Microsoft Smartphone Code Signing and the GPL?

spacemonkey asks: "I am a professional developer, but in my spare time I have been developing games for the Microsoft Smartphone platform. Included in this work is a port of gnuboy a GPL gameboy colour emulator. Where does the GPL stand on the question of codesigning applications where required? Basically gnuboy is available, with full source for smartphone, however there are a large number of users out there who are unable/unwilling to remove the certification requirements from their smartphone devices, so to allow for these users, I need to sign the code. To enter into the code signing program will cost me approximately £500. I am interested in signing the application to make it available to a wider audience, however since I am not running a charity I was wondering whether charging some nominal fee for the code signed version was compatible with the GPL or not. So users would have an option on a signed version for less than £5, or an unsigned version free, which will include the full source code. Am I allowed to charge for GPL software in this way, where the charge is to cover the packaging of the application into a signed form?"

Remember: ''source'' is more than just the code

[Tom7]

The GPL defines the source as "the preferred form of the work for making modifications to it." If the work includes the signature and you don't plan on distributing the private key (or can't, because the signing authority won't give it to you) then you are probably in violation. This makes sense--if the platform *only* accepted signed binaries, then users would be unable to make modifications to the program, which is an important freedom that the GPL is intended to protect. You might be okay if the signature can somehow be separated from the GPL'd work, but that's probably not likely for these phone apps.

Aside from that, if you're looking to recoup your 500 pounds for the signing fee, you might also be in for trouble since once someone buys a single copy, he can legally put up his own web site giving it out for free.

Re:GPL says you can charge whatever you want

[Tom7]

> In fact, the signing works nicely in your favor, since nobody can undercut you on price. Or they can, but they too have to
> pay the L500, ... or purchase a copy from him and then resell it!

Ransom License

[gehrehmee]

Sounds like a perfect job for the Ransom license: http://www.theoretic.com/Ransom

Re:Source Code is the small charge

[Rick+the+Red]

What difference would it make? The source is useless unless they pay the L500 to get it signed.

Joe is not able to release Bob's software...

[leonbrooks]

...at least not legally. Go read the EULA on the keys. Distributing the binary under the GPL requires shipping source, fine, but "mere aggregation" of the key does not force it under the GPL or grant Joe the right to redistribute the key.

This gets interesting for the GPL, since the key is not required to run the software on Microsoft-based phones (dial the emergency number, get a blue screen? ...or get a request for your serial number, can you remember all 20 digits?), there is no GPL requirement that Bob distribute the key. If the key was necessary, Bob could not distribute his signed app under the GPL (he would have to sual-licence it), since the key would otherwise form part of the source.

The bottom line is that Joe has to sign his own copy of app.

Sadly, this world contains enough dickheads that sooner or later, a Joe will appear on the scene. However, if we shut down the universe for fear of dickheads misusing their rights, the dickheads win (a pyrric victory, it's true, but probably a win in their eyes anyway).