lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <or1wge9pwr.fsf@oliva.athome.lsd.ic.unicamp.br>
Date:	Thu, 14 Jun 2007 18:39:32 -0300
From:	Alexandre Oliva <aoliva@...hat.com>
To:	Florin Malita <fmalita@...il.com>
Cc:	Daniel Hazelton <dhazelton@...er.net>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Adrian Bunk <bunk@...sta.de>,
	Alan Cox <alan@...rguk.ukuu.org.uk>, Greg KH <greg@...ah.com>,
	debian developer <debiandev@...il.com>, david@...g.hm,
	Tarkan Erimer <tarkan@...one.net.tr>,
	linux-kernel@...r.kernel.org,
	Andrew Morton <akpm@...ux-foundation.org>, mingo@...e.hu
Subject: Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3

On Jun 14, 2007, Florin Malita <fmalita@...il.com> wrote:

> On 06/14/2007 02:27 PM, Alexandre Oliva wrote:
>>> No, by this twisted logic Tivo *cannot* modify that particular copy
>>> any more than you can. They can modify *another* copy (just like you)
>>> and they can *replace* the copy in your device with the new version
>>> (unlike you).

>> Again, replacing is one form of modification.

> No, it's not: replacing does not create derivative
> work. Modification does.

Thanks.  Good point.  This convinces me that this doesn't work as a
legal argument under copyright.

I still stand by my understanding that this restriction violates the
spirit of the license.

And since the specific implementation involves creating a derived work
of the GPLed kernel (the signature, or the signed image, or what have
you) and refraining from providing the corresponding sources to that
derived work (the key and the signature "build scripts"), I still
think this specific case is a violation of the letter of the GPLv2,
even if the FSF doesn't take this position.

> It seems pretty obvious that the only right Tivo is withholding is the
> right to install new versions on the device

Actually, no.  They withhold the right to run versions that they don't
authorize themselves.

Back when GPLv2 was written, the right to run was never considered an
issue.  It was taken for granted, because copyright didn't control
that in the US (it does in Brazil), and nobody had thought of
technical measures to stop people from running modified copies of
software.  At least nobody involved in GPLv2, AFAIK.

The landscape has changed, and GPLv3 is meant to defend this freedom
that was taken for granted.

> they never do (and really never could) "modify" the physical copy on
> your device (which is your main argument).

Qualifying it as the main argument is a bit of an exaggeration.  I
have a number of different arguments.  The one about incomplete
sources is the most solid IMHO.

>> What do you think you do when you save a modified source file in your
>> editor?

> Don't skip the part where the in-memory version started as an exact
> copy of the original being replaced. Notice the difference? ;)

Sorry, I really don't follow.  Both versions of the kernel binary also
started from a common source ancestor.  Were you trying to make a
distinction on these grounds?

-- 
Alexandre Oliva         http://www.lsd.ic.unicamp.br/~oliva/
FSF Latin America Board Member         http://www.fsfla.org/
Red Hat Compiler Engineer   aoliva@...dhat.com, gcc.gnu.org}
Free Software Evangelist  oliva@...d.ic.unicamp.br, gnu.org}
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ