If you develop a security measure for a GPLd program you've written which involves a secret variable, do you have to release said variable with the source code of said program when requested to do so?
Extra Foam Sugar Free Ubuntu
If you develop a security measure for a GPLd program you've written which involves a secret variable, do you have to release said variable with the source code of said program when requested to do so?
Which is more important in obtaining the truth, "what" or "why"? Trick question. They are of equal importance.
Freely ye have received, freely give.
Banned
What is a "secret variable"? How does it differ from other variables?
The GPL requires that the complete source code be provided. The intent is that anyone who receives a copy of the program is fully able to use it, study it, modify it and redistribute it.
http://www.gnu.org/philosophy/free-sw.html
Cake for coffee's sake
If you've written it by yourself and are the sole copyright holder, you can distribute whatever portions of the source you want.Originally Posted by ki4jgt
Tea Glorious Tea!
Why would you have a "secret variable" in your security program? That makes no sense.
Fond of tea.
Security through obscurity is a fallacy. If you have written the code, then you can obviously set the licence terms; you don't have to apply the GPL to an entire application, do you?
Banned
If an essential component of the application is not licensed as GPL, then could the application be considered GPL? I suppose we can't discuss this properly until we find out what "secret variable" means.
Extra Foam Sugar Free Ubuntu
Which is why we have public and private GPG keys.
I have an application which upon execution reports to a server (in concept b/c I haven't coded it yet). It combines a code word (the variable) and the current time and then hashes them together, to prove that it is the program and not someone trying to hack the system. The question now, is if I don't include the variable in the program, can I still distribute it under the GPL?If an essential component of the application is not licensed as GPL, then could the application be considered GPL? I suppose we can't discuss this properly until we find out what "secret variable" means.
Which is more important in obtaining the truth, "what" or "why"? Trick question. They are of equal importance.
Freely ye have received, freely give.
Fond of tea.
That's not quite the same thing.
While that sounds like a system that could be cracked in under five minutes, why not just make the variable.. variable? If it can be assigned by the user, then the code base can be open; I'm sure you have a reason for not doing so.
The application can't be considered GPL if you've got closed source, but could be if the closed source was a bolt-on. You could of course use another licence, but you already know that. ^^
Extra Foam Sugar Free Ubuntu
Well, I need a way to verify that the program is the actual thing sending me the message of completion (and not a bot). I'm trying to prevent automated bots from reporting multiple times that the task has been completed. It has to do with file downloading. Basically the program will allow webmasters to embed files within their sites. Then when a user downloads the file, the program will fetch an ad to display (it's written in JAVA). The site owner will get half of the profit for every ad shown. Have any other suggestions for a way to do this?That's not quite the same thing.
While that sounds like a system that could be cracked in under five minutes, why not just make the variable.. variable? If it can be assigned by the user, then the code base can be open; I'm sure you have a reason for not doing so.
The application can't be considered GPL if you've got closed source, but could be if the closed source was a bolt-on. You could of course use another licence, but you already know that. ^^
Which is more important in obtaining the truth, "what" or "why"? Trick question. They are of equal importance.
Freely ye have received, freely give.
Ubuntu addict and loving it
The most fundamental freedom of free software is that the user can modify the programs behaviour. so for example i might want to modify your program to not display the adverts, because i consider seeing adverts to be a distracting anti-feature.
You seem to want to make piece of software that the user can't modify, (or at least that you can spot and reject modified versions).
But, it sounds like you are also interested in offering your source code to the community (as long you can do so without compromising your main goal). That is admirable, and i think possible. There are a few ways you might be able to do this.
* You could write the software, and release it as an opensource (GPL) project. Then, because you still own the copyright to the code (you wrote it all), you could make a slight modified version, with your secret extra code, and release that only as a binary. You will need to make sure that you have not used anyone else's GPL code in your program, and that all the libraries you make use of allow linking into a closed program (eg LGPL)
* You could split your program into bits and release some of them as LGPL or BSD/Apache licence. Then you could write a closed source program, that makes use of those libraries.
Not being able to hide secrets in source code, is not directly related to security. Look at openssh, openssl, gpg, firefox etc. The are all opensource, and they all implement industry leading secure communication and authentication. There are closed source programs that do similar, and they are not in general any more secure.
So suppose your program has a secret number in it. and it sends a message to your server using that secret number. what is to stop an attacker listening to your network traffic? what stops them decompiling your binary? just keeping the source secret, does not solve much.
Posting Permissions
Adv Reply
Bookmarks