strong ethical footing supporting the "goodness" of that existance, were it not for RMS' philosophical views. While this does not represent a "debt", per se., decent people generally respond to kindness (yes, the GPL is an act of kindness), by reciprocating.

      --
      You could've hired me.
  2. In summary... by sporty · · Score: 5, Insightful

    Technology, encryption, reverse engineering, mp3's, drm, sniffers.. they arne't inherently evil. It's the usage and if they go against your morals, ethics and general desires, if they are good or not.

    Laws which put their use at all, as forbidden or not, is what should not be put into law. It's how they are used.

    --

    -
    ping -f 255.255.255.255 # if only

  3. This is what has made Linux successful, by Viperion · · Score: 5, Insightful

    It's Linus' optimism. See, RMS insists that if you don't tell people what they can't do with software, that they'll do the worst. Linus assumes that people will do whatever they feel like, and the more they can do, the better, because you can't easily stop a movement. You can stop a man.

    Go Linus. I'm not a DRM fan, but I am a fan of you ideology.

  4. Right tool for the job by October_30th · · Score: 5, Insightful
    On the whole, this is just another example of why rms calls me "just an engineer" and thinks I have no ideals.

    This is exactly why I like Linus. Unlike certain nutjobs, he's rational enought to know that one should always use the right tool for the job.

    When ideals get in the way of actually achieving your goals they are doing more harm than good for the cause.

    That comment made me wonder if RMS actually holds a grudge against Linus for not conforming to his standards of "purity".

    --
    The owls are not what they seem
    1. Re:Right tool for the job by IamTheRealMike · · Score: 5, Insightful
      Slow down there.

      RMS thinks in a different way to most of us. When he chooses a tool, he wants one that conforms to his ideals because he isn't just thinking about the next 5 minutes, he isn't interested in just solving this problem and moving on. He thinks a long way ahead.

      So when you offer him a proprietary piece of software, he won't use it, even if it's more convenient than what he already has. He believes that in the long term, it's the wrong tool for the job, because he takes into account things that to most people are entirely ethereal - things like what kind of society he wants to live in, the long term maintainability of the software, lack of vendor lock in and so on.

      I see way too many people slamming RMS for not being pragmatic enough. I think in reality he is very pragmatic, but with a different timeframe for his concerns to most people, leading them to view him as a "nutjob" or having "alien" thinking.

  5. I'm going to have to agree with him on this one by Hunts · · Score: 5, Insightful

    There is nothing horrible about the idea of DRM, its mearly what people are going to do with it. And before any blows my head, just remeber this is that same argument put forth to defend openbsd only yesterday( was it yesterday, I'm loosing track of time at the moment.)

    I like that I can trust software to be what it says it is, I think its a step in the right direction to protecting againt trojans etc..

    I dont want to be forced to do it though for every little thing that somebody thinks I need permission to run. If certain DRM can be applied to the linux kernal that make computing safer (and by that I mean actually safer, not MS safer or somebody else thinking their making me safer by imposing rules on me), then go right ahead.

    Just make sure I can remove it should I wish.

    --
    "Enlightenment is your ego's biggest disappointment." --Yoginanda