| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 15 Jun 2007 10:02:52 +0200 From: Ingo Molnar <mingo@...e.hu> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: Michael Poole <mdpoole@...ilus.org>, Daniel Hazelton <dhazelton@...er.net>, Alexandre Oliva <aoliva@...hat.com>, Lennart Sorensen <lsorense@...lub.uwaterloo.ca>, Greg KH <greg@...ah.com>, debian developer <debiandev@...il.com>, "david@...g.hm" <david@...g.hm>, Tarkan Erimer <tarkan@...one.net.tr>, linux-kernel@...r.kernel.org, Andrew Morton <akpm@...ux-foundation.org> Subject: Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3 * Linus Torvalds <torvalds@...ux-foundation.org> wrote: > On Thu, 14 Jun 2007, Michael Poole wrote: > > > > If the DRM signature and program executable are coupled such that > > they are not useful when separated, the implication to me is that > > they form one work that is based on the original Program. This is > > beyond the GPL's permission for "mere aggregation". > > So you want to make things like a 160-bit SHA1 hash of a binary be a > "derived work" of that software? > > Trust me, you *really* don't want to go there. It's an insane legal > standpoint, and if you were right, we'd be in a *world* of trouble. > > Think about something as simple as security software that creates > filesystem checksums for verifying the integrity of the filesystem, > and protects against tampering. > > Do you *really* want to claim that the SHA1 checksum of your "oracle" > binary is owned by Oracle, and you need to have a special license to > copy that checksum around and verify it? not only that, but it would instantly turn everyone who owns a hard drive or a CD-ROM into a copyright violator: the disks checksums the content of the disk _in a reversible way_. Same for RAID5 and RAID6 techniques. By installing Quake3 on a Windows box one sure does not have permission to create a derived work of Windows and Quake3, right? =B-) a checksum, a one-way hash, or even reversible parity bit(s) that 'mixes' the copies of multiple works together clearly cannot be new work that falls under copyright protection. Firstly, it is not a new work, because a 'work' has to be created by a human - and here the new content was created by a machine. Copyright protection only applies to sufficiently original works created by humans. Secondly, it is _at most_ a new, partial copy of existing works and hence you need the permission to copy all the works in question. (but you needed that permission to create the harddisk anyway) Thirdly, it could be argued that the sha1 is not even a copy, because it is irreversible and hence not even a single bit of the original work can be reconstructed from it hence it cannot even be a 'partial copy of the original'. that's at least 3 robust levels of argument against the insane and absurd notion that the SHA1 key is somehow a derived work of the copy it checksums. Ingo - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists