lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <200706260717.19677.a1426z@gawab.com>
Date:	Tue, 26 Jun 2007 07:17:19 +0300
From:	Al Boldi <a1426z@...ab.com>
To:	linux-kernel@...r.kernel.org
Subject: Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3

Alexandre Oliva wrote:
> Consider this scenario: vendor tivoizes Linux in the device, and
> includes the corresponding sources only in a partition that is
> theoretically accessible using the shipped kernel, but that nothing in
> the software available in the machine will let you get to.  Further,
> sources (like everything else on disk) are encrypted, and you can only
> decrypt it with hardware crypto that is disabled if the boot loader
> doesn't find a correct signature for the boot partition, or maybe the
> signature is irrelevant, given that everything on disk is encrypted in
> such a way that, if you don't have the keys, you can't update the
> kernel properly anyway.  The vendor refuses to give customers other
> copies of the sources.  To add insult to the injury, the vendor
> configures the computer to set up the encrypted disk partition
> containing the sources as a swap device, such that the shared-secret
> key used to access that entire filesystem is overwritten upon the
> first boot, rendering the entire previous contents of the partition
> holding the source code into an incomprehensible stream of bits.
>
> Does anyone think this is permitted by the letter of GPLv2?

Yes.

> Is it in the spirit of GPLv2?

No, but that's besides the point.

You can only hold people responsible for the letter, lest there be chaos.

If there is a specific usage spirit you want to protect, then you must 
formulate it in letter.

> How are the sources passed on in this way going to benefit the user or the
> community?

They still have to provide the source by other GPL means of their choosing.

> Is this still desirable by the Linux developers?

Looks undesirable to me, but still valid.


Thanks!

--
Al

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ