> require apps to be signed could not contain LGPL components, since you would not be able to modify the LGPL components.

You COULD make the changes, but you MUST keep the changes to the LGPL'd software made available in some way. This is not going to affect the rest of your project, only the LGPL'd library. I think not including any private keys or signed files will still satisfy the LGPL as long as any code changes you made are included. I don't think configuration that compromises your security is within scope, and I'd feel like RMS would agree there.

Its really interesting the goal of the LGPL is to allow for LIBRE libraries to exist where there's proprietary components that already do a solid job, so in order to convince people to use GPL / LGPL tools / libraries it was thrown in that umbrella.

The FAQ is worth a read every now and then, you get a feel for what is intended in plain English.

https://www.gnu.org/licenses/gpl-faq.html

I believe the GP is referring to the LGPL requirement that users be able to replace LGPL components with modified versions.

Being able to replace subsystems of a signed application with arbitrary third party code adds complexity and is a security risk, but is a requirement of the LGPL.

I think modernity has complicated things. The proprietary vendor signing all the binary components to prevent tampering is different from the platform package manager and kernel requiring signed packages/pages. If you have the proprietary blob and a bunch of modified third party dynamically loaded components, you (or the platform) can re-generate your own signature over the modified composition to execute it in {context that requires signed code execution for security/integrity}. The LGPL is addressing the former. I don’t see a spirited problem with the latter.

I’m trying to work out if an app was distributed with a service that ran in a separate process, e.g via XPC service on Apple platforms, could LGPL libs be legally statically linked only to the service code, which would be open sourced. The service and main app would not be linked at compile time so LGPL wouldn’t apply to the main app, which could remain closed.

> I would have thought, e.g., that apps distributed only through stores to platforms that require apps to be signed could not contain LGPL components, since you would not be able to modify the LGPL components. (Maybe it would be OK if the software was available for download freely and side loading wasn't too difficult??? IDK.)

IIRC, That's a difference between LGPLv2 and LGPLv3 - LGPLv3 has the same anti-tivoization clauses that GPLv3 has - while LGPLv2 does not. So afaict, it's totally OK to distribute software in ways that does not allow the user to modify the library when that library is licensed LGPLv2.

VLC is licensed under LGPLv2.1, which is not subject to the tivoization clause.

Doesn't that mean the anti-tivoization clause makes LGPL3 software unusable on most mobile platforms since they're all fixated on signing libraries?

I don’t think so, at least on Android. If you replace a library in an app, you just sign it with your own keys.

> So afaict, it's totally OK to distribute software in ways that does not allow the user to modify the library when that library is licensed LGPLv2.

Legally that might be true, but that interpretation stands directly opposed to the intention of the license. In that light, it is unambiguously unethical to use that loophole.

Plenty of projects intentionally stay on older GPL licenses because they want that permissiveness.

Many, many people license under gpl2 only to avoid that tivoization clause. So unless there’s a clear indication on the library’s author wishes wrt tivoization, I don’t think it’s fair to make any ethical assumptions here.