Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756339AbXFOEXu (ORCPT ); Fri, 15 Jun 2007 00:23:50 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1751300AbXFOEXn (ORCPT ); Fri, 15 Jun 2007 00:23:43 -0400 Received: from smtp2.linux-foundation.org ([207.189.120.14]:43517 "EHLO smtp2.linux-foundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751292AbXFOEXm (ORCPT ); Fri, 15 Jun 2007 00:23:42 -0400 Date: Thu, 14 Jun 2007 21:23:04 -0700 (PDT) From: Linus Torvalds To: Michael Poole cc: Daniel Hazelton , Alexandre Oliva , Lennart Sorensen , Greg KH , debian developer , "david@lang.hm" , Tarkan Erimer , linux-kernel@vger.kernel.org, Andrew Morton , mingo@elte.hu Subject: Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3 In-Reply-To: <874pl928r6.fsf@graviton.dyn.troilus.org> Message-ID: References: <200706142049.41819.dhazelton@enter.net> <87fy4u0xty.fsf@graviton.dyn.troilus.org> <200706142246.57583.dhazelton@enter.net> <878xal2a0q.fsf@graviton.dyn.troilus.org> <874pl928r6.fsf@graviton.dyn.troilus.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=us-ascii Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1523 Lines: 36 On Thu, 14 Jun 2007, Michael Poole wrote: > > If the signature is one that serves to indicate origin, to detect > tampering, or the other things you mentioned, the program's binary is > useful when separated from the signature. My objection arises when a > functionally equivalent binary -- including advertised functions such > as "runs on platform XYZ" -- cannot be produced from the distributed > source code. Ahh. Ok, that's a totally different issue, and is one where I heartily agree with you. I would actually *love* for the GPL (any version) to have a "guarantee of authenticity", where if you distribute a binary, there has to be some documented way to get *exactly* that binary out of the source code that got distributed. Of course, SHA1's can be used to verify that, although, quite frankly, I'd expect that a simple "cmp" would be the more straightforward approach. So the "verification" can be used both to lock down a particular binary _and_ to authenticate that the binary really came from the source code it was claimed to come from. Of course, in practice, it's actually really nasty to do that verification. Many compilers actually do things like insert date-stamps in the object files etc. So it's probably not all that practical. Linus - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/