The father of Linux, Linus Torvalds, is claiming that new provisions against digital rights management in a draft update to the General Public Licence (GPL) could have a detrimental effect on computer security. Torvalds made the point that it is important to remember that not all DRM is bad – that the application of the technology can be a positive thing if used correctly.
"I think a lot of people may find that the GPLv3 'anti-DRM' measures aren't all that wonderful after all. Digital signatures and cryptography aren't just 'bad DRM'. They very much are 'good security' too," Torvalds said.
Torvalds gave some examples of good use of DRM technology, such as instances of areas where he believes it's appropriate for secret digital keys to be used to sign software, or cases where a computer can only run software versions that have authorised digital signatures. For example, a company might want to distribute a Linux version that loads only kernel modules that have been signed.
"The current GPLv3 draft pretty clearly says that Red Hat would have to distribute their private keys, so that anybody can sign their own versions of the modules they recompile, in order to re-create their own versions of the signed binaries that Red Hat creates. That's insane."