There seem to be so many people who think that the DRM style signing of binaries is unavoidable and easily circumvented, but I am convinced this is not so. All that the FSF need do in writing (or just in interpreting) there upcoming licence is to consider the one-way hash functions on which cryptographically secure signatures depend (and in particular, on which any economically viable means of DRM depends) as being a binary with respect to the source from which it is generated. Then any entity that wishes to bless just one particular version of a piece of code by DRM means would, by virtue of the GPL, be conveying the binary they are trying to control, and thus subject to all the requirements and provisions of the GPL.

This is a new interpretation of the word ‘binary’, but is analagous to accepted use. It might make sense to clarify the transitive nature of generating a second-order binary from an existing binary. That is, conveying signatures of binary code implies the necessity of conveying the binary code, which in turn implies the necessity of conveying source. What is more, this inconveniences no one other than those who would wish to circumvent the aims of the GPL — any one else who would distribute such signatures are doing so as a means of better distributing the whole. So users of GIT wouldn’t be inconvenienced, as the entire purpose of generating signatures in that source code revision system is to better facilitate the exchange of relevant source code. Likewise developers (and distributions like debian) who validate code would not be upset if signatures were only mass distrbuted by those who are already distributing the code packages themselves.

All other uses of signatures are bound very tightly to thing being signed. And rightly so. The aims of DRM, to bless particular texts at a distance and only indirectly, are the antithesis not only to social behaviour, but also to free markets and even the rule of law. Who can enter into genuine contracts when there are thousands of tangled and mutually incompatible remote and unnegotiable DRM requirements which limit the open exchange of information between parties.