lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20080517003206.25e90937@olorin>
Date:	Sat, 17 May 2008 00:32:06 +0200
From:	FD Cami <francois.cami@...e.fr>
To:	Jo Shields <directhex@...box.org>
Cc:	linux-kernel@...r.kernel.org, legal@...ts.gpl-violations.org
Subject: Re: GPL Violation: Compro Technology Inc, 2.6.17 modified
 binary-only kernel distribution


(adding gpl-violations.org in CC)

--
fdc


On Fri, 16 May 2008 23:00:12 +0100
Jo Shields <directhex@...box.org> wrote:

> Hi,
> 
> I've discovered a GPL violation by Taiwanese TV card manufacturer Compro
> Technology.
> 
> On their site, they are offering a "driver" for Mandriva
> Linux 2007.1, in the form of an 18 meg "linux.rpm"[1,2,3,4]. This
> "driver" is, in fact, an entire kernel image (from snd-emu10k1.ko to
> libata.ko, with everything in between), generated from Mandriva's kernel
> source package, with local modifications to at least two files (major
> file size gap between Compro and Mandriva kernels in tuner.ko and
> cx88xx.ko).
> 
> Their "driver" is being offered in binary-only form, without any
> accompanying license, and I have received no replies to a formal request
> for source after 2 (Taiwanese) working days. Obviously, this violates
> several GPL clauses, and infringes on the rights of every kernel
> developer with code in 2.6.17.
> 
> It is also the opinion of a LinuxTV developer with whom I've been
> discussing the matter that their modified drivers appear to contain
> large un-redistributable portions of code from a chip vendor's
> proprietary SDK, but we obviously can't adequately check this with
> only .ko files to work with.
> 
> They appear to be offering a similar "driver" for Fedora Core 6, which
> is non-functional, presumably due to a failed upload (cpio fails to
> extract the rpm)[4,5].
> 
> I'm not 100% certain what my next step should be, so I decided this was
> the best place to give a public airing. One suggestion I've had
> suggested is to file a DMCA takedown notice with their (US-based) ISP,
> but I've no idea whether it's the right stage to do something like that,
> nor do I have any claim to any code contained in the kernel. At any
> rate, I wanted to make the kernel developers informed of this discovery.
> 
> I'm not on this mailing list, so a CC: would be appreciated.
> 
> --Jo Shields
> 
> 
> [1] http://www.comprousa.com/downloadfiles/linux.rpm
> [2] http://www.comprousa.com/en/download/sseries.html
> [3] http://www.comprousa.com/en/download/tseries.html
> [4] http://www.comprousa.com/en/download/xseries.html
> [5] http://www.comprousa.com/downloadfiles/kernel-2618prep-3i386.rpm
> 
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ