lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 19 Jul 2016 19:29:00 -0400
From:	Richard Fontana <fontana@...rpeleven.org>
To:	Greg KH <gregkh@...uxfoundation.org>,
	Rusty Russell <rusty@...tcorp.com.au>
Cc:	"Luis R. Rodriguez" <mcgrof@...nel.org>,
	linux-kernel@...r.kernel.org, ciaran.farrell@...e.com,
	christopher.denicolo@...e.com,
	copyleft-next@...ts.fedorahosted.org, gnomes@...rguk.ukuu.org.uk,
	alan@...ux.intel.com, tytso@....edu, pebolle@...cali.nl,
	hpa@...or.com, joe@...ches.com
Subject: Re: [PATCH v2] module.h: add copyleft-next >= 0.3.1 as GPL compatible

On 07/19/2016 06:38 PM, Greg KH wrote:
> On Mon, Jul 18, 2016 at 12:56:33PM +0930, Rusty Russell wrote:
>> Greg KH <gregkh@...uxfoundation.org> writes:
>>> On Thu, Jun 30, 2016 at 03:53:27PM -0700, Luis R. Rodriguez wrote:
>>>> copyleft-next [0] [1] is an openly evolved copyleft license, its an
>>>> effort to evolve copyleft without participation of the Church (TM)
>>>> or State (R), completley openly to the extend development and
>>>> discussion of copyleft-next by participants of the copyleft-next
>>>> project are governed by the Harvey Birdman Rule [2].
>>>>
>>>> Even though it has been a goal of the project to be GPL-v2 compatible
>>>> to be certain I've asked for a clarification about what makes
>>>> copyleft-next GPLv2 compatible and also asked for a summary of
>>>> benefits. This prompted some small minor changes to make compatiblity
>>>> even further clear and as of copyleft 0.3.1 compatibility should
>>>> be crystal clear [3].
>>>>
>>>> The summary of why copyleft-next 0.3.1 is compatible with GPLv2
>>>> is explained as follows:
>>>>
>>>>   Like GPLv2, copyleft-next requires distribution of derivative works
>>>>   ("Derived Works" in copyleft-next 0.3.x) to be under the same license.
>>>>   Ordinarily this would make the two licenses incompatible. However,
>>>>   copyleft-next 0.3.1 says: "If the Derived Work includes material
>>>>   licensed under the GPL, You may instead license the Derived Work under
>>>>   the GPL." "GPL" is defined to include GPLv2.
>>>>
>>>> In practice this means copyleft-next code in Linux may be licensed
>>>> under the GPL2, however there are additional obvious gains for
>>>> bringing contributins from Linux outbound where copyleft-next is
>>>> preferred. To help review further I've also independently reviewed
>>>> compatiblity with attorneys at SUSE and they agree with the
>>>> compatibility.
>>>>
>>>> A summary of benefits of copyleft-next >= 0.3.1 over GPLv2 is listed
>>>> below, it shows *why* some folks like myself will prefer it over
>>>> GPLv2 for future work.
>>>>
>>>> o It is much shorter and simpler
>>>> o It has an explicit patent license grant, unlike GPLv2
>>>> o Its notice preservation conditions are clearer
>>>> o More free software/open source licenses are compatible
>>>>   with it (via section 4)
>>>> o The source code requirement triggered by binary distribution
>>>>   is much simpler in a procedural sense
>>>> o Recipients potentially have a contract claim against distributors
>>>>   who are noncompliant with the source code requirement
>>>> o There is a built-in inbound=outbound policy for upstream
>>>>   contributions (cf. Apache License 2.0 section 5)
>>>> o There are disincentives to engage in the controversial practice
>>>>   of copyleft/ proprietary dual-licensing
>>>> o In 15 years copyleft expires, which can be advantageous
>>>>   for legacy code
>>>> o There are explicit disincentives to bringing patent infringement
>>>>   claims accusing the licensed work of infringement (see 10b)
>>>> o There is a cure period for licensees who are not compliant
>>>>   with the license (there is no cure opportunity in GPLv2)
>>>> o copyleft-next has a 'built-in or-later' provision
>>>>
>>>> [0] https://github.com/copyleft-next/copyleft-next
>>>> [1] https://lists.fedorahosted.org/mailman/listinfo/copyleft-next/
>>>> [2] https://github.com/richardfontana/hbr/blob/master/HBR.md
>>>> [3] https://lists.fedorahosted.org/archives/list/copyleft-next@lists.fedorahosted.org/thread/JTGV56DDADWGKU7ZKTZA4DLXTGTLNJ57/#SQMDIKBRAVDOCT4UVNOOCRGBN2UJIKHZ
>>>>
>>>> v2:
>>>>
>>>> o extend checkpatch.pl with copyleft-next as well for
>>>>   MODULE_LICENSE() check - as suggested by Paul Bolle.
>>>>
>>>> Cc: copyleft-next@...ts.fedorahosted.org
>>>> Cc: Richard Fontana <fontana@...rpeleven.org>
>>>> Signed-off-by: Ciaran Farrell <Ciaran.Farrell@...e.com>
>>>> Signed-off-by: Christopher De Nicolo <Christopher.DeNicolo@...e.com>
>>>> Signed-off-by: Luis R. Rodriguez <mcgrof@...nel.org>
>>>
>>> Acked-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
>>
>> Adding a license here implies we accept that it's actually GPLv2
>> compatible.  And IANAL.
> 
> Note, at least lawyer has signed off on this.
> 
> I'd like to see Richard do so as well.

Signed-off-by: Richard Fontana <fontana@...rpeleven.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ