|
Authored by: jbb on Wednesday, July 04 2012 @ 03:12 PM EDT |
Shuttleworth is quoted saying:
but in the event that a manufacturer
makes a mistake and delivers a locked-down system with a GRUB 2 image signed by
the Ubuntu key, we have not been able to find legal guidance that we wouldn't
then be required by the terms of the GPLv3 to disclose our private key in order
that users can install a modified boot loader.
As the GP already
indicated, upstream cannot be held responsible for actions taken downstream.
The GP used an example of making modifications. The same principle holds true
for Shuttleworth's example. If his notion were true then it would be impossible
for GPL3 creators to ever digital sign their releases without great risk of
violating the GPL3. One malicious person downstream could force disclosure of
the private signing key.
--- Our job is to remind ourselves that
there are more contexts
than the one we’re in now — the one that we think is reality.
-- Alan Kay [ Reply to This | Parent | # ]
|
|
|
|
|