lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <orsl8paxl0.fsf@oliva.athome.lsd.ic.unicamp.br>
Date:	Mon, 18 Jun 2007 16:09:47 -0300
From:	Alexandre Oliva <aoliva@...hat.com>
To:	Daniel Hazelton <dhazelton@...er.net>
Cc:	Alan Cox <alan@...rguk.ukuu.org.uk>, Ingo Molnar <mingo@...e.hu>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Greg KH <greg@...ah.com>,
	debian developer <debiandev@...il.com>, david@...g.hm,
	Tarkan Erimer <tarkan@...one.net.tr>,
	linux-kernel@...r.kernel.org,
	Andrew Morton <akpm@...ux-foundation.org>,
	Chris Friesen <cfriesen@...tel.com>,
	Bernd Schmidt <bernds_cb1@...nline.de>,
	Robin Getz <rgetz@...ckfin.uclinux.org>,
	Rob Landley <rob@...dley.net>,
	Bron Gondwana <brong@...tmail.fm>,
	Al Viro <viro@....linux.org.uk>
Subject: Re: mea culpa on the meaning of Tivoization

On Jun 17, 2007, Daniel Hazelton <dhazelton@...er.net> wrote:

> On Sunday 17 June 2007 19:11:13 Alexandre Oliva wrote:

>> Let me start with an example: I bought a wireless router some time
>> ago, and it had a GNU+Linux distribution installed in it.  No source
>> code or written offer for source code, though.

> Just want to point out that, when I read this, my reaction was
> "But... That is a direct violation of the GPLv2. No specific reading
> of the license needed."

Yes.  Anyone feels like enforcing the GPLv2 in Brazil?  I can even
recommend lawyers that speak English reasonably well and are somewhat
familiar with the GPL, and I've already tracked the distribution chain
back to the initial infringer.  Harald is aware of the issue, but
AFAIK he's decided not to pursue that yet.

>> Now, if I called the vendor next day and asked for the source code,
>> and they responded "sorry, I can't give you that.  I threw it all
>> away, such that I wouldn't be able to give it to you.", they would
>> still be disrespecting my freedoms, as well as the license, right?

> Yes, they would. They are distributing a modification

There's no reason to assume it's a modification.  They're distributing
a copy, and that's enough.

>> So, if I called them to ask how to install and run modified versions
>> of the GPLed programs, and they responded "sorry, I can't give you
>> that.  I threw it all away, such that I wouldn't be able to give it to
>> you.", they would still be disrespecting my freedoms, as well as the
>> license.

> Not even the GPLv3dd4 - because they don't have the information
> anymore either. If, however, they still retained the information -
> in any form - they would be violating the GPLv3dd4.

I'm told by the authors of GPLv3dd4 that this case is not meant to be
permitted.  I suppose they're going to change the wording, or at least
the rationale for it.

> The GPLv2 doesn't make the actions described above - "how to install and 
> run" - a license violation.

This is true.  They didn't have any such duty, under the GPLv2.

However, if I figured that out by myself, but found that I was unable
to run a modified version because something in there checks for a hash
computed over the program I'd like to modify, and refuses to run it
because of the hash, then the hash is effectively part of the program,
and they haven't provided me with the corresponding sources of that
portion of the program.

I know you don't want that to be true, and a court might actually
decide your way some day.  But until then, your claim that this is
permitted by the GPL is just as good as mine that it's not.  And I
really mean "just as good", since my claim is in line with the stated
purpose of the authors of the GPL, and yours is in line with their
opinion (according to others, I don't think I've got this straight
from them) as to whether the license effectively prohibits this
practice.

> Then anyone using GPLv3'd software to drive WiFi devices, radio (HAM radio) 
> networks, etc - in the US, at least - isn't allowed to do such. US Law makes 
> some provisions of the GPLv3 illegal to comply with. Thanks to section 6 of 
> the GPLv3 that invalidates the rights granted under the license.

Actually, this is false.  Not only because of the ROM provisions in
the GPLv3, but because the law requirements aren't anywhere as strict
as the WiFi vendors who want to disrespect your freedoms want you to
believe.

> What the GPLv3 has done is take away options they might otherwise
> have had.

It doesn't.  Authors can always grant these options separately if they
want to.  Authors can always choose GPLv2 if they want to.

GPLv3 is an option for those who want to defend freedoms, even if they
don't share the perception that this is a moral and ethical issue.  If
they're in it only for the self benefits, that's fine, GPLv3 can get
them that, even better than GPLv2 could, in spite of the short-sighted
claims to the contrary.

> If one of the goals of the FSF is to force proprietary software into
> a minority then its just done damage to that goal.

That's not the goal.

-- 
Alexandre Oliva         http://www.lsd.ic.unicamp.br/~oliva/
FSF Latin America Board Member         http://www.fsfla.org/
Red Hat Compiler Engineer   aoliva@...dhat.com, gcc.gnu.org}
Free Software Evangelist  oliva@...d.ic.unicamp.br, gnu.org}
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ