Ross Anderson writes:
During my investigations into TCPA, I learned that HP has started a development program to produce a TCPA-compliant version of GNU/linux. I couldn't figure out how they planned to make money out of this. On Thursday, at the Open Source Software Economics conference, I figured out how they might. ... The business model, I believe, is this. HP will not dispute that the resulting `pruned code' is covered by the GPL. You will be able to download it, compile it, check it against the binary, and do what you like with it. However, to make it into TCPA-linux, to run it on a TCPA-enabled machine in privileged mode, you need more than the code. You need a valid signature on the binary, plus a cert to use the TCPA PKI. That will cost you money (if not at first, then eventually).
Hmmmm.... Not clear that this really works to make money. The GPL allows everyone to redistribute HP's software verbatim, right? So a cert on one copy of the software will work on everyone's. How can HP make money on a product that everyone can copy freely, when they can all share the same cert? It's true that modified versions of the software would not be able to use that cert, and it would no doubt be expensive to get a new cert for the modified software. But that still gives HP no monopoly on selling or supporting its own version. Anyone can step in and do that. Is the cert itself supposed to be somehow copyrighted? Kept secret? Will it be illegal to publish the cert, to share it with someone else? This seems pretty questionable both in terms of copyright law (since a cert is a functional component) and in terms of the GPL (which would arguably cover the cert and forbid restrictively licensing it). It seems more likely that the real purpose is to bring the benefits of TCPA to the Linux world. As an innovator in this technology HP will gain in reputation and be the source that people turn to for development and support in this growing area. The key to making money from open source is reputation. Being first makes good economic sense. You don't need conspiracy theories. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
participants (1)
-
Nomen Nescio