lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <200706151425.41975.rgetz@blackfin.uclinux.org>
Date:	Fri, 15 Jun 2007 14:25:41 -0400
From:	Robin Getz <rgetz@...ckfin.uclinux.org>
To:	"Alexandre Oliva" <aoliva@...hat.com>
Cc:	"Daniel Hazelton" <dhazelton@...er.net>,
	"Linus Torvalds" <torvalds@...ux-foundation.org>,
	"Alan Cox" <alan@...rguk.ukuu.org.uk>, "Greg KH" <greg@...ah.com>,
	"debian developer" <debiandev@...il.com>, david@...g.hm,
	"Tarkan Erimer" <tarkan@...one.net.tr>,
	linux-kernel@...r.kernel.org,
	"Andrew Morton" <akpm@...ux-foundation.org>, mingo@...e.hu
Subject: Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3

On Thu 14 Jun 2007 13:46, Alexandre Oliva pondered:
> On Jun 14, 2007, Robin Getz <rgetz@...ckfin.uclinux.org> wrote:
> > As a person pretty familiar with the hardware in these types of
> > devices - this just isn't practical.
> 
> Well, then, ok: do all that loader and hardware signature-checking
> dancing, sign the image, store it in the machine, and throw the
> signing key away.  This should be good for the highly-regulated areas
> you're talking about.  And then, since you can no longer modify the
> program, you don't have to let the user do that any more.  Problem
> solved.

I don't think so - the GPL3 doesn't state that you must convey the same rights 
to end users that you have, it says you must provide installation 
information, including your keys, or you can not ship the product.

That is the way I read the following sections (let me know if I mis-read 
anything):

======================
"Installation Information" for a User Product means any methods, procedures, 
authorization keys, or other information required to install and execute 
modified versions of a covered work in that User Product from a modified 
version of its Corresponding Source. 

The information must suffice to ensure that the continued functioning of the 
modified object code is in no case prevented or interfered with solely 
because modification has been made.

If conditions are imposed on you (whether by court order, agreement or 
otherwise) that contradict the conditions of this License, they do not excuse 
you from the conditions of this License. 

If you cannot convey the Program, or other covered work, so as to satisfy 
simultaneously your obligations under this License and any other pertinent 
obligations, then as a consequence you may not convey it at all.

===================

I read "are imposed on you (or otherwise)" to mean "by you" as well. If so, 
you throwing away the private keys are not an option.

I need to think a bit more of Rob's opinion of ROM's are illegal - but 
providing the installation information of "send $1M NRE and object code to 
xxx ROM vendor, and wait 16 weeks for 500k units, take one to a board shop, 
pay $1k for them to re-work your BGA - if the xray says it is screwed up, you 
have 499,999 other units to try." - may meet the language, but doesn't meet 
the spirit of the GPL either...

-Robin
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ