lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.64.0706201253120.30395@asgard.lang.hm>
Date:	Wed, 20 Jun 2007 12:58:55 -0700 (PDT)
From:	david@...g.hm
To:	Michael Poole <mdpoole@...ilus.org>
cc:	"H. Peter Anvin" <hpa@...or.com>,
	Tomas Neme <lacrymology@...il.com>,
	"Linux-Kernel@...r. Kernel. Org" <linux-kernel@...r.kernel.org>
Subject: Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3

On Wed, 20 Jun 2007, Michael Poole wrote:

> david@...g.hm writes:
>
>> On Wed, 20 Jun 2007, Michael Poole wrote:
>>
>>> david@...g.hm writes:
>>>
>>>> this is very much NOT true. if you take the source the provide you can
>>>> compile a kernel that will run on the tivo, the only thing you have to
>>>> do (on some models) is to change the bios to skip the step that checks
>>>> if the kernel has been tampered with.
>>>
>>> If we are opining whether Tivo provided complete source code for their
>>> Linux kernel images, the requirement to change non-GPLed software as a
>>> condition to exercise GPL-protected rights speaks for itself.
>>
>> no, the GPL protected rights don't say anything about the hardware the
>> system runs on.
>>
>> you are saying that the GPL now controls what the BIOS software is
>> allowed to do or not allowed to do.
>
> Please retract that claim.  I have said no such thing, and have
> avoided saying anything that I thought might be misconstrued in that
> direction.
>
> To be absolutely clear: My complaints with Tivo as a hardware or BIOS
> vendor are moral and pragmatic, not legal.  My complaint with Tivo as
> a distributor of Linux is what hinges on legal issues.

but if the GPL doesn't control the BIOS how in the world are you saying 
that the fact that the GPL covers the kernel makes what the BIOS does 
wrong (even if the kernel was covered by GPLv3)?

>> that's a seperate body of code that is in no way derived from the
>> linux kernel (even the anti-tampering functions would work equally
>> well with other Operating systems and are in no way linux
>> specific). it's no even loaded on the same media (the BIOS is in
>> flash/rom on the botherboard, the OS is on the hard drive)
>>
>> and note that the software that is checked to make sure that it hasn't
>> been changed includes much more then the kernel. it checks the kernel
>> and the initrd.
>
> Not legally relevant.

I disagree. it's very relevant if your argument is that becouse the 
checksum if a checksum of the kernel that the license for the kernel 
somehow controlls what can be done with it.

>>> Out of curiosity, what do you have to do on models besides those?  Are
>>> newer models more or less restrictive in what they run?  If newer
>>> models are more restrictive, I think that also speaks to whether Tivo
>>> thinks it is conveying complete source code.
>>
>> newer models do tend to be more restrictive, but they also tend to
>> connect to more propriatary networks (satellite or cable)
>
> What they connect to is also not relevant.  That imples that because a
> vendor has been issued or licensed patents, they are not obliged to
> follow the GPL -- that the vendor has other obligations that supercede
> the GPL's license claims.  GPL section 7 addresses that situation.

you are arguing that the fact that later models are more locked down is 
'proof' that tivo knows that it's doing the wrong thing. I'm pointing out 
an alternate reason, the people who control the networks that the newer 
models are connecting to are imposing additional restrictions on tivo that 
cause them to need to be locked down more.

David Lang

> Michael Poole
>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ