467,166 Members | 973 Online
Bytes | Developer Community
Ask Question

Home New Posts Topics Members FAQ

Post your question to a community of 467,166 developers. It's quick & easy.

Open Source DRM? What does everyone think about it? Will Open Source DRM ever catch up to MS DRM?

Open Source DRM? What does everyone think about it? Will Open Source
DRM ever catch up to MS DRM?

Will DRM ever be integrated into common LAMP applications?

Here's Sun's latest initiative in Open Source DRM:

DReaM: Royalty-Free, Open Source DRM


Sun Microsystems (Quote, Chart) is jumping into digital rights
management (define) with the launch of an open source version not
dependent on devices.

Jonathan Schwartz, Sun's president and COO, announced the launch of the
Open Media Commons' DRM/everywhere (DReaM) project in order to kick off
the Progress & Freedom Foundation's annual summit in Aspen, Colo.

The intent of the project is to create a DRM standard that's
royalty-free and interoperable with other DRM technologies, similar to
Sun's work with the Liberty Alliance, an open community for the
federated identity industry.

The DRM technology created will be licensed under a Creative
Commons-based license, according to a statement by the Progress &
Freedom Foundation.
Here's what Linus Torvalds has to say regarding Open Source DRM:

there's no way to do this gracefully, so I won't even try. I'm going to
just hunker down for some really impressive extended flaming, and my
asbestos underwear is firmly in place, and extremely uncomfortable.
I want to make it clear that DRM is perfectly ok with Linux!

There, I've said it. I'm out of the closet. So bring it on...

I've had some private discussions with various people about this
and I do realize that a lot of people want to use the kernel in some
to just make DRM go away, at least as far as Linux is concerned. Either
some policy decision or by extending the GPL to just not allow it.

In some ways the discussion was very similar to some of the software
patent related GPL-NG discussions from a year or so ago: "we don't like
it, and we should change the license to make it not work somehow".

And like the software patent issue, I also don't necessarily like DRM
myself, but I still ended up feeling the same: I'm an "Oppenheimer",
and I
refuse to play politics with Linux, and I think you can use Linux for
whatever you want to - which very much includes things I don't
personally approve of.

The GPL requires you to give out sources to the kernel, but it doesn't
limit what you can _do_ with the kernel. On the whole, this is just
another example of why rms calls me "just an engineer" and thinks I
no ideals.

[ Personally, I see it as a virtue - trying to make the world a
better place _without_ trying to impose your moral values on other
people. You do whatever the h*ll rings your bell, I'm just an engineer
who wants to make the best OS possible. ]

In short, it's perfectly ok to sign a kernel image - I do it myself
indirectly every day through the kernel.org, as kernel.org will sign
tar-balls I upload to make sure people can at least verify that they
that way. Doing the same thing on the binary is no different: signing a
binary is a perfectly fine way to show the world that you're the one
behind it, and that _you_ trust it.

And since I can imaging signing binaries myself, I don't feel that I
disallow anybody else doing so.

Another part of the DRM discussion is the fact that signing is only the
first step: _acting_ on the fact whether a binary is signed or not (by
refusing to load it, for example, or by refusing to give it a secret
is required too.

But since the signature is pointless unless you _use_ it for something,
and since the decision how to use the signature is clearly outside of
scope of the kernel itself (and thus not a "derived work" or anything
that), I have to convince myself that not only is it clearly ok to act
the knowledge of whather the kernel is signed or not, it's also outside
the scope of what the GPL talks about, and thus irrelevant to the

That's the short and sweet of it. I wanted to bring this out in the
because I know there are people who think that signed binaries are an
of "subversion" (or "perversion") of the GPL, and I wanted to make sure
that people don't live under mis-apprehension that it can't be done.

I think there are many quite valid reasons to sign (and verify) your
kernel images, and while some of the uses of signing are odious, I
see any sane way to distinguish between "good" signers and "bad"

Comments? I'd love to get some real discussion about this, but in the
I'm personally convinced that we have to allow it.

Btw, one thing that is clearly _not_ allowed by the GPL is hiding
keys in the binary. You can sign the binary that is a result of the
process, but you can _not_ make a binary that is aware of certain keys
without making those keys public - because those keys will obviously
been part of the kernel build itself.

So don't get these two things confused - one is an external key that is
applied _to_ the kernel (ok, and outside the license), and the other
is embedding a key _into_ the kernel (still ok, but the GPL requires
such a key has to be made available as "source" to the kernel).



Aug 27 '05 #1
  • viewed: 2136
2 Replies
Open source versus DRM is somewhat like Patents versus Corporate
Secrets. People WILL break DRM if they want to rip it off; and people
will steal corporate secrets. Patents keep the knowledge open, but let
you know that you aren't gonna make money off of someone elses ideas or
inventions. Open source lets us learn from your hard work as a
community, but it would be pretty visible if someone ripped you off. As
for outside of the software biz, and into music? I think we need to
find a way artists can start making money from album sales...currently
they don't, unless those sales are platinum level. They make money from
venues, and big companies steal all the album sales cash.
This is my flame, hope I don't sound too much like an ass for

Aug 30 '05 #2
Hello all,

I would just like to say that those things which empower the indie
artist and creator are generally great things.

At http://authena.org , the view of DRM is that it is good when
creators control it, and not so good when huge corporations or agenices
control it.

When a song gets sold on itunes fro 99 cents, artists still only get 8
to 11 cents.

Imagine if they could control the DRM, charge 50 cents, and keep forty

Or even a record label, like Atlantic, could charge less and give
artists more.

DRM that empowers the artist/creator is a good thing.

Here's another site which was prepared for the zurich http://oscom.org

http://22surf.org/zurich.html (Zurich presentation)

22surf is all about empowering indie artists with open source content
magagement and digital rights management.

However DRM evolves over time, I hope it ends up putting more money in
the pockets of indy creators.

Aug 30 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

14 posts views Thread by Dave Murray | last post: by
27 posts views Thread by Mike | last post: by
158 posts views Thread by Giovanni Bajo | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.