lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.63.0702151701510.10070@qynat.qvtvafvgr.pbz>
Date:	Thu, 15 Feb 2007 17:14:33 -0800 (PST)
From:	David Lang <david.lang@...italinsight.com>
To:	Scott Preece <sepreece@...il.com>
cc:	Miguel Ojeda <maxextreme@...il.com>, v j <vj.linux@...il.com>,
	linux-kernel@...r.kernel.org
Subject: Re: GPL vs non-GPL device drivers

On Thu, 15 Feb 2007, Scott Preece wrote:

> On 2/15/07, Miguel Ojeda <maxextreme@...il.com> wrote:
>
>> Stupid, maybe. But some people just don't want closed-source
>> projects/companies like yours using their free work, without any kind
>> of feedback. Some others don't care, but they could in the future, as
>> it is their code, and that is your risk.
>> 
> ---
>
> So, how are such companies any different from the myriad individuals
> and companies that use Linux on the desktop or in their server rooms
> without ever modifying it and who also contribute nothing back to the
> community? They are also, in many (most?) cases taking advantage of
> the free (as in beer) nature of Linux - saving money by using the work
> of others without returning anything, but the product builders seem to
> get a lot more abuse...

if they don't modify it and don't distribute it there is not issue.

it's people who modify it (by creating a derived work) and then redistribute it 
that get the abuse.

now if your kernel module is _not_ a derived work (and such things can exist, 
much as some people don't want to admit it) then you don't have a problem 
either.

but the definition of what is a derived work is not cut-and-dry, and that is 
where you have to get lawyers involved if you care.

I am _not_ a lawyer, but there are two basic approaches you can take

1. The easy way out is to release the module source under a GPL compatable 
license.

2. If you don't want to do this you need to involve the lawyers to tell you if 
they think that your development work is derived or not, and even if you decide 
that it isn't you may have to prove that it's not in court, potentially in 
multiple juristrictions (in the relativly unlikly event that you offend enough 
different kernel developers that they take the time to sue you individually).

I believe that it's extremely unusual for a lawyer to give a cut-and-dry answer 
to a liability question, so from a liability point of view it seems clear cut.

what your company needs to decide is if they consider the risk to their "IP" to 
be outweight the costs of #2, including the risk that the lawyer is wrong and a 
cour may order you to stop distributing the product unless you comply with the 
GPL.

David Lang
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ