lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1467240323.26658.69.camel@tiscali.nl>
Date:	Thu, 30 Jun 2016 00:45:23 +0200
From:	Paul Bolle <pebolle@...cali.nl>
To:	"Luis R. Rodriguez" <mcgrof@...nel.org>
Cc:	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	Rusty Russell <rusty@...tcorp.com.au>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	Ciaran Farrell <ciaran.farrell@...e.com>,
	Christopher De Nicolo <christopher.denicolo@...e.com>,
	Richard Fontana <fontana@...rpeleven.org>,
	Discussion and development of copyleft-next 
	<copyleft-next@...ts.fedorahosted.org>,
	One Thousand Gnomes <gnomes@...rguk.ukuu.org.uk>,
	Alan Cox <alan@...ux.intel.com>, Theodore Ts'o <tytso@....edu>,
	"H. Peter Anvin" <hpa@...or.com>
Subject: Re: [PATCH] module.h: add copyleft-next >= 0.3.1 as GPL compatible

On wo, 2016-06-29 at 15:01 -0700, Luis R. Rodriguez wrote:
> Long ago I reached similar conclusion and question, and therefore
> proposed a simple GPL-Compatible tag then as a replacement [0]. A few
> agreed [1], but others had a lot of reasons why we need to be explicit
> about tags for new licenses. I recommend the full thread reading if
> you are interested about more details, to me perhaps the best
> explanation of why we need explicit tags is the points Alan raised
> over historic incompatibilities and also of course new
> incompatibilities found [2]. Finding compatibility requires work and
> due diligence. That work was done here and as such a new tag is added.
> 
> [0] https://lkml.kernel.org/r/1333757482-16204-1-git-send-email-mcgrof
> @frijolero.org
> [1] https://lkml.kernel.org/r/20120407002723.GA14568@kroah.com
> [2] 
> 
> https://lkml.kernel.org/r/20120408181227.5d9430d9@pyramind.ukuu.org.uk

Thanks, I wasn't aware of your previous work here.

But perhaps it wasn't clear I was talking only about the license ident:
the machine readable module tag. The tag that allows us to taint a
kernel when a proprietary module is loaded.

Most modules already have a comment in their files detailing the license
of that module. Why should that comment be summarized in the license
ident?

Requiring such a summary in the ident also means that mismatches can
occur: cases where the license ident doesn't actually match the comment
detailing the license of the module.

A choice between, say, "GPL v2 compatible" and "Proprietary" for license
idents allows us to taint the kernel if needed and still allows any GPL
v2 compatible (dual) license to be used for the module.

This requires proper license comments for modules. Most modules already
use those.

It also requires checking whether the license detailed in that comment
really is GPL v2 compatible. I'm guessing some people are actually doing
that. (I can't personally recall any discussion on a patch submitting an
improperly licensed module. But that must have probably already
happened.)


Paul Bolle

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ