Re: GPL / Open Source Application

Mehdi <vioccc@xxxxxxxxxxxxxxxxxx> wrote:
I want to publish my application under GPL so it is open source and
everyone could modify it. How could I prevent my users from installing
"unauthorized" versions by fault? Someone might add malicious code and
my application is then blamed for it :-( I use already strong names to
sign my application, but this is not transparent for the users as they
could not easily check the signature.

What is the best way to 'sign' an application so that the user
immediately knows it's an 'official' version? Many thanks!!

By definition, if your application is released under an open source
license, then anybody can download the source code, modify it and release
the modified version. You can add as much signing as you want, it won't
change anything since anybody will have have to the whole source code and
will therefore be able to do anything they want and make it appear to the
user like if it was the original version.

No, that's not true. If the OP signs it with a private key and
publishes the public key somewhere, then anyone who wants to can tell
that a modified and recompiled version (which can't be signed with the
private key, because the OP has kept it safe) isn't from the OP.

Alternatively, the OP could just publish the MD5 sum of the original
binary, so people could tell if it's been altered (modulo hacks which
give the same sum - I know there have been attacks, but it's unlikely
to be feasible in this case, I believe; use a different hash algorithm
if necessary).

--
Jon Skeet - <skeet@xxxxxxxxx>
http://www.pobox.com/~skeet Blog: http://www.msmvps.com/jon.skeet
If replying to the group, please do not mail me too
.

Relevant Pages

  • Re: how about mutual compatibility between Linuxs GPLv2 and GPLv3?
    ... form for making modifications and not some other form that sucks rocks. ... Yes, but in the scenario I proposed, the source code *is* in the ... preferred form for making modifications, it just so happens to be ... When you modify a sculpture, you're modifying it in place, and this ...
    (Linux-Kernel)
  • Re: how about mutual compatibility between Linuxs GPLv2 and GPLv3?
    ... still modify the kernel binary on the Tivo harddrive, ... permission to restrict the ability to run covered programs, ... Tivoizing device ships with tivoized software, ... distribute and modify the source code, ...
    (Linux-Kernel)
  • Re: Blocking Gmail ads
    ... mechanics enthusiasts could work on their ... I know very well what to modify, ... If I were to modify the source code, ... I could make my car blow up and it's a good idea to keep stupid users ...
    (Debian-User)
  • RE: how about mutual compatibility between Linuxs GPLv2 and GPLv3?
    ... copying or modifying the source code, but I can use hardware to stop ... particular copy of the source code, so long as there is some copy of the ... The GPL requires the source code to be provided in a customary way and be ... Having access to the source code, being able to copy and modify it, being ...
    (Linux-Kernel)
  • Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
    ... "For an executable work, complete source code means all the source code ... Do I follow the GPLv2? ... a right to modify that copy. ...
    (Linux-Kernel)