On Mon, Feb 22, 2010 at 4:31 PM, Isaac Dupree
On 02/21/10 15:38, address@hidden wrote:
On Sun, Feb 21, 2010 at 4:00 AM, Robo L<address@hidden> wrote:
Firstly I would like to thank everyone for the reply and Your time.
I would like to clarify the issue.
First I need to hide the very first Welcom message because I need to hide
GRUB for other users of MS Windows on my PC. I need it only for myself.
I'm not entirely certain, but:
(1) I think GRUB is licensed under GPLv3 or higher only
(2) GPLv3 covers what were considered to be loopholes in GPLv2
(firmware enforced signature, software-as-a-service)
well, GPLv3 is not identical to GPLv2, but I don't think the differences are
important to this issue.
(3) Your use of GRUB (copying it into the boot record) requires you to
provide your users with notice of their GPL rights to your version of
No, I think it probably does not. Firstly, because Robo L may not be
"conveying" the program (see definition in GPLv3), and if not, cannot
possibly be violating GPLv3.
You're right, the loophole I mentioned in #2 was plugged in AGPL in a
way that only covers over-the-network use and thus probably not Robo's
Secondly, even if installing it to the hard disk of a computer that is
shared between you and other people (or other corporations) is "conveying",
GPLv3 Section 5 says, "d) If the work has interactive user interfaces, each
must display Appropriate Legal Notices; however, if the Program has
interactive interfaces that do not display Appropriate Legal Notices, your
work need not make them do so."
I didn't check whether mainstream GRUB interaction displays Appropriate
Legal Notices. ("Welcome to GRUB!" is most certainly NOT an Appropriate
Legal Notice.) If it doesn't, you're free. If it does, I think you still
I never meant to suggest that removing the message was forbidden, just
that if there is a requirement to offer source code to the users then
it's pointless to hide the message.
do not need to display Appropriate Legal Notices until "interactive user
interfaces" have been activated; say, by typing in the secret code that
activates them. In section 0. Definitions, "An interactive user interface
Anything that accepts a secret code and responds to it is an
interactive user interface.
displays “Appropriate Legal Notices” to the extent that it includes a
convenient and prominently visible feature that [says it's GPLed, etc.]. If
the interface presents a list of user commands or options, such as a menu, a
prominent item in the list meets this criterion." I don't see "interactive
user interfaces" defined anywhere in the GPL or mentioned in GPL-FAQ, so I
am hardly sure whether a secret password-entry system that only interacts by
secretly reading a password (and then brings up the "real" interactive
interface) would count as an interactive interface in its own right that
must tell the user about itself even when they don't know the password...
The Affero-GPL is written with further language about interaction, but as I
guess that the normal GPL wouldn't make a GPL'd SSH server program have to
break the SSH protocol in order to fulfill Legal Notices, there must be some
limits on what is considered "interaction"...
I doubt the GPL was written with surreptitious installation of software on
other people's computers in mind... well, maybe it was
It definitely covers putting a copy on someone else's computer. But
Robo said he's installing it on his own computer. And GPLv3 doesn't
seem to put restrictions on that like AGPLv3 does.
So one can hardly say that "another user on my PC not venture a guess
that there is a GRUB" if you are required to tell them that GRUB is
there and offer them the source code.
Richard: redirection is not good idea for me, becouse II need classical
console. I wrote a module with hidden password (secret process - no
on console - silent) If match then redirect to boot linux. The nature of
process is that another user on my PC not venture a guess that there is a
GRUB and secound linux OS!
Security through obscurity is never a good idea and especially not
when you have to give away the source code.
You have to give the source code when requested, or distribute it on-disk
along with the binary... neither of which compromise security here. It's
I doubt that putting a copy on a hidden partition satisfies the GPL.
Here, let me sell you some GPL software on a DVD, oh yeah there's an
advertisement video on a second track and the source code is embedded
not a secret algorithm; it's a secret that GRUB is there at all. (GPLv3
section 5.d , if obeyed strictly, might break this secret -- but that is
The secret password to activate GRUB may be in the source code, or
possibly the algorithm for locating it on the disk is. Using a
one-way hash could fix that problem of course.
Depending what Robo L's threat model is, this "no messages until secret code
entered" may be sufficient security. Suppose it's to prevent other people
from giving Robo a hard time about using Linux (they'd never suspect it in
the first place! Or, they wouldn't mind terribly much if they found out.).
Or suppose it's part of spying on these people (and getting caught means
Robo runs away but has succeeded in doing some spying in the meantime).
That last one sounds at least as illegal as GPL violation. In most
places if computer use is being monitored then the user has to be
informed of the possibility.
Grub-devel mailing list