lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ork5u2h0pp.fsf@oliva.athome.lsd.ic.unicamp.br>
Date:	Sun, 17 Jun 2007 15:53:22 -0300
From:	Alexandre Oliva <aoliva@...hat.com>
To:	Ingo Molnar <mingo@...e.hu>
Cc:	Rob Landley <rob@...dley.net>, Alan Cox <alan@...rguk.ukuu.org.uk>,
	Daniel Hazelton <dhazelton@...er.net>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Greg KH <greg@...ah.com>,
	debian developer <debiandev@...il.com>, david@...g.hm,
	Tarkan Erimer <tarkan@...one.net.tr>,
	linux-kernel@...r.kernel.org,
	Andrew Morton <akpm@...ux-foundation.org>
Subject: Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3

On Jun 17, 2007, Jan Harkes <jaharkes@...cmu.edu> wrote:

> On Sun, Jun 17, 2007 at 05:17:57AM -0300, Alexandre Oliva wrote:
>> Just make the tivoization machinery require two keys: one that the
>> vendor keeps, one that the vendor gives to the user (maybe without
>> ever knowing it).  Neither one can install modifications alone, but
>> the user can approve modifications by the vendor, and the vendor can
>> approve modifications by the user.  This is still not ideal, but it at
>> least doesn't permit the vendor to remove features from under the
>> user.

> So what features has Tivo removed (or threatened to remove) from the GPL
> licensed parts?

Why does it matter?  The point is that a tivoizer *could* do that.

> So Google is using Linux right. What if they remove some feature?

Are you claiming Google is tivoizing something in their internal
infrastructure?  They're not distributing or conveying that software,
so, nothing wrong with that.

Or are you talking about their search appliance, which I know nearly
nothing about?

> So if Tivo would allow you to boot your own kernel, but keeps the
> harddisk encrypted if the booted kernel does not have the right
> signature?

  The information must suffice to ensure that the continued
  functioning of the modified object code is in no case prevented or
  interfered with solely because modification has been made.

> And how is that any different from taking an off-the-shelf PC and
> booting your own kernel with Tivo's modifications?

TiVo did not sell me that off-the-shelf PC with the Free Software in
it.  It (hypothetically) sold me a computer with technical measures
meant to restrict my ability to adapt the software it shipped to my
own needs and to run it for any purpose, while it can still do that.
That's a difference.

>>   this requirement does not apply if neither you nor any third
>>   party retains the ability to install modified object code on the
>>   User Product

> So they keep the system locked down, but include perl/python/emacs and
> distribute updates in the form of scripts/source code which are either
> interpreted or compiled to a ramfs filesystem at boot. Time to add
> another exception?

Intent behind this?: weasel out of the obligations of the license.
Anyone, probably even a US court, might very well see it that way.

They retain the ability to modify the software, so they ought to pass
it on to the user.

-- 
Alexandre Oliva         http://www.lsd.ic.unicamp.br/~oliva/
FSF Latin America Board Member         http://www.fsfla.org/
Red Hat Compiler Engineer   aoliva@...dhat.com, gcc.gnu.org}
Free Software Evangelist  oliva@...d.ic.unicamp.br, gnu.org}
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ