lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 29 Jun 2016 13:13:55 -0700
From:	"H. Peter Anvin" <hpa@...or.com>
To:	Greg KH <gregkh@...uxfoundation.org>,
	"Luis R. Rodriguez" <mcgrof@...nel.org>
CC:	rusty@...tcorp.com.au, linux-kernel@...r.kernel.org,
	ciaran.farrell@...e.com, christopher.denicolo@...e.com,
	fontana@...rpeleven.org, copyleft-next@...ts.fedorahosted.org,
	gnomes@...rguk.ukuu.org.uk, alan@...ux.intel.com, tytso@....edu
Subject: Re: [PATCH] module.h: add copyleft-next >= 0.3.1 as GPL compatible

On June 29, 2016 12:46:35 PM PDT, Greg KH <gregkh@...uxfoundation.org> wrote:
>On Wed, Jun 29, 2016 at 09:05:47PM +0200, Luis R. Rodriguez wrote:
>> On Tue, Jun 14, 2016 at 11:35:11AM -0700, Luis R. Rodriguez wrote:
>> > copyleft-next [0] [1] is an openly evolved copyleft license, its an
>> > effort to evolve copyleft without participation of the Church (TM)
>> > or State (R), completley openly to the extend development and
>> > discussion of copyleft-next by participants of the copyleft-next
>> > project are governed by the Harvey Birdman Rule [2].
>> > 
>> > Even though it has been a goal of the project to be GPL-v2
>compatible
>> > to be certain I've asked for a clarification about what makes
>> > copyleft-next GPLv2 compatible and also asked for a summary of
>> > benefits. This prompted some small minor changes to make
>compatiblity
>> > even further clear and as of copyleft 0.3.1 compatibility should
>> > be crystal clear [3].
>> > 
>> > The summary of why copyleft-next 0.3.1 is compatible with GPLv2
>> > is explained as follows:
>> > 
>> >   Like GPLv2, copyleft-next requires distribution of derivative
>works
>> >   ("Derived Works" in copyleft-next 0.3.x) to be under the same
>license.
>> >   Ordinarily this would make the two licenses incompatible.
>However,
>> >   copyleft-next 0.3.1 says: "If the Derived Work includes material
>> >   licensed under the GPL, You may instead license the Derived Work
>under
>> >   the GPL." "GPL" is defined to include GPLv2.
>> > 
>> > In practice this means copyleft-next code in Linux may be licensed
>> > under the GPL2, however there are additional obvious gains for
>> > bringing contributins from Linux outbound where copyleft-next is
>> > preferred. To help review further I've also independently reviewed
>> > compatiblity with attorneys at SUSE and they agree with the
>> > compatibility.
>> > 
>> > A summary of benefits of copyleft-next >= 0.3.1 over GPLv2 is
>listed
>> > below, it shows *why* some folks like myself will prefer it over
>> > GPLv2 for future work.
>> > 
>> > o It is much shorter and simpler
>> > o It has an explicit patent license grant, unlike GPLv2
>> > o Its notice preservation conditions are clearer
>> > o More free software/open source licenses are compatible
>> >   with it (via section 4)
>> > o The source code requirement triggered by binary distribution
>> >   is much simpler in a procedural sense
>> > o Recipients potentially have a contract claim against distributors
>> >   who are noncompliant with the source code requirement
>> > o There is a built-in inbound=outbound policy for upstream
>> >   contributions (cf. Apache License 2.0 section 5)
>> > o There are disincentives to engage in the controversial practice
>> >   of copyleft/ proprietary dual-licensing
>> > o In 15 years copyleft expires, which can be advantageous
>> >   for legacy code
>> > o There are explicit disincentives to bringing patent infringement
>> >   claims accusing the licensed work of infringement (see 10b)
>> > o There is a cure period for licensees who are not compliant
>> >   with the license (there is no cure opportunity in GPLv2)
>> > o copyleft-next has a 'built-in or-later' provision
>> > 
>> > [0] https://github.com/copyleft-next/copyleft-next
>> > [1] https://lists.fedorahosted.org/mailman/listinfo/copyleft-next/
>> > [2] https://github.com/richardfontana/hbr/blob/master/HBR.md
>> > [3]
>https://lists.fedorahosted.org/archives/list/copyleft-next@lists.fedorahosted.org/thread/JTGV56DDADWGKU7ZKTZA4DLXTGTLNJ57/#SQMDIKBRAVDOCT4UVNOOCRGBN2UJIKHZ
>> > 
>> > Cc: copyleft-next@...ts.fedorahosted.org
>> > Cc: Richard Fontana <fontana@...rpeleven.org>
>> > Signed-off-by: Ciaran Farrell <Ciaran.Farrell@...e.com>
>> > Signed-off-by: Christopher De Nicolo
><Christopher.DeNicolo@...e.com>
>> > Signed-off-by: Luis R. Rodriguez <mcgrof@...nel.org>
>> > ---
>> > 
>> > I've tested its use at run time as well obviously.
>> > 
>> >  include/linux/license.h | 1 +
>> >  include/linux/module.h  | 1 +
>> >  2 files changed, 2 insertions(+)
>> > 
>> 
>> Greg, Rusty,
>> 
>> I haven't seen any objections or questions, so just a friendly
>*poke*.
>
>Shouldn't this go in _with_ a patch that actually adds code that uses
>the license?
>
>thanks,
>
>greg k-h

I would disagree; I think this is the sort of thing we should enable in the interest of forward compatibility and documentation.
-- 
Sent from my Android device with K-9 Mail. Please excuse brevity and formatting.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ