GPLv3 and signing keys

Date: 2011-09-20 10:12 pm (UTC)
From: (Anonymous)
There is a lot of misunderstanding of the GPLv3 requirement for signing keys. The requirement that you provide "installation information" (which includes signing keys) applies to object code distributed for a "User Product" that is distributed AS PART OF a transaction in which the right of possession of the "User Product" changes hands.

A "User Product" is a tangible person property or goods designed for installation in a dwelling.

The gist of what GPLv3 is saying is that if you sell someone some hardware that includes GPLv3 firmware, you have to give them the keys to install new firmware of their choice.

Since Red Hat sells their software for use on other people's hardware, rather than selling their software bundled with hardware as part of the sale of that hardware, Red Hat can ship signed GPLv3 code without being obligated to provide the keys.
Identity URL: 
Account name:
If you don't have an account you can create one now.
HTML doesn't work in the subject.


If you are unable to use this captcha for any reason, please contact us by email at

Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.


Matthew Garrett

About Matthew

Power management, mobile and firmware developer on Linux. Security developer at Google. Ex-biologist. @mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer.

Expand Cut Tags

No cut tags