I decided to do some of the work for you, since I was already checking the state of my comment :)
On Wed, 2006-09-27 at 19:13 +0100, Niall Douglas wrote:
It's more the other way round. In section 5.[2] it says:
b) You must license the entire work, as a whole, under this License to anyone who comes into possession of a copy. This License must apply, unmodified except as permitted by section 7 below, to the whole of the work, and all its parts, regardless of how they are packaged. This License gives no permission to license the work in any other way, but it does not invalidate such permission if you have separately received it.
Now that SHOULD read "You must license the entire work, as a whole, under THE TERMS OF this License to anyone who comes into possession of a copy". Otherwise it may be interpreted that any libraries under a FreeBSD license must be relicensed as GPL v3 if any GPL v3 code uses them.
This comment has not been made yet and IMHO it is worth making.
Draf2 of GPLv3 says: "The Corresponding Source also includes any encryption or authorization keys necessary to install and/or execute modified versions from source code in the recommended or principal context of use, such that they can implement all the same functionality in the same range of circumstances."
If you sign a program so that i know that the program comes from you i can "install and/or execute modified versions from source code in the recommended or principal context of use, such that they can implement all the same functionality in the same range of circumstances." So you don't have to give me your signing key.
Ah but that doesn't permit "all the same functionality" now does it! It means that if you were to run a signing authenticator, you'd get different functionality.
I don't read it this way, but there are lots of comments around that bit of text which means that further clarifications are needed. I don't know what a 'signing authenticator' is so I cannot help further.
Section 6.[3]:
The Corresponding Source conveyed in accord with this section must be in a format that is publicly documented, with an implementation available to the public in source code form, and must require no special password or key for unpacking, reading or copying.
One could interpret a SSL connection as a form of encrypted container. Therefore, transferring a file over it DOES require a special password or key for unpacking/copying. Of course, SSL connections generate a random once-off key per connection to which the user normally has no access.
I agree with Simo: SSL is not a container. S/MIME is more interesting, but the recipient is supposed to have the key to decrypt the tar and do whatever the license allows him to do. But again, this is worth commenting on, because the S/MIME case can open different scenarios that I cannot notice now. There is a comment about this wording, but it is worth discussing it more deeply on http://gplv3.fsf.org/comments/gplv3-draft-2.html
cheers stef