Yet another, but a good one

Story: Views on the GPLv3 hoo-harTotal Replies: 10
Author Content
jimf

Sep 30, 2006
3:50 PM EDT
It seems that the issues of GPLv3 have brought everyone and his brother out of the woodwork. Most of these are pretty much rehashes of what's already been discussed on this site, but I'm seeing a few new bits of information emerging.

This one is notable in giving the clearest and most knowledgeable reasons to date against DRM restriction inclusion in GPL. It's very clear on why Torvalds needs to avoid it in the kernels.

The more I see of this, The more I think that DRM restriction will actually do more to harm than good to the user freedoms that GPL attempts to defend.
Sander_Marechal

Oct 03, 2006
3:15 PM EDT
I recently thought up a very good reason that such DRM should not be added to GPLv3: voting machines. You really want those things digitally signed and DRM'ed in the same way Tivo signs their software. Cf the Diebold debacle and the requirements that voting machine software should be scrutinized to the max (and is thus a prime candidate for open source software).

Unless someone can draft me a clear way how/why Tivo's should be banned from Free Software land but not voting machines, I'm not going to consider it anymore. I'm actually contemplating making my software GPLv2 only. At least untill I have proof v3 is better.
jdixon

Oct 03, 2006
5:16 PM EDT
Sander:

Remember that the GPL version 3 gives the owner the right to modify the code. The owner of the voting machines is the local government body handling the election. They're not going to want to change the code (except possibly for security patches), so you're object is rather beside the point. And suppose there is a known security hole which the device manufacturer refuses to fix. Would you want the government agency responsible for handling the election to be unable to install a thrid party fix because they didn't have the necessary keys?
jimf

Oct 03, 2006
6:33 PM EDT
The Government should be able to (and should) demand a open hardware spec.
jdixon

Oct 03, 2006
7:38 PM EDT
Jimf:

I'd argue that both the hardware and software should be open. Nothing else will ensure a fair election which can be trusted by everyone.
jimf

Oct 03, 2006
8:02 PM EDT
> I'd argue that both the hardware and software should be open.

Exactly, but it's a good example of how to do it right... i.e. without GPLv3.
galeru

Oct 03, 2006
8:09 PM EDT
Then, how would you suggest going about it? I'm sure that the legislature that commissions the voting machines will say they only want approved software running on it, eg. no tetris =(. Currently, the only way to do that is with DRM. Seems to me like v3 is the best way to have the state delegates happy, while still making the software open in the most free sense of the word.
jimf

Oct 03, 2006
8:46 PM EDT
Untrue. The Government simply specifies the hardware to be a published spec and that the software needs to be the same (preferably GPLv2). Then just ask for bids, SOP. Government buying power is so enormous that no company is going to object. Once a company has met the spec they have a solid market.

Note that this is going to have to be a National specification standard if it's to work in any case.
Sander_Marechal

Oct 03, 2006
10:13 PM EDT
jdixon: the voting machines may be owned by the government but they will most certainly not be produced or programmed by the government. I would just love for some FLOSS company to start up and design a fully open voting machine system. GPLv3's anti-DRM would make this impossible (or at least a lot harder - you'd have to design a fully secure, upgradable system that does not employ DRM. Good luck).

There is a way around this, but it's the same loophole that allows Tivo to go on after GPLv3: the end-user needs to install the DRM himself. For voting machines that means that the government would do the signing. For Tivo it means that a Tivo box would not come with all software required and that it would be remotely signed when first connecting to the Tivo online service instead of at the factory.
jdixon

Oct 04, 2006
6:26 AM EDT
> For voting machines that means that the government would do the signing.

Isn't that what you would want? Do you really want a private company controlling the keys to your elections?
Sander_Marechal

Oct 04, 2006
6:47 AM EDT
Good point, but do you trust that the version that the programmers published is the version that the government signed and installed? This too should be verifyable by the public without handing the private key to the public. Not sure how that could work. I don't get much furter than Alice and Bob in cryptography.

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!