lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <47AC174C.4080300@otello.alma.unibo.it>
Date:	Fri, 08 Feb 2008 09:48:12 +0100
From:	Diego Zuccato <diego@...llo.alma.unibo.it>
To:	David Newall <davidn@...idnewall.com>
Cc:	linux-usb@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] USB: mark USB drivers as being GPL only

David Newall ha scritto:

>> Precisely: One purpose of the driver is to enforce local compliance.
>> It can't *enforce* it anyway, at least if the users are all around the
>> world.
> Yes it can.   You're confusing the software with different or modified
> software.  Different things.  And by the way, if you modify the software
> to defeat the restrictions you are committing a criminal act, or you
> would be if you did it in Australia.
You said it! Gotcha! :-)
There's no difference if what I'm going to modify is the binary or the 
source: it's a criminal act anyway.
So why not release the source? :-)
>  You'd probably get with
> crucifixion for a first offense!
ROFLASTC :-)

> What's your point?  That it's easy to break the law?  Nobody's arguing
> against that.
I was simply implying there are easier ways than others... And binary 
drivers can't help...

>> Nope. The driver should simply make the device WORK. The USER must
>> make sure to meet the local regulations.
> Definitely no.  The manufacturer must ensure it meets local
> regulations.  One way they do that is via the driver.
Well, the driver must trust the user, that's my point.
If the user lies, the driver can't know (well, it could, but I don't 
think it could be considered "reasonable"...).

> You're correct, but that's still how it is.  In fact, some manufacturers
> provide country specific drivers simply to shore up this weakness. 
> (They'd only do that to protect their regulatory approval.)
Allowing the lying user to download a driver for another country...

>> If you're right, he is and must pay, remove that device from shops and
>> replace sold ones. Or at least make sure all users update their
>> drivers with others without that bug... 
> That's the most likely result.  That would be what I expect would
> happen.  This is why manufacturers view open source licences dimly in
> certain markets, of which radio communications is just one example.
And it's a reason to release open drivers, so that everybody can check 
there's no such bug. And, if found, it can be fixed with a lot less effort.

BTW I've now asked a lawyer... Waiting his answer.

BYtE,
  Diego.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ