lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20070916211208.GC5502@thunk.org>
Date:	Sun, 16 Sep 2007 17:12:08 -0400
From:	Theodore Tso <tytso@....edu>
To:	Adrian Bunk <bunk@...nel.org>,
	"Can E. Acar" <can.acar@...-g.com.tr>, misc@...nbsd.org,
	linux-kernel@...r.kernel.org,
	Daniel Hazelton <dhazelton@...er.net>,
	Eben Moglen <moglen@...twarefreedom.org>,
	Lawrence Lessig <lessig_from_web@...ox.com>,
	"Bradley M. Kuhn" <bkuhn@...twarefreedom.org>,
	Matt Norwood <norwood@...twarefreedom.org>
Subject: Re: Wasting our Freedom

On Sun, Sep 16, 2007 at 10:39:26PM +0200, Hannah Schroeter wrote:
> >The most questionable legal advice in this thread was by Theo de Raadt 
> >who claimed choosing one licence for _dual-licenced_ code was illegal...
> 
> JFTR, I do *not* think that that assessment was questionable. Unless the
> dual-licensing *explicitly* allows relicensing, relicensing is forbidden
> by copyright law. The dual-licensing allows relicensing only if that's
> *explicitly* stated, either in the statement offering the alternative, or
> in one of the licenses.
> 
> Neither GPL nor BSD/ISC allow relicensing in their well-known wordings.
> 
> If you think that's questionable, you should at least provide arguments
> (and be ready to have your interpretation of the law and the licenses
> tested before court).

Hannah,

What is going on whenever someone changes a code is that they make a
"derivative work".  Whether or not you can even make a derivative
work, and under what terms the derivitive work can be licensed, is
strictly up to the license of the original.  For example, the BSD
license says:

  Redistribution and use in source and binary forms, with or without
  modification, are permitted provided that the following conditions
  are met....

Note the "with or without modification".  This is what allows people
to change BSD licensed code and redistribute said changes.  The
conditions specified by the BSD license do not mention anything about
licening terms --- just that if you meet these three conditions, you
are allowed to redistribute them.  So for example, this is what allows
Network Appliances to take BSD code, change it, and add a restrictive,
proprietary copyright.

So for code which is single-licensed under a BSD license, someone can
create a new derived work, and redistribute it under a more
restrictive license --- either one as restrictive as NetApp's (where
no one is allowed to get binary unless they are a NetApp customer, or
source only after signing an NDA), or a GPL license.  It is not a
relicencing, per se, since the original version of the file is still
available under the original copyright; it is only the derived work
which is under the more restrictive copyright.   

Now, the original copyright can say that you aren't allowed to do
this; for example, the GPL says that you are not allowed to add any
restrictions on the copyright license of any derived works of GPL'ed
code.  This is why some BSD partisans claim that their license is
"more free"; the BSD license allows people to add more restrictive
copyright license terms on derived works.

OK, what about dual licensed works?  The specific wording of the dual
licensing is that you can use *either* license.  That means, you can
treat code as if only using the BSD license applied, or only if the
GPL license applied.  That is, the end-user can redistribute if either
the conditions required by the BSD license *or* the GPL license
applied.  But we've already shown that the BSD license allows the
creation of a derived work with a more restrictive license --- such as
the GPL.

But don't take my word for it; the Software Freedom Law Center has
issued advice, pro bono, written by lawyers about how this can be
done.  If you want, feel free get your own lawyers and ask them to
provide formal legal advice.

> A difference is, GPL requires it under every circumstance. BSD does not,
> indeed. But how should one expect it from *OSS* people that even *they*
> don't give back? Do you really want to put yourself on the same level as
> closed-source companies?

The problem with your argument is that BSD folks have claimed that the
BSD license is morally superior --- "more free than the GPL" ---
because you don't have to "give back" (or more formally, create a
derivitive work with a copyright license more restrictive than the
BSD).  If that is true, it is the absolute height of hypocrisy to
suddenly start complaining when code is restricted via an another open
source license such as the GPL, but not complain when NetApp uses BSD
code to make million and millions of dollars without giving anything
of substantial value back.  At least in the case of GPL'ed code you
still can look at the changes and decide how and whether you to
reimplement them.  Why don't you go and try asking NetApp for sources
to WAFL, and claim that they have "moral" duty to give the code back,
and see how quickly you get laughed out of the office?

    	    	    	    	    	   - Ted
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ