|
Linux leader attacks "anti-DRM" GPL |
|
|
|
|
Monday, 06 February 2006 |
Provisions against digital rights management (DRM) in a draft update to the General Public Licence (GPL) could undermine computer security, Linus Torvalds said this week in emails reflecting the Linux leaders pragmatic philosophy.
Torvalds said in a posting on Wednesday to the Linux kernel mailing list: "I think a lot of people may find that the GPLv3 anti-DRM measures arent all that wonderful after all. Digital signatures and cryptography arent just bad DRM. They very much are good security too."
The Free Software Foundation (FSF) is in the process of revising the GPL, a seminal document that not only governs thousands of open source projects but also functions as the constitution of the free software movement.
Torvalds gave some examples of areas where he believes its appropriate for secret digital keys to be used to sign software, or for a computer to run only software versions that have this digital signature to assure theyre authorised.
A company might want to distribute a Linux version that loads only kernel modules that have been signed, for example. Or they may want one that marks the kernel as "tainted" if it loads unsigned modules, Torvalds said.
He added: "The current GPLv3 draft pretty clearly says that Red Hat would have to distribute their private keys, so that anybody can sign their own versions of the modules they recompile, in order to re-create their own versions of the signed binaries that Red Hat creates. Thats insane."
In January, Torvalds said he plans to keep the Linux kernel under the current version 2 of the GPL. That was seen as something of a rebuff to the FSF and its president, Richard Stallman.
The foundation added the anti-DRM provision in part so companies such as TiVo wouldnt be able to continue their current practice of using only authorised versions of Linux. The move restricts software freedoms that the foundation considers essential.
But Torvalds said he believes its not the software programmers place to tell hardware designers what to do; if a hardware companys proprietary practices are objectionable, programmers should simply buy another companys hardware, Torvalds said.
In one email he said: "I literally feel that we do not - as software developers - have the moral right to enforce our rules on hardware manufacturers. We are not crusaders, trying to force people to bow to our superior god. We are trying to show others that co-operation and openness works better."
The GPL 3 draft goes beyond Torvalds prime licensing goal of reciprocity, he said: "GPLv2 is fair. It asks others to give back exactly what I myself offer: the source code to play with. The GPLv3 fundamentally changes that balance, in my opinion. It asks for more than it gives. It no longer asks for just source back, it asks for control over whatever system you used the source in."
When it comes to using DRM to encrypt digital content such as movies, Torvalds suggested in another email that people take a different approach: employ a licence from a group such as the Creative Commons that requires content to remain open.
Torvalds said: "If enough interesting content is licensed that way, DRM eventually becomes marginalised. Yes, it takes decades but thats really no different at all from how the GPL works."
And he said the power of entrenched media companies doesnt just come through encryption. "As long as you expect Disney to feed your brain and just sit there on your couch, Disney and company will always be able to control the content you see," Torvalds said. "DRM is the smallest part of it. The crap we see and hear every day [regardless of any protection] is a much bigger issue." |