Microsoft Smartphone Code Signing and the GPL?

spacemonkey asks: "I am a professional developer, but in my spare time I have been developing games for the Microsoft Smartphone platform. Included in this work is a port of gnuboy a GPL gameboy colour emulator. Where does the GPL stand on the question of codesigning applications where required? Basically gnuboy is available, with full source for smartphone, however there are a large number of users out there who are unable/unwilling to remove the certification requirements from their smartphone devices, so to allow for these users, I need to sign the code. To enter into the code signing program will cost me approximately £500. I am interested in signing the application to make it available to a wider audience, however since I am not running a charity I was wondering whether charging some nominal fee for the code signed version was compatible with the GPL or not. So users would have an option on a signed version for less than £5, or an unsigned version free, which will include the full source code. Am I allowed to charge for GPL software in this way, where the charge is to cover the packaging of the application into a signed form?"

GPL says you can charge whatever you want

[ArmorFiend]

You can charge money for GPL software. You just have to make the source easily available. I think that would be covered by a URL in the about-box.

In fact, the signing works nicely in your favor, since nobody can undercut you on price. Or they can, but they too have to pay the L500, in which case they'd have to either 1) charge as much as you or 2) hate you enough to take an intentional loss. Both are a lot of hassel. Seems to me like you just win.

Re:GPL says you can charge whatever you want

[Tom7]

> In fact, the signing works nicely in your favor, since nobody can undercut you on price. Or they can, but they too have to
> pay the L500, ... or purchase a copy from him and then resell it!

Re:GPL says you can charge whatever you want

[ArmorFiend]

In fact, the signing works nicely in your favor, since nobody can undercut you on price. Or they can, but they too have to pay the L500, ... or purchase a copy from him and then resell it!

DOH!
LoL

Re:GPL says you can charge whatever you want

[SagSaw]

In fact, the signing works nicely in your favor, since nobody can undercut you on price. Or they can, but they too have to pay the L500, in which case they'd have to either 1) charge as much as you or 2) hate you enough to take an intentional loss. Both are a lot of hassel. Seems to me like you just win.

Not quite, unless I compleatly mis-understand the way this instance of code-signing works. Lets say that Bob has a piece of GPL'ed software avaiaible on his website. Bob makes three files availaible for download: a source tarball, a binary distribution, and a signed binary distribution. In order to cover the cost of code-signing, Bob requires a payment of $25 to download the signed version. Joe pays Bob $25 to download the signed binary. Now, as he is allowed to redistrute Bob's work under the GPL, Joe posts Bob's signed binary package on his own website and allows anyone to download it for free. Bob sees no further downloads of the $25 signed version and never re-coups the $500 it cost him to sign the code in the first place.

I can see two possible solutions for Bob:
1. Bob Obtain the software from the software's copyright holders under a licence which would allow Bob to prevent redistribution of the signed binary version.
2. Bob can write his own software and release the source and normal binary under the GPL, but release the signed binary under some other licence.

Source Code is the small charge

It's the Source Code you are only allowed to charge the reasonable 'media charge' for. The application itself you can charge anything you want. The idea of this is to prevent you from charging $5 for the Application, and $50,000 for the source... you know, open source and all.

Re:Source Code is the small charge

[Rick+the+Red]

What difference would it make? The source is useless unless they pay the L500 to get it signed.

Take up a collection

[moncyb]

Besides showing MS your middle finger (which I think you should do) or charging everyone money. Why not just ask interested people to donate money until you have enough to pay the fee? You are only interested in not having to pay the fee yourself, I believe this is a fair plan.

If you want to make money of the deal, the Street Performer Protocol may work for you. This will be less risky because you don't have to front the £500 yourself. Another guy has one called The Rational Street Performer Protocol if it suits your tastes better.

Re:Charging is okay, but...

[rpresser]

Yes, you're buying into an unfree platform. But you're doing it with free software. I think that feels more like shafting the bastards than ignoring the platform completely would.

"You think you can kill off free software by closing your standards? I'll prove you wrong. Free software can thrive even in an unfree environment. Like money, good software drives out bad."

I'd have paid your 500 pounds in full, myself, if it would have run on my wife's Nokia phone. Those games suck.

Remember: ''source'' is more than just the code

[Tom7]

The GPL defines the source as "the preferred form of the work for making modifications to it." If the work includes the signature and you don't plan on distributing the private key (or can't, because the signing authority won't give it to you) then you are probably in violation. This makes sense--if the platform *only* accepted signed binaries, then users would be unable to make modifications to the program, which is an important freedom that the GPL is intended to protect. You might be okay if the signature can somehow be separated from the GPL'd work, but that's probably not likely for these phone apps.

Aside from that, if you're looking to recoup your 500 pounds for the signing fee, you might also be in for trouble since once someone buys a single copy, he can legally put up his own web site giving it out for free.

Ransom License

[gehrehmee]

Sounds like a perfect job for the Ransom license: http://www.theoretic.com/Ransom

Joe is not able to release Bob's software...

[leonbrooks]

...at least not legally. Go read the EULA on the keys. Distributing the binary under the GPL requires shipping source, fine, but "mere aggregation" of the key does not force it under the GPL or grant Joe the right to redistribute the key.

This gets interesting for the GPL, since the key is not required to run the software on Microsoft-based phones (dial the emergency number, get a blue screen? ...or get a request for your serial number, can you remember all 20 digits?), there is no GPL requirement that Bob distribute the key. If the key was necessary, Bob could not distribute his signed app under the GPL (he would have to sual-licence it), since the key would otherwise form part of the source.

The bottom line is that Joe has to sign his own copy of app.

Sadly, this world contains enough dickheads that sooner or later, a Joe will appear on the scene. However, if we shut down the universe for fear of dickheads misusing their rights, the dickheads win (a pyrric victory, it's true, but probably a win in their eyes anyway).

Why?

[mike_sucks]

Look, I know this -2 (Offtopic, Troll) but why in god's name are you developing applications for Windows phones? You should be building apps for J2ME. *All* of the major phone manufacturers (Nokia, Sony-Ericsson, Motorola, Siemens, etc) are already supporting J2ME - I can't count the number of models of phones that support J2ME on both hands, but I can count the number of Windows phones with no hands.

Switching to J2ME also solves your code-signing issue; you don't have to sign your programs at all.

/mike