article on GPLv3, Linux kernel, and Devices Rigged to Malfunction

Alex Hudson home at
Tue Oct 24 13:27:09 UTC 2006

On Tue, 2006-10-24 at 13:36 +0100, Ciaran O'Riordan wrote:
> Alex Hudson <home at> writes:
> > I don't think anyone can sensibly argue
> > that the requirement to publicise a shared secret code/key is not a term
> > primarily concerned with post-violation compliance.
> I'd say it's primarily concerned with pre-distribution decision making.
> "Shall we tivoise?  Oh, looks like we can't."

It's a nice idea, but I don't buy it :)  "Shall we distribute source?
Oh, looks like we can't", if you see what I mean.

I'm sure there would be some proportion of people who choose against DRM
based on the fact that the new GPL contains provisions against it. I
just don't think they will be a large proportion.

People here seem to be really having trouble understanding what I'm
trying to get across, so I'm clearly not doing a very good job.

I'm not particularly worried for people complying with the GPLv3: if
they are complying, they clearly don't have an issue with the license
that is preventing them from using the software. I'm not making a
statement about free software developers, or whether or not a DRM clause
is a politically good thing.

I don't believe that someone intending to respect the GPLv3 would
intentionally develop a secret key system that they knew they would have
to reveal: sure, they could issue individual keys on each piece of
hardware, and stuff like that, but at the end of the day it gains them
naught. So, I don't believe that the authorisation clause has anything
to do with the free software environment per se, and I don't think I can
be convinced otherwise without evidence. It just doesn't make sense for
a developer to do that, and it's not the example the GPLv3 gives[*].

I do believe that it is highly relevant to someone who has been
distributing a piece of GPLv3 software in violation of the license. If
it has an authorisation system, it seems pretty clear to me that they
didn't intend to make it public (which means "to divulge to a customer"
or whoever, it doesn't matter). 

Now, one attitude is to say that they're a violator, therefore they got
themselves into trouble and they have to deal with it. Fair enough.
They've been caught, and it's their mess.

What I'm saying is that previously, GPL enforcement has relied primarily
on private agreements to correct violations in the past, and violators
have been brought into compliance. My worry with the authorisation
clause is that it could make it a lot more difficult to reach such a
private agreement, since people are less likely to want to reveal secret
keys than they are source code which they probably didn't write much of.
It would jeopardise whatever "security" or DRM system they have put in
place, which is a strong disincentive. 

If private agreements are more difficult to reach, that could mean more
lawsuits and less enforcement. That is what worries me.



[*] actually, the GPLv3 does give you an alternative: you can keep your
key secret so long as the key isn't in the code, and the recompiled
software can access the non-free DRM subsystem equivalently. But again
we're talking about people who aren't violating the GPL, which isn't a
concern to me, obviously.

More information about the Discussion mailing list