| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 17 Jun 2007 02:38:43 -0300 From: Alexandre Oliva <aoliva@...hat.com> To: Daniel Hazelton <dhazelton@...er.net> Cc: Bron Gondwana <brong@...tmail.fm>, Ingo Molnar <mingo@...e.hu>, Alan Cox <alan@...rguk.ukuu.org.uk>, Linus Torvalds <torvalds@...ux-foundation.org>, Greg KH <greg@...ah.com>, debian developer <debiandev@...il.com>, david@...g.hm, Tarkan Erimer <tarkan@...one.net.tr>, linux-kernel@...r.kernel.org, Andrew Morton <akpm@...ux-foundation.org> Subject: Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3 On Jun 17, 2007, Daniel Hazelton <dhazelton@...er.net> wrote: > On Sunday 17 June 2007 00:19:49 Alexandre Oliva wrote: >> On Jun 17, 2007, Daniel Hazelton <dhazelton@...er.net> wrote: >> > On Saturday 16 June 2007 21:54:56 Alexandre Oliva wrote: >> >> There may be laws that require certification or limitations on the >> >> user. Manufacturer giving up the ability to make modifications would >> >> address this, or *perhaps* arranging for user and manufacturer to each >> >> hold half of the key needed to run a modification (which might comply >> >> with the GPLv3dd4 terms, IANAL). >> > >> > It doesn't. The GPLv3 (dd4) makes that very clear. See the quote below. >> >> You left out the relevant bit: >> >> this requirement does not apply if neither you nor any third party >> retains the ability to install modified object code on the User >> Product (for example, the work has been installed in ROM). > Ah, but giving the user half the key doesn't mean they still don't have access > to the entire key. QED: Giving people half the key won't cut it under the > GPLv3 (dd4) I meant really giving, rather than giving a copy, or giving the original and keeping a copy. You could make it require a pair of signatures, one from the vendor, that the vendor keeps, one from the user, that the vendor never sees, too. Like some bank PINs, it gets generated, used to generate some hash (the signature for the initial installation), printed in an envelope for you and stored in the package along with the machine. Or something like that. -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer aoliva@...dhat.com, gcc.gnu.org} Free Software Evangelist oliva@...d.ic.unicamp.br, gnu.org} - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists