emacs-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: code signing with foreign function interface?


From: joakim
Subject: Re: code signing with foreign function interface?
Date: Sun, 07 Mar 2010 18:05:18 +0100
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/23.1.90 (gnu/linux)

David Kastrup <address@hidden> writes:

> address@hidden writes:
>
>> - We don't necessarily need a complete secure infrastructure for
>> this. A simple solution might be to check for the presence of a form
>> of GNU license in binary form in the dll. This particular GNU license
>> is itself protected by copyright and cannot be combined with other
>> works without creating a derived work.
>
> Useless:
>
>      Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
>      Everyone is permitted to copy and distribute verbatim copies
>      of this license document, but changing it is not allowed.
>
> So you can copy the license into any work you like.  The presence of the
> GPL as a binary blob is meaningless with regard to licensing.  A book
> may also print the GPL without becoming GPLed.
>
> The GPL becomes relevant only when it is made clear that the acquisition
> of some software is governed by it.  Its mere presence in some manner is
> not more than a pointer.  If it is needed as a key without legal
> meaning, that use is perfectly covered by its license.

Ok, I was unclear. I didn't mean that the GPL in itself would be used for
this. I meant another new license, derived from the GPL, but specialized
for this purpose, specifically avoiding the pitfall you describe.

Maybe its still useless, but lets describe each step:

- Define a copyrightable text that might also be used as a binary blob.
this text has a license that allows it to be bundled with other GPL:ed
binary blobs, such as GPL:ed dll:s. Since these dll:s are GPL:ed its ok
to produce a new signed dll with the text in it.

- Sign a dll with this text with some kind of signing tool. Maybe static
  linking will be enough.

- Emacs FFI loads the dll and checks that the desired licensed text in
  binary form is present, and then proceeds to use the dll. If the text
  is not present, refuse to proceed.

-- 
Joakim Verona




reply via email to

[Prev in Thread] Current Thread [Next in Thread]