lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <200706142246.57583.dhazelton@enter.net>
Date:	Thu, 14 Jun 2007 22:46:57 -0400
From:	Daniel Hazelton <dhazelton@...er.net>
To:	Michael Poole <mdpoole@...ilus.org>
Cc:	Alexandre Oliva <aoliva@...hat.com>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Lennart Sorensen <lsorense@...lub.uwaterloo.ca>,
	Greg KH <greg@...ah.com>,
	debian developer <debiandev@...il.com>,
	"david@...g.hm" <david@...g.hm>,
	Tarkan Erimer <tarkan@...one.net.tr>,
	linux-kernel@...r.kernel.org,
	Andrew Morton <akpm@...ux-foundation.org>, mingo@...e.hu
Subject: Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3

On Thursday 14 June 2007 22:13:13 Michael Poole wrote:
> Daniel Hazelton writes:
> > What rights did they give to "downstream" recipients of the "object code"
> > version? *EXACTLY* those they received from the GPLv2.
>
> Doing the e-mail equivalent of yelling about this will not change the

Sorry, I wasn't trying to "yell" - just provide a note that at that point I 
would be providing verbal stress.

> fact that people who think Tivo did something wrong -- legally and/or
> morally -- consider DRM locks on a piece of software to be part of the
> "work based on the Program" that is governed by the GPL.

All I've done is get a little annoyed that, despite evidence that it isn't 
legally wrong - at least under the laws I am most familiar with - people 
continue repeat that it is.

I can't argue that it isn't "morally" wrong. While it may not be against my 
morals, it could be against those of another person. It has never been my 
intent to try and convince people that their morals are wrong.

> The fundamental reason for this is that neither the executable code
> nor the digital signature serves the desired function alone.  The user
> received a copy of the executable for a particular purpose: to run the
> program on a particular platform.  With DRM signatures, only the
> combination of program and signature will perform that function, and
> separating the two based on strictly read legal definitions is risky.

I agree.

> The question of whether DRM signatures are covered by the license must
> be resolved before one can determine whether Tivo gave "*EXACTLY*" the
> same rights to object-code recipients as Tivo received.  GPLv2 is
> worded such that the answer to this does not depend on whether one is
> in file A and the other in file B, or whether one is on hard drive C
> and the other is in flash device D, as long as they are delivered as
> part of one unit; it *might* matter if, say, one is received on
> physical media and the other is downloaded on demand.

I have read the GPLv2 at least three times since it was pointed out that I had 
forgotten part of it. At no point can I find a point where Tivo broke the 
GPLv2 requirement that they give the recipients of the object code the same 
rights they received when they acquired a copy of the object or source code.

> (Linus likes to say that FSF counsel thinks that Tivo did not violate
> GPLv2.  I suspect the actual situation is that FSF counsel believes
> that there is no case law on point, and that it could go either way,
> making it improper to publicly claim that Tivo violated any copyright.
> Until a court rules on a close-enough case, the question of whether
> GPLv2 covers DRM signatures remains open.  In the mean time, it makes
> more sense for the FSF to issue a new license that squarely addresses
> this -- such as the GPLv3 -- and persuade as many developers as
> possible that using it is the best way to protect free software.)

In examining the GPLv2 and the situation from a strictly factual basis I can 
believe Linus' statement fully. The facts are as I stated them in a previous 
mail.

DRH

> Michael Poole



-- 
Dialup is like pissing through a pipette. Slow and excruciatingly painful.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ