[Qgis-developer] Qgis custom buil to read obfuscated data

John Patterson john at henrygis.com
Thu Sep 15 20:53:50 EDT 2011 

I agree that obfuscated source code is against the spirit of the GPL- 'The
“source code” for a work means the preferred form of the work for making
modifications to it'. There's also the remote possibility of a motivated
party working to de-obfuscate if the dataset is juicy enough.

I'd say that encryption is the answer here - hang the security on the key
rather than the code. If the requirement is explicitly "should be only
visible and usable through the customized qgis and not by any other tool.",
then use GPG[1] or something[2] and add a "File > Load Encrypted Dataset"
dialog or some such. I would imagine this to be a reasonable solution.

1. http://www.gnupg.org/related_software/libraries.en.html
2. http://www.gnupg.org/related_software/gpgme/index.en.html

John

On Thu, Sep 15, 2011 at 4:41 PM, Mayeul Kauffmann
<mayeul.kauffmann at free.fr>wrote:

> **
> > @Niccolò: good point. Howevere one could write a non GPL piece of code
> (the minimum to keep the data undisclosable) and link qgis to it. Is it
> forbidden
> >  by GPL license? I don't think...
> > I think it is.
>
> I also believe it might be forbidden by the GPL.
> I think there might be a way to reconcile ethics, respect for the GPL and
> the client needs.
> You would need to obfuscate the source code.
> For example, you rename fonctions, classes, filenames etc according to an
> encryption mechanism. The encryption is based on a key chosen by the client.
>
> You need to take care of many things, e.g. if:
> qgsapplication.cpp  becomes qslghtygvr15ni189t.cpp
> then:
> qgsapplication.h  becomes qslghtygvr15ni189t.h
> Naming conventions which are understood by the framework should be
> respected as well (I do not know qgis's architecture well enough to be
> precise here).
> In one part of the code, you put your mechanism decoding the data.
> You then release the whole thing as GPL.
>
> Obviously, you work on the non-obfuscated code. You need to use or build a
> software to obfuscate the code (
> http://en.wikipedia.org/wiki/Obfuscated_code says there are open-source
> software to do so).
>
> Then, for the ethic part: you also share any improvement you do in
> non-obfuscated format (except maybe the data-decoding part). I wonder though
> if the major part of the  data-decoding part could be generic enough to be
> shared as (non-obfuscated) GPL code. Then other sensitive projects may reuse
> it.
> Is the whole approach ethical? I really don't know. Still, it would be
> funny to receive a dataset with a notice: to read this geotiff, you must use
> our version of QuantumGIS, not ArcGIS or Mapinfo!
>
>
> EDIT: not sure the approach above is OK, see
> http://stackoverflow.com/questions/1086445/obfuscation-and-gpl
> However GPL encryption software do exist. Maybe the data provider could
> give the data with a key. Of course it makes the system much weaker.
> However, the client should be aware that an external compiled piece of code
> is not much less easy to crack than it is to change an open source software.
>
> A final note:
> I believe in free software and in free geo data. I contribute to QGIS and
> to OpenStreetMap. I've produced some of OSM icons and released them in
> public domain.
> However, piracy exists and I condemn it; some organizations may rightfully
> search ways to protect themselves against unauthorized used of their data. I
> prefer companies that share their data, but *as long as you contribute
> yourself to QGIS in other domains*, then you would learn something from
> this work and I would say it's better than if they pay ESRI developers to do
> the same.
> Still, if you can find another client/boss which is more open source
> minded, then I would encourage you to refuse this task. Otherwise, I'll pray
> for you soul!
>
> Hope this helps,
> Mayeul
>
>
> >
> > Probably you're right.
> http://blog.milkingthegnu.org/2008/04/gpl-for-dummies.html
> >
> >
> >
> >         --strk;
> >
> >          ()   Free GIS & Flash consultant/developer
> >          /\   http://strk.keybit.net/services.html
> >
> >
> > _______________________________________________
> > Qgis-developer mailing list
> > Qgis-developer at lists.osgeo.org
> > http://lists.osgeo.org/mailman/listinfo/qgis-developer
> >
>
> _______________________________________________
> Qgis-developer mailing list
> Qgis-developer at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/qgis-developer
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.osgeo.org/pipermail/qgis-developer/attachments/20110915/545d00e9/attachment.html

More information about the Qgis-developer mailing list