lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <200709031343.23949.dhazelton@enter.net>
Date:	Mon, 3 Sep 2007 13:43:23 -0400
From:	Daniel Hazelton <dhazelton@...er.net>
To:	davids@...master.com
Cc:	espie@...im.net, linux-kernel@...r.kernel.org
Subject: Re: GPL weasels and the atheros stink

(As noted before - I am surround all-caps text with *'s to indicate vocal 
stress, not volume)

On Monday 03 September 2007 05:47:59 David Schwartz wrote:
> Daniel Hazelton wrote:
> > > Your entire argument is based on the false assumption that
> > > these licenses
> > > are compatible. They are not. You cannot put code that was offered
> > > under the GPLv2 into code that is licensed under the dual license and
> > > distribute
> > > the result.
> >
> > Then go yell at Mr. Floeter. The code is dual-licensed and he put
> > BSD-License
> > only code in it. Because that's the *EXACT* *SAME* thing you're talking
> > about.
>
> This is a completely irrelevent reply. For one thing, I'm not yelling at
> anyone, so I don't see why you think I'm being inconsistent or something
> because I'm not yelling at Mr. Floeter.
>
> Actually, it's perfectly fine to put BSD-only code in a dual-licensed file.
> You just need to remove the dual license and make the file GPL-only.

Huh?

You're not making any sense. I think what you meant was "It's perfectly fine 
to put BSD-only code in a dual-licensed file. You just need to make the file 
*BSD* only."

And you are correct - but you (and I may be wrongly interpreting your words) 
and a lot of other people have complained that Jiri made modifications to the 
Atheros code and only licensed his code under the GPL. What none of you have 
done is complained that Mr. Floeter did the same thing - made changes to the 
Atheros code and made his changes only available under *ONE* of the licenses.

Apparently the reason why people that are complaining about Jiri doing such 
haven't complained about Floeter doing the same thing is that he used a 
license that you and the other people like.

> > IANAL, but your argument is specious - if the code is
> > dual-licensed and you
> > are going to let one person add code to it that is only licensed
> > under one of
> > those licenses, you *CANNOT* complain when somebody else does it
> > and chooses
> > the other license. (Well, you can, but the complaint has no legal
> > standing)
>
> What argument am I making that's specious? Perhaps you have me confused
> with someone else?
>
> In any event, I utterly reject the argument that you make. Any argument
> "you cannot complain about X unless you also complain about Y" is just
> totally bogus. You can say "you cannot complain about X and *defend* Y
> because X and Y are similar". But the fact that I don't complain about
> something creates no inconsistency. I am under no obligation to complain
> about everything that contradicts my principles, even things I don't know
> about or don't have enough information to give an informed opinion.

Wrong - I said "You can't complain about Person A doing X when you let Person 
B do X without complaint". To whit: you can't complain that Jiri has made 
changes to a dual-licensed "work" and only released his changes under one of 
the licenses on the work when somebody else - in this case Msr. Floeter - has 
done the same thing.

> > > That's not the problem. The problem is that if the file stays
> > > dual-licensed, everyone working on that file in the Linux
> > > kernel will have
> > > to be careful not to put any GPLv2-only code into it. That's just
> > > untenable. Any consistent license is better than different files being
> > > under different licenses such that you can't cut and paste code between
> > > files.
> >
> > Then why aren't you complaining about Mr. Floeters code ?
>
> Because I am too busy answering nonsensical arguments like yours.

Nonsense? Maybe in your little fantasy world. In the real world what I have 
proved by stating the facts is that you are complaining about something - and 
apparently claiming that its illegal - when somebody else has done the 
*EXACT* *SAME* *THING* and you have no problem with it.

(And since you apparently keep forgetting, that "exact same thing" is 'making 
changes to a dual-licensed project and only releasing the changes under one 
of the licenses on the project)

> I am 
> under no obligation to complain about everything I might disagree with if I
> were informed about it. 

Huh? You are complaining about one person doing something and are not or do 
not see a need to complain about somebody else who has does the same thing.

You either have a problem with the action or you don't - in this case it 
appears that you are complaining because the person in question made a choice 
you don't like.

> Why aren't you complaining about starving kids in 
> Africa?

Nice straw-man, but I'll answer anyway...

I do, all the time. But I also do that in a forum where it does some good, and 
I even use my own money to try and do something about it. 

> > His code doesn't maintain the dual-license. I think the reason is
> > that you
> > could care less about the "Dual License" and you just want the
> > code - period.
>
> You are probably confusing me with someone else. I honestly can't see how
> your reply in any way fits with what I'm saying.

No, no confusion. You could care less about the code being dual-licensed. Your 
choice of subjects 'GPL weasels' speaks volumes. You don't care that Jiri 
made a perfectly legal choice of license for his code. Truthfully, Jiri's 
choice doesn't actually matter that much. AFAICT the original dual-licensing 
of the code stands and only the identifiable portions attributable to Jiri 
are GPLv2 only. (IANAL, but I don't think Jiri's choice of license affects 
Mr. Floeters or Mr. Lefflers licenses at all - as a combined whole the code 
carries it's own license while the individual parts are licensed by their 
respective creators under whichever license they choose. This is something 
that has been discussed numerous times on LKML.)

> > > If you embed protectable elements from GPLv2-only code into any of
> > > those files, they are no longer dual-licensed. You wind up creating
> > > traps and complexity that makes the code much harder to maintain.
> >
> > The same can be said of Floeters code. *ALL* of his code, IIRC, is
> > *SINGLE-LICENSE*. ie: a complexity trap. But you aren't
> > complaining about his
> > code - you are complaining that somebody is doing the same thing, but is
> > using the side of the dual-license you don't like.
> >
> > Nothing *LEGALLY* actionable there.
>
> What the hell are you on about? Whether I think Floeters is the Earthly
> embodiment of Satan or the my very best friend has no impact whatsoever on
> the argument I'm making which has nothing whatsoever to do with Floeters.
>
> You are accusing me of being inconsitent about an issue where I've made no
> comment whatsoever about that issue.

Because you are being inconsistent. That much is clear from reading your 
original post.

> > > A dual-license is a compromise. One of the downsides is that
> > > you may force
> > > large projects that are under one license or the other to fork
> > > the code. If
> > > that bothers you, don't dual license.
> >
> > Exactly.
> >
> > This means that I can contribute as much code as I want to a
> > project under
> > whatever license I choose, but the project itself can have a different
> > license. In the case of the code in question, that means that the
> > second Mr.
> > Floeters code was distributed as a part of the "whole work" that
> > constitutes
> > the Atheros driver it automatically fell under the dual-license of the
> > controlling project.
>
> Umm, I'm not sure I know what you're talking about, but if I understand you
> correctly, what you are saying is legally impossible. Only the author can
> set the available licensing choices for his code. Distribution cannot
> create new rights.

By contributing to a project - a "combined work" - a developer (or author) 
maintains copyright and full licensing control over his portions of the work. 
But has granted, implicitly, the right to re-license said contributions under 
the license on the "combined work" if said license is different than the 
license on the contributions.

(This is literally and quite legally true. If I contributed code to, say, 
Linux, and placed the BSD license on my code, then, because the license is 
different than that on Linux, I have implicitly granted Linus (or whoever has 
put together that specific kernel series) the right to distribute my code 
under the GPLv2.)

> > When Jiri downloaded the code and began the work of
> > porting it to Linux, he accepted the terms of the GPL license -
> > his choice to
> > make. However, the initial patches altered the licensing of files that,
> > individually, have a different license. That was illegal and
> > pointed out to
> > him - and that code *WAS* *NOT* accepted into Linux.
>
> I think you have a few confusions all mixed together here. First, no
> license is needed to download or use code. 

Technically true, but I wouldn't want to test this theory in court.

> You don't have to accept the GPL 
> license or the BSD license. If the original author placed the code under a
> dual-license, then you receive the dual-license from the original author.

Agreed.

> Distributors cannot affect the grant of license from author to recipient.
> (Neither the GPL nor the BSD license grant distributors the right to
> relicense the original code. Such an agreement would have to be in writing
> anyway.)

Agreed.

> Now, when he distributed his modified works, he needed the right to do so.
> He could have obtained that right from either the GPL or the BSD, if the
> code was dual-licensed by the original author. He can choose one license
> and, because both licenses permit removing other licenses, he could remove
> the other one.

Agreed. And on this you are correct, however I do not believe that he could do 
such without changing the original licensing - because by removing said text 
he is not leaving a person receiving a further distribution aware of the 
choice that exists. (Except in-so-far as the files that contain the code he 
has modified.)

> If that's what he did, no harm, no foul.
>
> > STFU, OK ? -- Your position isn't legally tenable *AT* *ALL*.
> > (Okay, so it might be that any Atheros driver containing Jiri's
> > changes loses
> > the dual-license because of the viral nature of the GPL... IANAL,
> > but I can't
> > see that happening in this case.)
>
> If someone makes changes to a dual-licensed file, they can distribute their
> changes under *either* the BSD license, the GPL license, or some other
> license. The original file is still under both licenses, but their modified
> file can be under neither. The BSD license does not require you to
> re-license your changes under a compatible license, and a dual-license
> permits modifiers and redistributors to get the rights they need under
> either license.

Fully agreed, and sorry about the argumentative tone. This is the point I wish 
people would understand - and the one I was trying to make. Floeter made 
changes to Sam Lefflers code and those changes are BSD only - nobody 
complained about it - at all. Jiri makes changes and releases his code under 
the GPL(v2) only and people begin complaining that he is removing a choice, 
altering the license on the original, violating the license on the original, 
etc..,

Now I have examined the evidence and Jiri *DID* make some mistakes with his 
original patch-set. The only files he could remove the BSD headers from and 
not wind up treading on somebody elses toes is to only do such on files that 
he himself has (at least partial) copyright claim to. (and even then, with 
the BSD license not being compatible with the GPLv2, he can't even do it with 
files containing Mr. Floeters code, because that is BSD only - the best he 
can do is add a note to the header stating "Portions copyright XXXXX, 
released under the GPLv2")

DRH

-- 
Dialup is like pissing through a pipette. Slow and excruciatingly painful.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ