lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <45D5E321.3080805@sbcglobal.net>
Date:	Fri, 16 Feb 2007 11:00:17 -0600
From:	Matthew Frost <artusemrys@...global.net>
To:	v j <vj.linux@...il.com>
CC:	Scott Preece <sepreece@...il.com>, linux-kernel@...r.kernel.org
Subject: Re: GPL vs non-GPL device drivers

v j wrote:
> On 2/15/07, Scott Preece <sepreece@...il.com> wrote:
>> On 2/15/07, v j <vj.linux@...il.com> wrote:
>>> So far I have heard nothing but, "if you don't contribute, screw you."
>>> All this is fine. Just say so. Make it black and white. Make it
>>> perfectly clear what is and isn't legal. If we can't load proprietary
>>> modules, then so be it. It will help everybody if this is out in the
>>> clear, instead of resorting to stupid half measures like
>>> EXPORT_SYMBOL_GPL.
>> ---

You are asking developers to make a statement which is not theirs to make.
"Legal" is a jurisdictional variable.  Its meaning is interpreted by the law
codes of whatever jurisdiction you or your company operate within.  You may be
subject to the interpretations of alternate jurisdictions by the scope of your
actions and their effects, personally or corporately.  A general statement of
"legal" with respect to this issue has been described to you, but is ultimately
a result of several factors, the principal of which are the binding legal
instrument governing permissible behavior with respect to the code in Linux and
the legal environment within which your actions under that instrument can be judged.

I want you to consider that Linux is a licensed software product subject to
copyright constraints.  That provides two legal conditions for use of Linux.
The privilege of using Linux for your particular purpose comes at the cost of
respecting the rights of the copyright holders in the work, based upon the
licensing conditions established for that work.  In this respect, it is no
different than any other software package that your company evaluated.

In your evaluation of the respective benefits and costs to the selection of a
given software package for your embedded environment, you should already have
consulted counsel about the legal ramifications of licensing restrictions for
the available options.  They should have informed you that the GPL, as a legal
instrument, binds your scope of action.

You state in your initial comment that you "chose Linux ... because of its lack
of royalty model, robustness and availability of infinite number of open-source
tools."  From your limited description, it sounds as though you believed that
the benefits for use of Linux as a distributable operating system for your
embedded platform were not balanced by costs beyond in-house development.  Linux
is, indeed, free with respect to any monetary royalty.  This does not mean that
there are not costs associated with its use; it merely means that the monetary
outlay for use is far smaller than that required by many of its competitors.  In
general terms, that monetary outlay can be spent in-house, rather than lost to
an outside company.  However, that limited view of costs fails to take into
account the very real demands placed by the license constraints.

You are required, as with any copyrighted and licensed software product, to
comply with the terms of the license and their ramifications in the legal
environment.  These ramifications do change as the environment in which your
company does business changes.  This is why most companies retain counsel.  If
your legal advisers are of the considered opinion that your actions with respect
to the license constraints governing Linux are legally defensible, you have your
answer.

> Which statement are you talking about? First of all it is not clear to
> me if proprietary modules need to be GPL or not. If they do, I guess I
> have nothing to say. If that is the way developers want it, so be it.
> 
> Assuming these need not be GPL, I have a problem with
> EXPORT_SYMBOL_GPL and the general trend in the direction of making
> proprietary drivers harder on companies. Our drivers use basic
> interfaces in the kernel like open, read, write, ioctl, semaphores,
> interrupts, timers etc. This is functionality we would expect from any
> operating system. We used devfs before and had no problems there. Greg
> KH has gone and made the basic sysfs interface, which any generic
> driver could use as EXPORT_SYMBOL_GPL. I don't really care, I just
> don't use sysfs. The point is that old functionality is being ripped
> off and new ones introduced, and their interfaces are not open
> anymore. Hence there will be a point where non-GPLed drivers simply
> cannot be loaded.
> 
> So why beat about the bush? Just make it illegal to load proprietary
> drivers, or remove EXPORT_SYMBOL_GPL.

The kernel developers, collectively the holders of the copyrights in the work
under consideration, continue to perform actions deemed necessary or useful to
prevent circumvention of those licensing constraints.  In this way, they defend
their work, and their rights in that work, from violation by third parties with
agendas incompatible with the principles represented in the chosen license.

Under most legal definitions, violation of license constraints with respect to a
copyrighted work at the very least compels one to refrain from using said work.
 The continued implication that Linux would be injured because you refrain from
violating its license by ceasing to use and distribute Linux in a manner which
is out of compliance with its license is risible.

By all means, consult a lawyer and use Linux in compliance with the license and
your particular relevant legal framework.  But don't ask kernel developers
what's "legal".  They have already told you that in the license.  Perform your
due diligence.

> 
> vj.
> -

Matt Frost
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ