From: Mike Frysinger <vapier@gentoo.org>
To: u-boot@lists.denx.de
Subject: [U-Boot] U-book and GPLv3? (fwd)
Date: Thu, 25 Jun 2009 09:53:32 -0400 [thread overview]
Message-ID: <200906250953.33361.vapier@gentoo.org> (raw)
In-Reply-To: <m28wjgefrs.fsf@ohwell.denx.de>
On Thursday 25 June 2009 07:04:07 Detlev Zundel wrote:
> >> >> > but when customers absolutely state their requirements are secure
> >> >> > boot and the ability to lock their hardware so no one else can run
> >> >> > things, then i'm not about to argue with them. their response is
> >> >> > simply "fine, we'll move on to the next guy who will satisfy our
> >> >> > requirements".
> >> >>
> >> >> It is your decision if you don't want to even understand your
> >> >> customers needs.
> >> >
> >> > wrong, we've actually done the opposite. we know what they want to do
> >> > and it is doable with GPLv2. it is not doable with GPLv3.
> >>
> >> From what I read, I do not get this impression. "Locking people out" is
> >> not a ulterior motive but the outcome of a perceived threat to a
> >> business model. It was this business model that I wanted to get a clear
> >> picture of. It seems I cannot get any more informatino here.
> >
> > locking down a machine is part of due diligence as well when it comes to
> > certification. not taking measures to prevent uncertified code from
> > running is a legal liability for companies.
>
> An aircraft is also a certified product - won't you think? Do you
> believe that an airline carrier ships its planes to the manufacturer if
> they need to replace a screw? Obviously there must be ways to ensure
> certification even in such cases. Why should those methods not be
> applicable to other fields as well?
>
> It is this "certification is only possible like we say" attitude which I
> seriously question.
whether you question this attitude doesnt matter. you arent a lawyer in
general, you arent a lawyer for these companies, and you arent indemnifying
them. their legal review says that it's a requirement, so it is now a
requirement for the software. anything beyond that is irrelevant.
> >> >> > they arent generally trying to lock out people who just want to
> >> >> > toy, they're targeting people who want to clone their hardware or
> >> >> > functionality to create knockoffs or they're trying to guarantee
> >> >> > lock down so they can get certified (like medical devices).
> >> >>
> >> >> How does GPLv3 vs. GPLv2 touch the "we will get cloned" question?
> >> >> Maybe I do not see the obvious here, but sourcecode to binaries under
> >> >> either license must be available, so what's the difference?
> >> >
> >> > if you dont have the decryption keys, you cant read the end program.
> >> > having access to the u-boot source doesnt matter.
> >>
> >> Having access to the physical device will. How long do you think will
> >> it take to get broken into? Unfortunately physics do not follow wishes
> >> of companies as seen over and over in the past.
> >
> > and companies understand that. i never said locking the device is a 100%
> > guarantee to prevent cloning -- nothing in life is 100%. it does however
> > significantly make it harder to reverse engineer a black box that is
> > wiggling pins than it is to disassemble code and memory. the companies i
> > work with are concerned with delaying clones for most of that product
> > generation's life span, not eternity. if the clone comes in after the
> > company has gotten their fair share out of it, then that's fine by them.
> > clones are an unfortunate aspect of commercial life. without the secure
> > boot aspect, people are able to create knockoffs with enough turn around
> > time to do quite a bit of damage to the product's life span.
>
> It's not the first time I hear this mantra. Can you give me some facts
> to back this up?
i dont know what kind of "facts" you're looking for. i didnt make this
scenario up, it was described to me by a customer in the US and their
experience with Chinese cloners. i'm not going to give customer information
or name names if that's what you want.
-mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
Url : http://lists.denx.de/pipermail/u-boot/attachments/20090625/5288a36d/attachment.pgp
next prev parent reply other threads:[~2009-06-25 13:53 UTC|newest]
Thread overview: 174+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <E1MHHUe-00046l-SR@fencepost.gnu.org>
2009-06-18 14:51 ` [U-Boot] U-book and GPLv3? (fwd) Wolfgang Denk
2009-06-18 15:42 ` Mike Frysinger
2009-06-18 15:46 ` Jean-Christophe PLAGNIOL-VILLARD
2009-06-18 15:56 ` Jon Smirl
2009-06-19 8:30 ` Detlev Zundel
2009-06-19 0:46 ` Jerry Van Baren
2009-06-19 22:18 ` Richard Stallman
2009-06-23 16:33 ` Detlev Zundel
2009-06-23 19:26 ` Scott Wood
2009-06-23 19:41 ` Mike Frysinger
2009-06-23 21:14 ` Jean-Christophe PLAGNIOL-VILLARD
2009-06-24 9:17 ` Detlev Zundel
2009-06-24 14:16 ` Matthew Lear
2009-06-24 16:45 ` Detlev Zundel
2009-06-24 17:41 ` Mike Frysinger
2009-06-25 11:22 ` Detlev Zundel
2009-06-25 13:56 ` Mike Frysinger
2009-06-25 14:11 ` Detlev Zundel
2009-06-25 0:59 ` Richard Stallman
2009-06-25 9:55 ` Thomas Doerfler
2009-06-25 23:29 ` Richard Stallman
2009-06-26 0:17 ` Mike Frysinger
2009-06-27 20:07 ` Richard Stallman
2009-06-26 6:11 ` Thomas Doerfler
2009-06-25 14:00 ` Mike Frysinger
2009-06-25 15:38 ` ksi at koi8.net
2009-06-25 16:07 ` Jean-Christian de Rivaz
2009-06-25 16:39 ` ksi at koi8.net
2009-06-25 19:10 ` Jean-Christian de Rivaz
2009-06-25 19:38 ` ksi at koi8.net
2009-06-25 20:22 ` Jean-Christian de Rivaz
2009-06-25 20:45 ` ksi at koi8.net
2009-06-25 21:44 ` Jean-Christian de Rivaz
2009-06-25 22:11 ` ksi at koi8.net
2009-06-26 9:03 ` Jean-Christian de Rivaz
2009-06-26 4:50 ` Richard Stallman
2009-06-26 21:35 ` Richard Stallman
2009-06-25 0:59 ` Richard Stallman
2009-06-25 21:24 ` Jean-Christophe PLAGNIOL-VILLARD
2009-06-26 4:50 ` Richard Stallman
2009-06-26 7:22 ` Jean-Christophe PLAGNIOL-VILLARD
2009-06-26 12:10 ` Detlev Zundel
2009-06-27 9:01 ` Thomas Doerfler
2009-06-28 20:28 ` Richard Stallman
2009-06-29 7:05 ` Thomas Doerfler
2009-06-27 9:03 ` Thomas Doerfler
2009-06-26 21:35 ` Richard Stallman
2009-06-27 19:05 ` Jean-Christophe PLAGNIOL-VILLARD
2009-06-28 20:28 ` Richard Stallman
2009-06-24 9:12 ` Detlev Zundel
2009-06-24 11:43 ` Mike Frysinger
2009-06-24 13:17 ` Detlev Zundel
2009-06-24 14:38 ` Mike Frysinger
2009-06-24 16:34 ` Detlev Zundel
2009-06-24 16:57 ` Scott Wood
2009-06-25 12:30 ` Richard Stallman
2009-06-25 19:40 ` Scott Wood
2009-06-24 17:32 ` Mike Frysinger
2009-06-25 11:04 ` Detlev Zundel
2009-06-25 13:53 ` Mike Frysinger [this message]
2009-06-25 14:20 ` Detlev Zundel
2009-06-25 14:37 ` Mike Frysinger
2009-06-26 8:25 ` Detlev Zundel
2009-06-26 13:41 ` Mike Frysinger
2009-06-26 13:56 ` Detlev Zundel
2009-06-26 14:17 ` Mike Frysinger
2009-06-26 15:11 ` Detlev Zundel
2009-06-26 16:23 ` Mike Frysinger
2009-06-25 14:41 ` Detlev Zundel
2009-06-25 18:37 ` Mike Frysinger
2009-06-26 8:21 ` Detlev Zundel
2009-06-26 13:48 ` Mike Frysinger
2009-06-29 15:17 ` Robin Getz
2009-06-29 18:48 ` Richard Stallman
2009-06-29 19:45 ` Robin Getz
2009-06-30 14:04 ` Richard Stallman
2009-06-30 17:14 ` Robin Getz
2009-06-30 19:12 ` Richard Stallman
2009-06-30 22:29 ` Robin Getz
2009-07-01 11:46 ` Richard Stallman
2009-07-01 13:11 ` Graeme Russ
2009-07-01 13:55 ` Jerry Van Baren
2009-07-01 14:51 ` Robin Getz
2009-07-02 8:35 ` Pink Boy
2009-07-02 13:56 ` Richard Stallman
2009-07-02 14:59 ` Robin Getz
2009-07-02 16:11 ` Larry Johnson
2009-07-02 17:12 ` Robin Getz
2009-07-02 22:34 ` Pink Boy
2009-07-02 17:21 ` Jean-Christian de Rivaz
2009-07-03 13:48 ` Richard Stallman
2009-07-01 5:58 ` Thomas Dörfler
2009-07-02 13:56 ` Richard Stallman
2009-07-02 14:44 ` Jon Smirl
2009-07-02 16:06 ` Mike Frysinger
2009-07-03 13:47 ` Richard Stallman
2009-07-03 15:51 ` [U-Boot] U-boot " Wolfgang Wegner
2009-07-03 22:52 ` Richard Stallman
2009-07-04 0:29 ` [U-Boot] U-book " Jon Smirl
2009-07-06 18:04 ` Scott Wood
2009-06-30 19:12 ` Richard Stallman
2009-06-30 21:01 ` Robin Getz
2009-07-01 11:45 ` Richard Stallman
2009-07-01 14:27 ` Robin Getz
2009-07-02 13:56 ` Richard Stallman
2009-06-30 19:12 ` Richard Stallman
2009-06-30 22:46 ` Robin Getz
2009-07-01 11:45 ` Richard Stallman
2009-06-25 23:29 ` Richard Stallman
2009-06-26 0:02 ` Mike Frysinger
2009-06-27 20:07 ` Richard Stallman
2009-06-28 18:48 ` Mike Frysinger
2009-06-25 0:59 ` Richard Stallman
2009-06-25 3:35 ` Mike Frysinger
2009-06-25 16:48 ` Chris Morgan
2009-06-25 19:25 ` Scott Wood
2009-06-24 9:09 ` Detlev Zundel
2009-06-24 16:24 ` Scott Wood
2009-06-24 16:36 ` Jon Smirl
2009-06-24 16:56 ` Detlev Zundel
2009-06-24 19:16 ` Jon Smirl
2009-06-25 11:25 ` Detlev Zundel
2009-06-25 10:48 ` Detlev Zundel
2009-06-25 0:58 ` Richard Stallman
2009-06-24 17:16 ` Grant Likely
2009-06-25 0:59 ` Richard Stallman
[not found] ` <fa686aa40906181853g3ce4ebeagc7b7cc93010a6a9c@mail.gmail.com>
2009-06-19 1:53 ` Grant Likely
2009-06-19 8:40 ` Detlev Zundel
2009-06-25 14:11 ` Mike Frysinger
2009-06-27 20:18 ` Jean-Christophe PLAGNIOL-VILLARD
2009-06-27 22:50 ` ksi at koi8.net
2009-06-29 14:56 ` Arno Fischer
2009-06-29 15:27 ` Frank Svendsbøe
2009-06-29 16:00 ` Mike Frysinger
2009-06-29 16:33 ` Detlev Zundel
2009-07-07 11:51 ` Haavard Skinnemoen
2009-07-07 13:12 ` Wolfgang Denk
2009-07-07 13:50 ` Haavard Skinnemoen
2009-07-07 14:43 ` Wolfgang Denk
2009-07-07 15:18 ` Haavard Skinnemoen
2009-07-07 15:28 ` Jon Smirl
2009-07-07 16:26 ` Wolfgang Denk
2009-06-25 18:46 ` Thomas Doerfler
2009-06-25 18:52 ` ksi at koi8.net
2009-06-25 19:04 ` Mike Frysinger
2009-06-30 2:03 ` Jerry Van Baren
2009-06-30 14:05 ` Richard Stallman
2009-06-30 14:16 ` Jerry Van Baren
2009-06-30 14:30 ` Detlev Zundel
2009-06-30 15:11 ` Eric Nelson
2009-06-30 19:12 ` Richard Stallman
2009-06-30 17:07 ` Scott Wood
2009-07-01 0:01 ` Jerry Van Baren
2009-07-06 10:55 ` [U-Boot] U-book and GPLv3? Wolfgang Denk
2009-07-06 12:41 ` Jon Smirl
2009-07-06 14:40 ` Wolfgang Denk
2009-07-06 16:06 ` ksi at koi8.net
2009-07-07 10:05 ` Richard Stallman
2009-07-07 16:50 ` Scott Wood
2009-07-06 15:44 ` Jerry Van Baren
2009-07-06 18:46 ` Wolfgang Denk
2009-07-07 19:16 ` Remy Bohmer
2009-07-07 21:17 ` Wolfgang Denk
2009-07-07 10:05 ` Richard Stallman
2009-07-07 13:24 ` Robin Getz
2009-07-07 20:07 ` Remy Bohmer
2009-07-07 21:24 ` Wolfgang Denk
2009-07-09 16:10 ` Kumar Gala
2009-07-09 17:54 ` Mike Frysinger
2009-07-09 18:01 ` Kumar Gala
2009-07-09 19:49 ` Remy Bohmer
2009-07-09 20:26 ` Mike Frysinger
2009-07-10 12:49 ` Robert Schwebel
2009-07-09 20:04 ` Wolfgang Denk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200906250953.33361.vapier@gentoo.org \
--to=vapier@gentoo.org \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox