| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 02 Aug 2012 08:19:26 -0400
From: Mark Hounschell <dmarkh@....rr.com>
To: Alan Cox <alan@...rguk.ukuu.org.uk>
CC: linux-kernel <linux-kernel@...r.kernel.org>
Subject: Re: MODULE_LICENSE("GPL")??
On 08/01/2012 05:43 PM, Alan Cox wrote:
> On Wed, 01 Aug 2012 17:24:33 -0400
> Mark Hounschell <dmarkh@....rr.com> wrote:
>
>> What would happen if NVIDIA used this define in their proprietary driver? I
>
> Ask a lawyer but I believe Nvidia has more sense than that both
> politically and legally. They walk a very fine line as it is (and IMHO
> the wrong side of it but one day I guess a court will figure out where
> the line actually is).
>
>> ask because I am currently in a situation where I believe I may be about to
>> use a product that may be doing this very thing. We had to sign a license
>> agreement to get the kernel driver source for this product. What we
>> received contained the kernel driver source and user land library stuff.
>> The source code for the kernel driver has MODULE_LICENSE("GPL") defined.
>> The only license info in the package received was NOT the GPL license.
>
> You cannot combine GPL and non GPL code, and since you are aware of the
> fact there is a problem then you are probably a knowing infringer, which
> is not a good situation to be in (triple damages in the US). If the module
> license tag says it is GPL then I would talk to your lawyer about
> it - you might actually be able to argue that it is therefore GPL
> but I'm not a lawyer and you *really* don't want to try that stunt without
> advice!
>
>> On this particular vendors web site they offer unrestricted downloads of
>> binary packages for their product/s that are for specific DIST kernels. But
>> to get the source requires signing a license agreement that is NOT GPL.
>
> Talk to the Free Software Conservancy and gpl-violations.org.
>
> Beyond that have a detailed discussion with your lawyer on the licence,
> on "knowing infringment" and in particular check your insurance as most
> legal insurance won't cover you in such a situation. If you redistribute
> such material you are likely to also be liable, which can be very
> expensive.
>
> All of this comes down to one thing - you need to ask a lawyer legal
> questions. I think you can already answer the "what happens if you get
> caught" political questions. Given that maybe you don't need to ask a
> lawyer but just say no ?
>
OK, thanks. Just to verify they actually had a "need" to specify GPL, I
changed it to proprietary to see if they in fact were using GPL-only
symbols. It compiled without complaint. As I've seen in the past, and one
reason why our drivers are GPL, they won't even build if a GPL exported
symbol is referenced. IE
Building modules, stage 2.
MODPOST 1 modules
FATAL: modpost: GPL-incompatible module somemod.ko uses GPL-only symbol
'somesymbol'
This particular driver does in fact build cleanly after changing the GPL
to PROPRIETARY. I haven't actually purchased the product yet so am unable
to load it, but can I assume that if I don't have a build issue when
specifying PROPRIETARY, that they are in fact NOT using GPL symbols and
maybe they just thought they needed to specify GPL for some reason or another?
Thanks
Mark
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists