From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1Njgp9-00049F-8f for mharc-grub-devel@gnu.org; Mon, 22 Feb 2010 17:32:19 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1Njgp7-00047B-10 for grub-devel@gnu.org; Mon, 22 Feb 2010 17:32:17 -0500 Received: from [140.186.70.92] (port=51323 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Njgp5-00046j-O7 for grub-devel@gnu.org; Mon, 22 Feb 2010 17:32:16 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69) (envelope-from ) id 1Njgp4-000154-2g for grub-devel@gnu.org; Mon, 22 Feb 2010 17:32:15 -0500 Received: from nereid.marlboro.edu ([206.192.68.76]:40666) by eggs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Njgp3-00014q-V9 for grub-devel@gnu.org; Mon, 22 Feb 2010 17:32:14 -0500 Received: from [192.168.1.105] (unknown [71.10.224.192]) (Authenticated sender: idupree) by nereid.marlboro.edu (Postfix) with ESMTPSA id 3932F2341DA; Mon, 22 Feb 2010 17:31:38 -0500 (EST) Message-ID: <4B8305CF.8020009@isaac.cedarswampstudios.org> Date: Mon, 22 Feb 2010 17:31:43 -0500 From: Isaac Dupree User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.7) Gecko/20100120 Shredder/3.0.1 MIME-Version: 1.0 To: The development of GNU GRUB References: <2e59e6971002211238v48a08607rc4bec0c5b9ea88e5@mail.gmail.com> In-Reply-To: <2e59e6971002211238v48a08607rc4bec0c5b9ea88e5@mail.gmail.com> Content-Type: text/plain; charset=UTF-8; format=flowed X-Marlboro-Information: Please contact techsupport@marlboro.edu for more information X-Marlboro-MailScanner-ID: 3932F2341DA.A7403 X-Marlboro-MailScanner: clean X-Marlboro-SpamCheck: not spam, SpamAssassin (not cached, score=-2.91, required 5.5, autolearn=disabled, ALL_TRUSTED -1.80, BAYES_05 -1.11) X-Marlboro-MailScanner-From: ml@isaac.cedarswampstudios.org X-Marlboro-MailScanner-Watermark: 1267482702.29497@SHPZ6etN65Y58cY2CiW/MA Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3) Subject: Licensing Re: Lead-up message 'Welcome to GRUB!' ... X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: The development of GNU GRUB List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Feb 2010 22:32:17 -0000 On 02/21/10 15:38, richardvoigt@gmail.com wrote: > On Sun, Feb 21, 2010 at 4:00 AM, Robo L wrote: >> >> Hi all, >> >> Firstly I would like to thank everyone for the reply and Your time. >> >> I would like to clarify the issue. >> First I need to hide the very first Welcom message because I need to h= ide >> GRUB for other users of MS Windows on my PC. I need it only for myself= . > > I'm not entirely certain, but: > > (1) I think GRUB is licensed under GPLv3 or higher only yes > (2) GPLv3 covers what were considered to be loopholes in GPLv2 > (firmware enforced signature, software-as-a-service) > therefore well, GPLv3 is not identical to GPLv2, but I don't think the differences=20 are important to this issue. > (3) Your use of GRUB (copying it into the boot record) requires you to > provide your users with notice of their GPL rights to your version of > GRUB. No, I think it probably does not. Firstly, because Robo L may not be=20 "conveying" the program (see definition in GPLv3), and if not, cannot=20 possibly be violating GPLv3. http://www.fsf.org/licensing/licenses/gpl-faq.html#GPLRequireSourcePosted= Public Secondly, even if installing it to the hard disk of a computer that is=20 shared between you and other people (or other corporations) is=20 "conveying", GPLv3 Section 5 says, "d) If the work has interactive user=20 interfaces, each must display Appropriate Legal Notices; however, if the=20 Program has interactive interfaces that do not display Appropriate Legal=20 Notices, your work need not make them do so." I didn't check whether mainstream GRUB interaction displays Appropriate=20 Legal Notices. ("Welcome to GRUB!" is most certainly NOT an Appropriate=20 Legal Notice.) If it doesn't, you're free. If it does, I think you=20 still do not need to display Appropriate Legal Notices until=20 "interactive user interfaces" have been activated; say, by typing in the=20 secret code that activates them. In section 0. Definitions, "An=20 interactive user interface displays =E2=80=9CAppropriate Legal Notices=E2= =80=9D to the=20 extent that it includes a convenient and prominently visible feature=20 that [says it's GPLed, etc.]. If the interface presents a list of user=20 commands or options, such as a menu, a prominent item in the list meets=20 this criterion." I don't see "interactive user interfaces" defined=20 anywhere in the GPL or mentioned in GPL-FAQ, so I am hardly sure whether=20 a secret password-entry system that only interacts by secretly reading a=20 password (and then brings up the "real" interactive interface) would=20 count as an interactive interface in its own right that must tell the=20 user about itself even when they don't know the password... The=20 Affero-GPL is written with further language about interaction, but as I=20 guess that the normal GPL wouldn't make a GPL'd SSH server program have=20 to break the SSH protocol in order to fulfill Legal Notices, there must=20 be some limits on what is considered "interaction"... I doubt the GPL was written with surreptitious installation of software=20 on other people's computers in mind... well, maybe it was > > So one can hardly say that "another user on my PC not venture a guess > that there is a GRUB" if you are required to tell them that GRUB is > there and offer them the source code. > >> Richard: redirection is not good idea for me, becouse II need classica= l >> console. I wrote a module with hidden password (secret process - no re= sponse >> on console - silent) If match then redirect to boot linux. The nature = of the >> process is that another user on my PC not venture a guess that there i= s a >> GRUB and secound linux OS! > > Security through obscurity is never a good idea and especially not > when you have to give away the source code. You have to give the source code when requested, or distribute it=20 on-disk along with the binary... neither of which compromise security=20 here. It's not a secret algorithm; it's a secret that GRUB is there at=20 all. (GPLv3 section 5.d , if obeyed strictly, might break this secret --=20 but that is all). Depending what Robo L's threat model is, this "no messages until secret=20 code entered" may be sufficient security. Suppose it's to prevent other=20 people from giving Robo a hard time about using Linux (they'd never=20 suspect it in the first place! Or, they wouldn't mind terribly much if=20 they found out.). Or suppose it's part of spying on these people (and=20 getting caught means Robo runs away but has succeeded in doing some=20 spying in the meantime).