From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: joakim@verona.se
Newsgroups: gmane.emacs.devel
Subject: Re: code signing with foreign function interface?
Date: Sun, 07 Mar 2010 18:05:18 +0100
Message-ID: <m38wa45agh.fsf@verona.se>
References: <m3y6i46440.fsf@verona.se> <87y6i4xg7y.fsf@lola.goethe.zz>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: dough.gmane.org 1267981938 10151 80.91.229.12 (7 Mar 2010 17:12:18 GMT)
X-Complaints-To: usenet@dough.gmane.org
NNTP-Posting-Date: Sun, 7 Mar 2010 17:12:18 +0000 (UTC)
Cc: emacs-devel@gnu.org
To: David Kastrup <dak@gnu.org>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sun Mar 07 18:12:13 2010
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([199.232.76.165])
	by lo.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1NoK1T-0000OI-1R
	for ged-emacs-devel@m.gmane.org; Sun, 07 Mar 2010 18:12:11 +0100
Original-Received: from localhost ([127.0.0.1]:59045 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43)
	id 1NoK1S-00070u-CD
	for ged-emacs-devel@m.gmane.org; Sun, 07 Mar 2010 12:12:10 -0500
Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1NoJwS-0005D1-Qk
	for emacs-devel@gnu.org; Sun, 07 Mar 2010 12:07:00 -0500
Original-Received: from [140.186.70.92] (port=49477 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1NoJwP-00058n-NE
	for emacs-devel@gnu.org; Sun, 07 Mar 2010 12:06:59 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69)
	(envelope-from <joakim@verona.se>) id 1NoJwA-00018S-FA
	for emacs-devel@gnu.org; Sun, 07 Mar 2010 12:06:43 -0500
Original-Received: from iwfs.imcode.com ([82.115.149.64]:41018 helo=gate.verona.se)
	by eggs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <joakim@verona.se>)
	id 1NoJur-00013S-Aq; Sun, 07 Mar 2010 12:05:21 -0500
Original-Received: from localhost.localdomain (IDENT:1005@localhost [127.0.0.1])
	by gate.verona.se (8.13.4/8.11.4) with ESMTP id o27H5IV4000858;
	Sun, 7 Mar 2010 18:05:19 +0100
In-Reply-To: <87y6i4xg7y.fsf@lola.goethe.zz> (David Kastrup's message of "Sun, 
	07 Mar 2010 17:13:21 +0100")
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.1.90 (gnu/linux)
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.4-2.6
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:121704
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/121704>

David Kastrup <dak@gnu.org> writes:

> joakim@verona.se writes:
>
>> - We don't necessarily need a complete secure infrastructure for
>> this. A simple solution might be to check for the presence of a form
>> of GNU license in binary form in the dll. This particular GNU license
>> is itself protected by copyright and cannot be combined with other
>> works without creating a derived work.
>
> Useless:
>
>      Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
>      Everyone is permitted to copy and distribute verbatim copies
>      of this license document, but changing it is not allowed.
>
> So you can copy the license into any work you like.  The presence of the
> GPL as a binary blob is meaningless with regard to licensing.  A book
> may also print the GPL without becoming GPLed.
>
> The GPL becomes relevant only when it is made clear that the acquisition
> of some software is governed by it.  Its mere presence in some manner is
> not more than a pointer.  If it is needed as a key without legal
> meaning, that use is perfectly covered by its license.

Ok, I was unclear. I didn't mean that the GPL in itself would be used for
this. I meant another new license, derived from the GPL, but specialized
for this purpose, specifically avoiding the pitfall you describe.

Maybe its still useless, but lets describe each step:

- Define a copyrightable text that might also be used as a binary blob.
this text has a license that allows it to be bundled with other GPL:ed
binary blobs, such as GPL:ed dll:s. Since these dll:s are GPL:ed its ok
to produce a new signed dll with the text in it.

- Sign a dll with this text with some kind of signing tool. Maybe static
  linking will be enough.

- Emacs FFI loads the dll and checks that the desired licensed text in
  binary form is present, and then proceeds to use the dll. If the text
  is not present, refuse to proceed.

-- 
Joakim Verona