lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1159408420.11049.403.camel@localhost.localdomain>
Date:	Thu, 28 Sep 2006 02:53:40 +0100
From:	Alan Cox <alan@...rguk.ukuu.org.uk>
To:	Linus Torvalds <torvalds@...l.org>
Cc:	Chase Venters <chase.venters@...entec.com>,
	Theodore Tso <tytso@....edu>,
	Jan Engelhardt <jengelh@...ux01.gwdg.de>,
	Sergey Panov <sipan@...an.org>,
	James Bottomley <James.Bottomley@...elEye.com>,
	linux-kernel <linux-kernel@...r.kernel.org>
Subject: Re: GPLv3 Position Statement

Ar Mer, 2006-09-27 am 17:18 -0700, ysgrifennodd Linus Torvalds:
>      _not_ been unknown to the people involved. Trust me, the FSF knew 
>      very well that the kernel standpoint on the GPLv2 was that Tivo was

s/kernel/Linus and some other copyright holders/

I reserve the right some day to attempt to sue the ass of people who
tivo-ise my code. Hey I might lose but I reserve the right to.

That said the FSF DRM clause is problematic, the GPLv2 leaves things in
a slightly woolly situation with regards to keys in terms of whether
they are part of the scripts etc (for the benefit of anyone's corporate
lawyers: I think they usually are and I've said so in public). That
vagueness is actually a good thing because it lets the legal system
interpret the intent of the license and the situation at hand. Lawyers
generally don't like vaguenesses of course and the GPLv3 draft tries to
be non-vague. It's also flawed as a result precisely because it has to
cover every imaginable case in one paragraph.

There are lots of problems with the current v3 draft

1.	"anything users can regenerate automatically" is horribly vague.
Automatically *how* - with a $25,000 proprietary tool for example ....

2.	Section 3 is US specific and doesn't really work. In some parts of
the world breaking a technological protection seems to be a criminal
matter and you can't waive the criminal law.

3.	Additional terms is a license explosion and the interactions between
them will get ugly.

4.	The geographical clause still has the same bug as GPLv2. Who is the
"original author" and what happens when I write a new OS and import 90%
of Linux into it - am I the original author now ?


Some of this is quite fixable - the "regenerate automatically" for
example and the glitches in the patent clauses are just a matter of a
little more lawyering, others like the DRM clauses don't work and also
don't really address rented equipment for example.

Personally I'm still hopeful the final GPLv3 will fix at least the
majority of problems. I'm not sure it ultimately matters for the kernel
whether it does or not, but for the general case of free software it is
clearly important to get it right.

Alan

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ