| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 07 Feb 2008 09:31:42 +0100 From: Diego Zuccato <diego@...llo.alma.unibo.it> To: David Newall <davidn@...idnewall.com> Cc: Greg KH <greg@...ah.com>, Christer Weinigel <christer@...nigel.se>, linux-usb@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] USB: mark USB drivers as being GPL only David Newall ha scritto: > "Of course", because in many parts of the world, a device who's > manufacturer fails to take reasonable steps to prevent it from being > used outside regulatory limits is illegal. Providing source code not > only is a failure to take those reasonable steps, but is quite the > opposite. It may even be viewed as encouraging users to use it > inappropriately. If the device is well engineered, there's nothing the sw can do to make it work outside regulatory limits. Sometimes there's simply NOTHING the SW can do to *avoid* it. Think about a CB radio. International standard is 5W (well, somewhere it's 3, IIRC, but that's another story: nobody produces a special model with a final amplifier for only 3W, everyone produces the 5W and turns down power in some other way). But linear amplifiers are commonly sold. And (at least in Italy) it's not illegal to buy one, even if it can boost antenna power to 1000W. It's illegal just to USE it. If a citizen of a country where only 3W are allowed opens his CB and removes the limiter, it makes the use of THAT CB illegal, not the use of that MODEL: untampered ones are still legal! And it's a logical problem, too: why should the *driver* enforce a *technical* limit? It's up to the device. If the driver tells my WiFi device to use 10W, should it fail? I think so! IMO there's no judge that can rule out that an open source driver is encouraging users to use a device over its regulatory limits: there are easier ways (like lying about the configured country, to get more channels or more power) than hacking a driver. Else it should be ruled "reasonable" having to sell different drivers in different countries (no user-selectable country to choose, no lying possible... as long as the user doesn't download an updated driver...). The key is "reasonable". IMVHO enforcing a limit with a driver is not a "reasonable step to prevent use outside regulatory limits". There are more effective ways to enforce those limits that costs about the same. BYtE, Diego. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists