Slashdot Mirror
Linus on DRM
Thread on LKML:
Date: Wed, 23 Apr 2003 20:59:45 -0700 (PDT)
From: Linus Torvalds
To: Kernel Mailing List
Subject: Flame Linus to a crisp!
Ok,
there's no way to do this gracefully, so I won't even try. I'm going to
just hunker down for some really impressive extended flaming, and my
asbestos underwear is firmly in place, and extremely uncomfortable.
I want to make it clear that DRM is perfectly ok with Linux!
There, I've said it. I'm out of the closet. So bring it on...
I've had some private discussions with various people about this already,
and I do realize that a lot of people want to use the kernel in some way
to just make DRM go away, at least as far as Linux is concerned. Either by
some policy decision or by extending the GPL to just not allow it.
In some ways the discussion was very similar to some of the software
patent related GPL-NG discussions from a year or so ago: "we don't like
it, and we should change the license to make it not work somehow".
And like the software patent issue, I also don't necessarily like DRM
myself, but I still ended up feeling the same: I'm an "Oppenheimer", and I
refuse to play politics with Linux, and I think you can use Linux for
whatever you want to - which very much includes things I don't necessarily
personally approve of.
The GPL requires you to give out sources to the kernel, but it doesn't
limit what you can _do_ with the kernel. On the whole, this is just
another example of why rms calls me "just an engineer" and thinks I have
no ideals.
[ Personally, I see it as a virtue - trying to make the world a slightly
better place _without_ trying to impose your moral values on other
people. You do whatever the h*ll rings your bell, I'm just an engineer
who wants to make the best OS possible. ]
In short, it's perfectly ok to sign a kernel image - I do it myself
indirectly every day through the kernel.org, as kernel.org will sign the
tar-balls I upload to make sure people can at least verify that they came
that way. Doing the same thing on the binary is no different: signing a
binary is a perfectly fine way to show the world that you're the one
behind it, and that _you_ trust it.
And since I can imaging signing binaries myself, I don't feel that I can
disallow anybody else doing so.
Another part of the DRM discussion is the fact that signing is only the
first step: _acting_ on the fact whether a binary is signed or not (by
refusing to load it, for example, or by refusing to give it a secret key)
is required too.
But since the signature is pointless unless you _use_ it for something,
and since the decision how to use the signature is clearly outside of the
scope of the kernel itself (and thus not a "derived work" or anything like
that), I have to convince myself that not only is it clearly ok to act on
the knowledge of whather the kernel is signed or not, it's also outside of
the scope of what the GPL talks about, and thus irrelevant to the license.
That's the short and sweet of it. I wanted to bring this out in the open,
because I know there are people who think that signed binaries are an act
of "subversion" (or "perversion") of the GPL, and I wanted to make sure
that people don't live under mis-apprehension that it can't be done.
I think there are many quite valid reasons to sign (and verify) your
kernel images, and while some of the uses of signing are odious, I don't
see any sane way to distinguish between "good" signers and "bad" signers.
Comments? I'd love to get some real discussion about this, but in the end
I'm personally convinced that we have to allow it.
Btw, one thing that is clearly _not_ allowed by the GPL is hiding private
keys in the binary. You can sign the binary that is a result of the build
process, but you can _not_ make a binary that is aware of certain keys
without making those keys public - because those keys will obviously have
been part of the kernel build itself.
So don't get these two things confused - one is an external key that is
applied _to_ the kernel (ok, and outside the license), and the other one
is embedding a key _into_ the kernel (still ok, but the GPL requires that
such a key has to be made available as "source" to the kernel).
Linus
Oh Linus, we love you!
anon anon onan
KC's crack that is......
What Would Natalie Portman, Naked and Petrified, Do?
What Would Natalie Portman, Napalmed and Perforated, Do?
I'm an "Oppenheimer", and I refuse to play politics with Linux, and I think you can use Linux for whatever you want to - which very much includes things I don't necessarily
personally approve of.
It's nice to see that Linus has his priorities in the right place. Too bad others can't follow his example. *cough* SCO *cough*
Oh my God! A community-dupe!
thanks, now we have it on /. twice.
lol
This is getting ridiculous. I know that everybody doesn't always read the linked stories, or even the whole write ups. But could we at least try to get as far as the second sentence before commenting? And besides, what possible point could there be to karmawhoring as an AC?
"If you think education is expensive, try ignorance" - Derek Bok
In this day and age, whoring Karma on Slashdot is easier than ever. With more moderators and a lower signal to noise ratio (If you don't know what that means, don't worry!) means that Karma can easily be gained by following a few simple rules when you are carefully crafting your Slashdot post.
- Vaguely mention the DMCA. It doesn't matter what the topic of discussion is, those four magic letters glow like a beacon to any moderator with points.
- You can get double points if you spell the acronym as DCMA throughout your post. This is especially effective if you're replying to someone who has just used the correct acronym in their post.
- MPAA and RIAA are another pair of gems. Use the phrase "RIAA/MPAA" in every post you make, and that Karma will flow!
- Always confuse the two. Complain loudly about the MPAA suing over MP3 downloads, or the RIAA trying to stop you from downloading DeCSS.
- Don't bother to understand the difference between Patents, Copyrights and Trademarks. If the topic of discussion is about patents, claim that "this wouldn't have happened before the DCMA" (See above)
- Always remember, It's Microsofts Fault! Try to craft vague conspiracy theories that include Microsoft.
- Spell it "Micro$oft" or "M$". Moderators will lap it up.
- If all else fails, blame the Government. Do not at any cost attempt to understand basic politics, as that will make you look opinionated. Just blame the current political leaders.
- Likewise, blame the French. Double points if you use the phrase "Cheese eating surrender monkeys".
- If you're loosing the argument, start a flamewar about the war with Iraq. Accuse the other party of being French, or "a pinko commie"(See above).
- Claim that you only download stuff using P2P to "try before you buy".
- Start a flamewar by claiming that "Piracy isn't theft". Violently flame anybody who dares to disagree with you.
- Double points if you attempt to defend your position by stating that you "wouldn't have paid for it anyway, so they haven't lost a sale".
- The Iraqi Information Minister was funny, wasn't he? Your post should be like one of his speeches. It'll be funny.
- Ensure your sig has a Karma joke in it. You know the ones, something like "Karma: Bogus!" Ensure you retype your sig every time you post a comment; double sigs look cool and you wouldn't want the people who have sigs disabled to miss out, would you?
- Remember! Never, ever read the related article or any background information before you state your opinions. You're too busy to do that, and its not like the moderators will notice either!
Good luck! Within no time at all, your Karma will be Excellent!Religion needs to be abolished.