-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julian Oliver wrote: > > i doubt it is at all possible to entirely defeat cheating, with > free-software especially. you can however make it harder by ensuring > that one key cannot be used by multiple clients. >
How exactly does this make cheating harder? I close the official client and start my hacked one. Both are using the same key and you cannot detect the swap. What exactly did you solve? This wouldn't even slow the cheater down. > yes of course, but just for one connecting client if the server only > recognises one simultaneous connection from a client with the > appropriate key. Yes, but again - this is not relevant to cheating. You do not need two clients connected at the same time using the same key to cheat! > i don't think it breaks the GPL at all. 'Tivoisation' apples to the > problem of there being a trigger in hardware that breaks > hardware/software functionality if the client is modified, regardless > of the fact that the source itself is open. It does - GPL v3 does not make any distinction whether it is hardware or software implementation (from http://www.gnu.org/licenses/gpl-faq.html): > I use public key cryptography to sign my code to assure its > authenticity. Is it true that GPLv3 forces me to release my private > signing keys? > > No. The only time you would be required to release signing keys is if > you conveyed GPLed software inside a User Product, and its hardware > checked the software for a valid cryptographic signature before it > would function. In that specific case, you would be required to > provide anyone who owned the device, on demand, with the key to sign > and install modified software on his device so that it will run. If > each instance of the device uses a different key, then you need only > give each purchaser the key for his instance. And: > “Installation Information” for a User Product means any methods, > procedures, authorization keys, or other information required to > install > and execute modified versions of a covered work in that User Product > from a modified version of its Corresponding Source. The information > must suffice to ensure that the continued functioning of the modified > object code is in no case prevented or interfered with solely because > modification has been made. There is no mention whatsoever about a specifically hardware trigger (signature check being done in HW). Even pure software implementation where you withhold the relevant keys (and thus prevent the "unofficial" version to run) would break GPL v3. > generating keys at the point of distribution concerns a tracking and > authentication issue and passes on no primary lack of priviledge > under the GPL-compliant terms of the binary distribution (as i > understand it). If the authentication prevents me from running the modified binary (e.g. because I cannot re-sign it without your private key), you are in breach of GPL v3. See above. Merry Christmas, Jan -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mandriva - http://enigmail.mozdev.org iD8DBQFHcN9on11XseNj94gRAiwtAJwPWBfe2UDGbOHF3r0t1EYX8OwilQCfVHsw hMF26xGMulbuXroUiQP8fEM= =tzkW -----END PGP SIGNATURE----- _______________________________________________ Soya-user mailing list Soya-user@gna.org https://mail.gna.org/listinfo/soya-user
