DRM et noyau Linux : la position de Linus Torvalds (en anglais)

Répondre
Partager Rechercher
Au moment où j'écris ces lignes, 891 posteurs se sont déjà exprimés sur Slashdot. Linus Torvalds vient de prendre position, avec prudence et réserve, sur l'intégration de DRM (Digital Rights Managements, la sous-couche qui pourrait être entre autres exploitée par l'ex-Palladium ou d'autres projets du même type) au noyau Linux. Sa position :

I want to make it clear that DRM is perfectly ok with Linux!

Etant donné l'importance de Linus, son post sera sûrement traduit en français dans les 24 heures. En attendant, le voici en anglais. Un assez bon exercice de diplomatie et de neutralité (au moins affectée) : Linus se compare même à Oppenheimer. Il assume néanmoins son opinion en indiquant à la fin que pour pour lui, le DRM devrait être intégré. Evidemment, chacun aura toujours la liberté de compiler un noyau sans le DRM. Mais rien ne s'oppose du point de vue licence à l'intégration.
Citation :
Ok, there's no way to do this gracefully, so I won't even try. I'm going to just hunker down for some really impressive extended flaming, and my asbestos underwear is firmly in place, and extremely uncomfortable.

I want to make it clear that DRM is perfectly ok with Linux!

There, I've said it. I'm out of the closet. So bring it on...

I've had some private discussions with various people about this already, and I do realize that a lot of people want to use the kernel in some way to just make DRM go away, at least as far as Linux is concerned. Either by some policy decision or by extending the GPL to just not allow it.

In some ways the discussion was very similar to some of the software patent related GPL-NG discussions from a year or so ago: "we don't like it, and we should change the license to make it not work somehow".

And like the software patent issue, I also don't necessarily like DRM myself, but I still ended up feeling the same: I'm an "Oppenheimer", and I refuse to play politics with Linux, and I think you can use Linux for whatever you want to - which very much includes things I don't necessarily personally approve of.

The GPL requires you to give out sources to the kernel, but it doesn't limit what you can _do_ with the kernel. On the whole, this is just another example of why rms calls me "just an engineer" and thinks I have no ideals.

[ Personally, I see it as a virtue - trying to make the world a slightly better place _without_ trying to impose your moral values on other people. You do whatever the h*ll rings your bell, I'm just an engineer who wants to make the best OS possible. ]

In short, it's perfectly ok to sign a kernel image - I do it myself indirectly every day through the kernel.org, as kernel.org will sign the tar-balls I upload to make sure people can at least verify that they came that way. Doing the same thing on the binary is no different: signing a binary is a perfectly fine way to show the world that you're the one behind it, and that _you_ trust it.

And since I can imaging signing binaries myself, I don't feel that I can disallow anybody else doing so.

Another part of the DRM discussion is the fact that signing is only the first step: _acting_ on the fact whether a binary is signed or not (by refusing to load it, for example, or by refusing to give it a secret key) is required too.

But since the signature is pointless unless you _use_ it for something, and since the decision how to use the signature is clearly outside of the scope of the kernel itself (and thus not a "derived work" or anything like that), I have to convince myself that not only is it clearly ok to act on the knowledge of whather the kernel is signed or not, it's also outside of the scope of what the GPL talks about, and thus irrelevant to the license.

That's the short and sweet of it. I wanted to bring this out in the open, because I know there are people who think that signed binaries are an act of "subversion" (or "perversion") of the GPL, and I wanted to make sure that people don't live under mis-apprehension that it can't be done.

I think there are many quite valid reasons to sign (and verify) your kernel images, and while some of the uses of signing are odious, I don't see any sane way to distinguish between "good" signers and "bad" signers.

Comments? I'd love to get some real discussion about this, but in the end I'm personally convinced that we have to allow it.

Btw, one thing that is clearly _not_ allowed by the GPL is hiding private keys in the binary. You can sign the binary that is a result of the build process, but you can _not_ make a binary that is aware of certain keys without making those keys public - because those keys will obviously have been part of the kernel build itself.

So don't get these two things confused - one is an external key that is applied _to_ the kernel (ok, and outside the license), and the other one is embedding a key _into_ the kernel (still ok, but the GPL requires that such a key has to be made available as "source" to the kernel).
Je trouve sa position pragmatique et respectueuse de l'esprit open source. Espérons que cela obligera les opposants au DRM les plus primaires et mal informés à s'intéresser d'un peu plus près à ses applications, bonnes ou mauvaises, au lieu de tout rejeter en bloc en hurlant au Big Brother.
Comme tu l'as dit, l'avantage avec Linux est que tu pourras trouver des noyaux sans DRM.
Je ne pense pas que Microsoft sortira 2 versions de windows (avec et sans) :-)
Citation :
Provient du message de bowakawa
Peux-tu expliquer en quelques mots ce qu'est le DRM ? *sort de sa caverne*
Une recherche sur la Taverne avec le mot clef Palladium t'amènera vers une flopée de threads expliquant tout ça.
Certe certe, mais il n'est toujours pas fait mention des organismes certificateurs utilisant les dites signatures de binaires. Le problème et la bigbrother mania ne vient pas d'ailleurs. La peur d'etre obligé de passer par un organisme centralisateur peu respectueux de la vie privée et bloquant l'utilisation privée de son ordinateur en retirant les droits d'administration sur son propre materiel. Linus ne fait que rappeler que les clefs de signature ne sont pas hors licence GPL, ce qui est une evidence pour toute personne prenant le temps de reflechir plus de quelques secondes, mais il esquive royalement le nerf du probleme.
Message supprimé par son auteur.
Répondre

Connectés sur ce fil

 
1 connecté (0 membre et 1 invité) Afficher la liste détaillée des connectés