lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 25 Feb 2008 16:17:52 -0500
From:	Valdis.Kletnieks@...edu
To:	Adrian Bunk <bunk@...nel.org>
Cc:	Alan Cox <alan@...rguk.ukuu.org.uk>,
	Steven Rostedt <srostedt@...hat.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Ingo Molnar <mingo@...e.hu>,
	Arnaldo Carvalho de Melo <acme@...stprotocols.net>,
	linux-kernel@...r.kernel.org, Alan Cox <alan@...hat.com>
Subject: Re: [PATCH] 2.6.25-rc2-mm1 - fix mcount GPL bogosity.

On Mon, 25 Feb 2008 21:27:10 +0200, Adrian Bunk said:
> On Mon, Feb 25, 2008 at 06:19:57PM +0000, Alan Cox wrote:
(Following was actually Steve Rostedt writing):
> > > The reason I added GPL is not because of some idea that this is all 
> > > "chummy" with the kernel. But because I derived the mcount code from 
> > > glibc's version of mcount. Now you may argue that glibc is under LGPL 
> > > and a non-GPL export is fine. But I've been advised that if I ever take 
> > > code from someone else, to always export it with GPL.

Did the person giving that advice say that was OK, even with code that
originally had a more permissive license, such as the LGPL code from glibc?

> > As I understand it if Vladis wants to submit his own change to the symbol
> > thats up to him, and he'll be liable for any fallout with the FSF, or
> > harm to Linux resulting, so long he's the one who signs it off.
> >...
> 
> Why isn't anyone distributing it liable if it is not legally correct?

Particularly since there isn't any *real* legal distinction between the EXPORT
and EXPORT_GPL - anybody who can cite actual case law, rather than just "we
kernel nerds think and our lawyers mumble" is invited to do so. In the case of
'mcount', we're specifically talking about a symbol that's only referenced
*because the kernel's include files and config tell it to*.  It's not even a
reference the code includes - it's a reference included *BY THE COMPILER*.

I'd love to see how you'd argue this in court - "Your honor, this static piece
of source code is infringing on our copyright as a derivative work, even though
it in no way shape or form references the symbol, depending on a compiler flag,
which is out of the code author's control".

Based on that, I'd have to say that the actual abuse of the GPL, if any,
lies with the maintainers of GCC, since gcc is what created the reference to
the problematic symbol, not the authors of the actual source code.

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ