[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: code signing with foreign function interface?
From: |
joakim |
Subject: |
Re: code signing with foreign function interface? |
Date: |
Mon, 08 Mar 2010 08:41:08 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/23.1.90 (gnu/linux) |
address@hidden writes:
> David Kastrup <address@hidden> writes:
>
>> address@hidden writes:
>>
>>> - We don't necessarily need a complete secure infrastructure for
>>> this. A simple solution might be to check for the presence of a form
>>> of GNU license in binary form in the dll. This particular GNU license
>>> is itself protected by copyright and cannot be combined with other
>>> works without creating a derived work.
>>
>> Useless:
>>
>> Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>>
>> Everyone is permitted to copy and distribute verbatim copies
>> of this license document, but changing it is not allowed.
>>
>> So you can copy the license into any work you like. The presence of the
>> GPL as a binary blob is meaningless with regard to licensing. A book
>> may also print the GPL without becoming GPLed.
>>
>> The GPL becomes relevant only when it is made clear that the acquisition
>> of some software is governed by it. Its mere presence in some manner is
>> not more than a pointer. If it is needed as a key without legal
>> meaning, that use is perfectly covered by its license.
>
> Ok, I was unclear. I didn't mean that the GPL in itself would be used for
> this. I meant another new license, derived from the GPL, but specialized
> for this purpose, specifically avoiding the pitfall you describe.
>
> Maybe its still useless, but lets describe each step:
>
> - Define a copyrightable text that might also be used as a binary blob.
> this text has a license that allows it to be bundled with other GPL:ed
> binary blobs, such as GPL:ed dll:s. Since these dll:s are GPL:ed its ok
> to produce a new signed dll with the text in it.
>
> - Sign a dll with this text with some kind of signing tool. Maybe static
> linking will be enough.
>
> - Emacs FFI loads the dll and checks that the desired licensed text in
> binary form is present, and then proceeds to use the dll. If the text
> is not present, refuse to proceed.
Explaining this idea in technical terms wasnt incredibly
productive. Instead, lets ask this question:
- Emacs gets a new FFI facility. When this FFI facility tries to load a
dll the first time in a session, it asks the user if the dll has a
valid license.
That's all. No code signing, no nothing to further prevent the user from
making a mistake. Would this be enough for an Emacs FFI?
--
Joakim Verona
Re: code signing with foreign function interface?, Eli Zaretskii, 2010/03/07
Re: code signing with foreign function interface?, Richard Stallman, 2010/03/08
Re: code signing with foreign function interface?, Stefan Monnier, 2010/03/08