lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ortztbgi03.fsf@oliva.athome.lsd.ic.unicamp.br>
Date:	Thu, 14 Jun 2007 03:36:12 -0300
From:	Alexandre Oliva <aoliva@...hat.com>
To:	Linus Torvalds <torvalds@...ux-foundation.org>
Cc:	Adrian Bunk <bunk@...sta.de>,
	Daniel Hazelton <dhazelton@...er.net>,
	Alan Cox <alan@...rguk.ukuu.org.uk>, Greg KH <greg@...ah.com>,
	debian developer <debiandev@...il.com>, david@...g.hm,
	Tarkan Erimer <tarkan@...one.net.tr>,
	linux-kernel@...r.kernel.org,
	Andrew Morton <akpm@...ux-foundation.org>, mingo@...e.hu
Subject: Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3

On Jun 14, 2007, Linus Torvalds <torvalds@...ux-foundation.org> wrote:

> On Thu, 14 Jun 2007, Adrian Bunk wrote:
>> 
>> "For an executable work, complete source code means all the source code 
>> for all modules it contains, plus any associated interface definition 
>> files, plus the scripts used to control compilation and installation of 
>> the executable."
>> 
>> The question is whether this includes private keys.

> No. That's the question as the FSF would like to frame it.

No.  The FSF actually does *not* want to take this position.  That's
why it chose the formulation of Installation Instructions.  It doesn't
share my view that the keys needed to sign a binary in order for it to
work are part of the source code.

> And you could actually replace their copy of Linux with another one. It 
> would have to have the same SHA1 to actually start _running_, but that's 
> the hardware's choice. 

That's the hardware imposing a restriction on modification of the
software.  It doesn't matter how elaborate the excuse is to justify
denying users' freedoms: it's against the spirit of the GPL, and the
GPL will be amended as needed to plug such holes.

> So take another example: I obviously distribute code that is copyrighted 
> by others under the GPLv2. Do I follow the GPLv2? I sure as hell do! But 
> do I give you the same rights as I have to modify the copy on 
> master.kernel.org as I have? I sure as hell DO NOT!

That's an interesting argument.

People don't get your copy, so they're not entitled to anything about
it.

When they download the software, they get another copy, and they have
a right to modify that copy.

> And here's a big clue for people: anybody who thinks that I'm violating 
> the GPLv2 by not giving out my private SSH key to master.kernel.org is a 
> f*cking moron!

Agreed, except I'd probably use a lighter term.

> See any parallels here? Any parallel to a CD-ROM distribution, or a Tivo 
> distribution?

Yes.  You see how TiVO is different?  It is modifyable, and I actually
receive the copy that TiVO can still modify, but I can't.

> The rights that the GPLv2 gives to "the software", is to something
> much bigger than "the particular copy of the software".

Indeed, it's something bigger.  But this doesn't exclude the smaller
things, does it?

> Can people really not see the difference between "the software" and "a 
> particular encoded copy of the software"? 

There is a difference.  But the GPL doesn't limit itself to the
former.  It explicitly talks about "copies".

-- 
Alexandre Oliva         http://www.lsd.ic.unicamp.br/~oliva/
FSF Latin America Board Member         http://www.fsfla.org/
Red Hat Compiler Engineer   aoliva@...dhat.com, gcc.gnu.org}
Free Software Evangelist  oliva@...d.ic.unicamp.br, gnu.org}
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ