| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 06 Jun 2008 15:46:15 +0100 From: David Woodhouse <dwmw2@...radead.org> To: Pavel Machek <pavel@....cz> Cc: Arjan van de Ven <arjan@...ux.intel.com>, David Miller <davem@...emloft.net>, James.Bottomley@...senPartnership.com, ksummit-2008-discuss@...ts.linux-foundation.org, linux-kernel@...r.kernel.org Subject: Re: [Ksummit-2008-discuss] RFC: Moving firmware blobs out of the kernel. On Sun, 2008-06-01 at 18:17 +0200, Pavel Machek wrote: > Hi! > > > The firmware is an independent and separate work in itself. Section 2 of > > the GPL talks about such sections of the work, explicitly. The only way > > to excuse what we're doing at the moment is to call it 'mere > > aggregation' -- an exception which was intended to handle stuff like the > > 'freeware' CDs on the covers of magazines, distributing a bunch of > > unrelated software. Not a coherent work combining software from > > different sources into a single entity which works closely together as > > one, and where one part is useless without the other. > > Wait a moment, haven't you just described linux distribution? > > I mean, if aggregation clause does not work for firmware in kernel, > why would it work for packages in distro? > > (Actually, seeing some distro EULAs, I wished GPL infected whole > distro so that I'd not have to read the stupid EULA.) That's an interesting question, which has concerned me in the past. There are certainly those who would claim that the distribution _is_ a collective work, and not just 'mere aggregation on a volume of a storage or distribution medium'. Which poses interesting questions. I think you might _just_ about get away with arguing to the contrary, as long as you never refer to the distribution as a collective work which is copyrightable in its own right, or try to put a EULA on it or anything like that. At least it's _slightly_ more excusable in that case than what we were talking about before. Again, there's no definitive answer until/unless it comes to court. But there's no _guarantee_ that a court would rule that what we're doing is OK, even though it's a long-standing and universally accepted practice. You can't apply reductio ad absurdum and declare that the whole 'collective work' part of ยง2 doesn't exist just because it might lead to a _really_ surprising conclusion. > > There are people who own copyright on firmware who refuse to put it into > > the Linux source tree, because their lawyers don't believe the 'mere > > aggregation' line, and believe that including it in the kernel source in > > any form would require them to license it under the GPL. > > They can release the firmware under BSD 3-clause, and we can include > it in kernel, then.... right? (Or into linux-firmware or into whatever > package that comes handy). You may only include it in a GPL'd project if you can distribute the source code in the preferred form for editing -- unless you claim that the tightly intertwined combination of driver and firmware is "mere aggregation on a volume of a storage medium", which many would say it blatantly is not. If, on the other hand, we have a separate repository where stuff only has to be 'redistributable', then that would be OK even without source. I'm working on reducing the technical barriers to having a separate repository, to the point where it becomes silly not to do it like that. -- dwmw2 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists