| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 26 Jun 2007 00:10:13 -0400 From: Jan Harkes <jaharkes@...cmu.edu> To: Alexandre Oliva <oliva@....ic.unicamp.br> Cc: linux-kernel@...r.kernel.org Subject: Re: how about mutual compatibility between Linux's GPLv2 and GPLv3? On Mon, Jun 25, 2007 at 04:54:52PM -0300, Alexandre Oliva wrote: > Consider this scenario: vendor tivoizes Linux in the device, and > includes the corresponding sources only in a partition that is > theoretically accessible using the shipped kernel, but that nothing in > the software available in the machine will let you get to. Further, > sources (like everything else on disk) are encrypted, and you can only Interesting scenario, it seems to comply with GPLv2 on the surface. If that kernel doesn't actually allow access and wipes the source partition to use it as swap on first boot, then no machine is actually capable of reading the source. So it isn't really machine readable. Another gripe is that encrypted media are not customarily used for software interchange. So that's 2 (minor) strikes where this method of distribution doesn't seem to match the language of section 3a. You also cannot interpret the encrypted partition as source code because a bit further down in section 3, it defines source code as, "The source code for a work means the preferred form of the work for making modifications to it." So now we get to section 6. The recipient receives a license to copy, distribute or modify. You may not impose further restrictions on these rights granted herein. You could argue that they do not restrict copying, distribution and modification of the sources in general, only of the specific copy they distribute. However here we go back to section 2 which states that their modified copy is a derived work which must be licensed under the GPLv2, so that would make it specific enough that recipients have in fact been granted the right to copy, distribute and modify the copy of the source of that corresponds to the distributed binaries, which is restricted because of the encryption which prevents the user to copy, distribute or modify the source code. > Does anyone think this is permitted by the letter of GPLv2? No. > How are the sources passed on in this way going to benefit the user or > the community? Not a really interesting question if the method of distribution violates the letter of the GPLv2, is it? They get sued for copyright infringement because they are not in compliance with section 3 and the sources are released as a result. Jan - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists