Re: Gitorious should use CRC128 / 256 / 512 instead of SHA-1

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hans Petter Selasky <hps@xxxxxxxxxxx> writes:

> From what I've read the GPLv3 goes pretty far to also provide flashing
> rights for software, but what use is that, when flashing the unsigned
> software on your Samsung phone, for example, some fuse breaks in the
> hardware, and then you can no longer use certain apps on your phone?

It smells that you are conflating the signing of source material and
the sealing of tivoized hardware that use cryptographic signature to
tell what binaries are allowed to run on it.

The signing implemented by the software we the Git development
community build is not about the latter.  The source used to build
binaries for your tivoized hardware can come from a VCS that is
deliberately designed to allow object name collisions, and your
build would just be locked out the same unless you have the signing
key that pleases the hardware.  Use of Git there would not make the
story any different, I am afraid.





[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux