lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <200706151715.55218.dhazelton@enter.net>
Date:	Fri, 15 Jun 2007 17:15:54 -0400
From:	Daniel Hazelton <dhazelton@...er.net>
To:	Alexandre Oliva <aoliva@...hat.com>
Cc:	"Jesper Juhl" <jesper.juhl@...il.com>,
	"Alan Cox" <alan@...rguk.ukuu.org.uk>,
	"Chris Friesen" <cfriesen@...tel.com>,
	"Ingo Molnar" <mingo@...e.hu>,
	"Linus Torvalds" <torvalds@...ux-foundation.org>,
	"Greg KH" <greg@...ah.com>,
	"debian developer" <debiandev@...il.com>, david@...g.hm,
	"Tarkan Erimer" <tarkan@...one.net.tr>,
	linux-kernel@...r.kernel.org,
	"Andrew Morton" <akpm@...ux-foundation.org>
Subject: Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3

On Friday 15 June 2007 15:37:04 Alexandre Oliva wrote:
> On Jun 15, 2007, Daniel Hazelton <dhazelton@...er.net> wrote:
> > On Friday 15 June 2007 02:59:31 Jesper Juhl wrote:
> >> it doesn't say anything about being able to run a compiled version
> >> of that source on any specific hardware.
> >
> > And you are correct. It is also clear, thanks to language directly
> > in the GPLv2 itself, that there is no "intent" of the license to
> > cover that situation.
>
> You're again confusing legal terms with the intent.  The legal terms
> provide an indication of the intent, but the preamble, along with the
> free software definition it alludes to, do an even better job at that.

And the preamble, not being part of the active portion of the license, has 
absolutely *ZERO* bearing. Just as it is not the *intent* of RMS, the FSF or 
*ANY* person (or legal entity) that had a hand in crafting the GPLv2 or GPLv3 
which is looked at when determining the "intent" of the license. It is the 
intent of the person and/or "legal entity" that has placed their work under 
said license.

What is so hard to understand about that ?

> That said, the letter of the GPL explicitly says that the act of
> running the program is not restricted, and that this is outside the
> scope of the license.  It's a copyright license, and per US law,
> running software is not regulated by copyright; this is not so
> elsewhere, and local interpretation indicates that the intent of the
> license is indeed to grant unlimited permission to run the program and
> modified versions thereof, based on the free software definition.

And that may be what courts in Brazil believe, independent of the fact that 
the license itself *intentionally* limits itself to "copying, distribution 
and modification". That legal decision, in fact, may not have been motivated 
by the actual belief that that was the intent of the license - it could (and, 
from looking at the situation and available facts, might actually have been) 
motivated by political reasons.

>
> But then, when someone says "I won't let you run modified versions of
> this software on this hardware I'm selling you", is this not a further
> restriction on the exercise of the rights granted in the license?

In Brazil, because the courts there have rendered a judgment that the license 
requires the unlimited running of the covered work. But that is *unfairly* 
applying a license on a piece of software to the hardware on which it runs. 
Based on your logic the hardware manufacturer would have to enable people to 
run code compiled for an entirely different processor. Not that it matters in 
the least.

> And, per the spirit, if the manufacturer can still install and run
> modified versions of the software on that hardware, is it not failing
> to comply with the spirit of passing on all the rights that you have?

Not in the least. They have the rights to "copy, modify and distribute" 
the "source code for a work". That is *EXACTLY* the set of rights they have 
to the code, and it is *EXACTLY* the set of rights they pass on. The GPL does 
not apply to any *BINARY* form of the work, except for the fact that you are 
required to provide the source code that was used to generate the binary.

The GPL *clearly* defines "source code" as:
"the preferred form of the work for making modifications to it"
It goes on to state:
"For an executable work, complete source code means all the source code for 
all modules it contains, plus any associated interface definition files, plus 
the scripts used to control compilation and installation of the executable."

(Note that, since the "signing" of the TiVO kernel is part of the installation 
they *should* be including the script that does the signing. However, since 
the SHA1 key that is part of the signing process is *not* a "script" (even in 
the loosest possible definition of the term) they do not have to provide it.)

DRH

-- 
Dialup is like pissing through a pipette. Slow and excruciatingly painful.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ