lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 20 Jun 2007 23:58:00 -0400
From:	Michael Poole <mdpoole@...ilus.org>
To:	david@...g.hm
Cc:	davids@...master.com, linux-kernel@...r.kernel.org
Subject: Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3

david@...g.hm writes:

> On Wed, 20 Jun 2007, Michael Poole wrote:
>
>> david@...g.hm writes:
>>
>>> if the GPL can excercise control over compilations, then if Oracle
>>> were to ship a Oracle Linux live CD that contained the Oracle Database
>>> in the filesystem image, ready to run. then the GPL would be able to
>>> control the Oracle Database code.
>>
>> By copyright law, it could.  By its language, it does not.
>
> many people (including many lawyers will disagree that it could by
> copyright law

On what grounds would Oracle have a license to ship that part of
Linux?  Unless you are the sole copyright owner, you have no right to
copy a given piece of software _at all_ without a license.  The GPL is
a remarkably giving license in terms of how little it requires.

(This potentially wide scope is one of the major reasons that the GPL
mentions "mere aggregation" and that the Debian Free Software
Guidelines' include guideline #9.)

>>> if the GPL can't do this then it can't control the checksum either.
>>>
>>> again, it's not just the kernel that's part of the checksum on a tivo,
>>> the checksum is over the kernel + initial filesystem, much of which
>>> contains code not covered by the gPL)
>>
>> Again, did you miss where I pointed out that this makes it *worse* for
>> Tivo, because they are tying together -- and making inseparable -- a
>> combination that would otherwise be "mere aggregation"?
>
> and it makes most distro CD's illegal since they contain code under
> different incompatible licenses and they make a checksum across the
> entire CD image.

When distributions generate checksums (as opposed to signatures) over
images, they do provide all of the inputs.  When most distributions
provide signatures, the signatures do not function as statements or
instructions to computers -- they function as statements to users.
Tivo's digital signatures differ in both of these respects.

Michael Poole
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ