| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 15 Feb 2007 17:14:33 -0800 (PST) From: David Lang <david.lang@...italinsight.com> To: Scott Preece <sepreece@...il.com> cc: Miguel Ojeda <maxextreme@...il.com>, v j <vj.linux@...il.com>, linux-kernel@...r.kernel.org Subject: Re: GPL vs non-GPL device drivers On Thu, 15 Feb 2007, Scott Preece wrote: > On 2/15/07, Miguel Ojeda <maxextreme@...il.com> wrote: > >> Stupid, maybe. But some people just don't want closed-source >> projects/companies like yours using their free work, without any kind >> of feedback. Some others don't care, but they could in the future, as >> it is their code, and that is your risk. >> > --- > > So, how are such companies any different from the myriad individuals > and companies that use Linux on the desktop or in their server rooms > without ever modifying it and who also contribute nothing back to the > community? They are also, in many (most?) cases taking advantage of > the free (as in beer) nature of Linux - saving money by using the work > of others without returning anything, but the product builders seem to > get a lot more abuse... if they don't modify it and don't distribute it there is not issue. it's people who modify it (by creating a derived work) and then redistribute it that get the abuse. now if your kernel module is _not_ a derived work (and such things can exist, much as some people don't want to admit it) then you don't have a problem either. but the definition of what is a derived work is not cut-and-dry, and that is where you have to get lawyers involved if you care. I am _not_ a lawyer, but there are two basic approaches you can take 1. The easy way out is to release the module source under a GPL compatable license. 2. If you don't want to do this you need to involve the lawyers to tell you if they think that your development work is derived or not, and even if you decide that it isn't you may have to prove that it's not in court, potentially in multiple juristrictions (in the relativly unlikly event that you offend enough different kernel developers that they take the time to sue you individually). I believe that it's extremely unusual for a lawyer to give a cut-and-dry answer to a liability question, so from a liability point of view it seems clear cut. what your company needs to decide is if they consider the risk to their "IP" to be outweight the costs of #2, including the risk that the lawyer is wrong and a cour may order you to stop distributing the product unless you comply with the GPL. David Lang - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists