lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20070615023944.GC3760@nostromo.devel.redhat.com>
Date:	Thu, 14 Jun 2007 22:39:44 -0400
From:	Bill Nottingham <notting@...hat.com>
To:	Alexandre Oliva <aoliva@...hat.com>
Cc:	Florin Malita <fmalita@...il.com>,
	Daniel Hazelton <dhazelton@...er.net>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Adrian Bunk <bunk@...sta.de>,
	Alan Cox <alan@...rguk.ukuu.org.uk>, Greg KH <greg@...ah.com>,
	debian developer <debiandev@...il.com>, david@...g.hm,
	Tarkan Erimer <tarkan@...one.net.tr>,
	linux-kernel@...r.kernel.org,
	Andrew Morton <akpm@...ux-foundation.org>, mingo@...e.hu
Subject: Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3

Alexandre Oliva (aoliva@...hat.com) said: 
> > Wait, a signed filesystem image that happens to contain GPL code
> > is now a derived work? Under what sort of interpretation does *that*
> > occur?
> 
> Is the signature not derived from the bits in the GPLed component, as
> much as it is derived from the key?
> 
> Isn't the signature is a functional portion of the image, i.e., if I
> take it out from the system, it won't work any more?
> 
> > (This pretty much throws the 'aggregation' premise in GPLv2 completely
> > out.)
> 
> Not really.  It could take some explicit distinguishing between
> functional and non-functional signatures, but that's about it.

OK. Let's take this to the simple and logical conclusion. A signed
filesystem image containing both GPL and non-GPL code. From your
point A, this is a derived work. 

Let's read the license...

2. b) You must cause any work that ... is derived from the Program or any
   part thereof, to be licensed as a whole at no charge to all third
   parties under the terms of this License.

...
 But when you
 distribute the same sections as part of a whole which is a work based
 on the Program, the distribution of the whole must be on the terms of
 this License, whose permissions for other licensees extend to the
 entire whole, and thus to each and every part regardless of who wrote it.
 
and yet later:

In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.

Pick one. They can't both be valid.

Moreover, this interpretation means that Red Hat (and pretty much
any other Linux distributor) should close up shop, as that's what
we've been doing for years.

Bill
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ