lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 17 Sep 2007 14:55:54 +0200
From:	Claudio Jeker <cjeker@...hard.n-r-g.com>
To:	Theodore Tso <tytso@....edu>, Adrian Bunk <bunk@...nel.org>,
	"Can E. Acar" <can.acar@...-g.com.tr>, misc@...nbsd.org,
	linux-kernel@...r.kernel.org,
	Daniel Hazelton <dhazelton@...er.net>,
	Eben Moglen <moglen@...twarefreedom.org>,
	Lawrence Lessig <lessig_from_web@...ox.com>,
	"Bradley M. Kuhn" <bkuhn@...twarefreedom.org>,
	Matt Norwood <norwood@...twarefreedom.org>
Subject: Re: Wasting our Freedom

On Sun, Sep 16, 2007 at 05:12:08PM -0400, Theodore Tso wrote:
> On Sun, Sep 16, 2007 at 10:39:26PM +0200, Hannah Schroeter wrote:
> > >The most questionable legal advice in this thread was by Theo de Raadt 
> > >who claimed choosing one licence for _dual-licenced_ code was illegal...
> > 
> > JFTR, I do *not* think that that assessment was questionable. Unless the
> > dual-licensing *explicitly* allows relicensing, relicensing is forbidden
> > by copyright law. The dual-licensing allows relicensing only if that's
> > *explicitly* stated, either in the statement offering the alternative, or
> > in one of the licenses.
> > 
> > Neither GPL nor BSD/ISC allow relicensing in their well-known wordings.
> > 
> > If you think that's questionable, you should at least provide arguments
> > (and be ready to have your interpretation of the law and the licenses
> > tested before court).
> 
> Hannah,
> 
> What is going on whenever someone changes a code is that they make a
> "derivative work".  Whether or not you can even make a derivative
> work, and under what terms the derivitive work can be licensed, is
> strictly up to the license of the original.  For example, the BSD
> license says:
> 
>   Redistribution and use in source and binary forms, with or without
>   modification, are permitted provided that the following conditions
>   are met....
> 
> Note the "with or without modification".  This is what allows people
> to change BSD licensed code and redistribute said changes.  The
> conditions specified by the BSD license do not mention anything about
> licening terms --- just that if you meet these three conditions, you
> are allowed to redistribute them.  So for example, this is what allows
> Network Appliances to take BSD code, change it, and add a restrictive,
> proprietary copyright.
> 
> So for code which is single-licensed under a BSD license, someone can
> create a new derived work, and redistribute it under a more
> restrictive license --- either one as restrictive as NetApp's (where
> no one is allowed to get binary unless they are a NetApp customer, or
> source only after signing an NDA), or a GPL license.  It is not a
> relicencing, per se, since the original version of the file is still
> available under the original copyright; it is only the derived work
> which is under the more restrictive copyright.   
> 

Wohoho! Slow here please. NDA have nothing to do with licenses and
especially with copyright. NetApp even though their stuff is under their
copyright and license does hopefully not modify the copyrights of imported
BSD/ISC code. That would be against the law and I hope their leagal
departement is smart enough to not do this mistake especially because the
BSD license those not hinder them in any way.

Now comes the funny part, as the BSD code in NetApp is available
from public sources -- for example from OpenBSD -- it is actually not
covered by the NDA. NDAs can only cover information that is not
publicly available -- you can only forbit disclosure of information that
is secret in the first place.

Finally most companies know they benefit from open source and give often
the code changes most likely bugfixes to this imported code back.
Unlike most GPL people we're happy with that especially we do not require
them to release any of their own code. Sure their WAFL file system is cool
but even in my wildest dreams I would not require them to publish their
code just because the used some of my code.
-- 
:wq Claudio
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ