So this is a really interesting angle on Right to Repair that I’d not previously considered. Maybe I’ve missed that in messaging, but if included appropriately, such would have far-reaching implications.
I’d of course prefer open-source but legalizing decompilation for bug fixing could create an interesting market for third-party bug fixes…
Signed binaries can kill any sort of software repair though
Only if you don’t allow users to load certificates. For example, the SecureBoot spec requires that users have a mechanism to add new signing keys. If I have a PC that MS decides not to support in a future version of Windows then I can always install something else and get the same trusted boot chain if I install the right signing certs.
The real problem is when the secure boot chain is used for remote attestation. This is incredibly useful for confidential cloud computing, where I can deploy into a (hardware-enforced) confidential VM and validate that my cloud provider hasn’t tampered with my VM image before I provision it with any keys that let it decrypt my personal or company’s data. It’s far more sinister when it’s run on client devices and, for example, Netflix can refuse to let me stream video if my version of Android is not a Google- or vendor-blessed one.
I‘ve first seen this on German IT news website Golem (Link), which summarizes the ruling quite good. I also copied the title from the orange site. Could this ruling apply to the re3 / reVC* projects?
*In case this goes down: They basically reverse engineered the both games and added support for newer hardware (wide screen, controller) or fixed bugs with high frame rate.
If there is someone here who speaks lawyer, what is the situation with distribution of bug fixes and patched binaries? It seems clear that this ruling allows me to fix bug on my software on my machine but can I post the fix online? Can I sell the fix to other license holders?
Previous discussion on HN: https://news.ycombinator.com/item?id=28809559