lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20170516232702.GL17314@wotan.suse.de>
Date:   Wed, 17 May 2017 01:27:02 +0200
From:   "Luis R. Rodriguez" <mcgrof@...nel.org>
To:     Alan Cox <alan@...ux.intel.com>
Cc:     Linus Torvalds <torvalds@...ux-foundation.org>,
        AKASHI Takahiro <takahiro.akashi@...aro.org>,
        "Luis R. Rodriguez" <mcgrof@...nel.org>,
        Greg KH <gregkh@...uxfoundation.org>, torvalds@...ux.intel.com,
        Rusty Russell <rusty@...tcorp.com.au>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        ciaran.farrell@...e.com, christopher.denicolo@...e.com,
        fontana@...rpeleven.org, copyleft-next@...ts.fedorahosted.org,
        One Thousand Gnomes <gnomes@...rguk.ukuu.org.uk>,
        Theodore Ts'o <tytso@....edu>, Paul Bolle <pebolle@...cali.nl>,
        Peter Anvin <hpa@...or.com>, Joe Perches <joe@...ches.com>
Subject: Re: Kernel modules under new copyleft licence : (was Re: [PATCH v2]
 module.h: add copyleft-next >= 0.3.1 as GPL compatible)

On Mon, May 15, 2017 at 04:18:14PM +0100, Alan Cox wrote:
> > such "or" language can be a bit confusing.  My understanding is such "or"
> > language is really is only necessary or helpful for when you have some sort
> > of incompatible licenses, and that's not the case here.
> 
> The problem is that it takes a lawyer to decide whether the two are
> compatible.

At the very least 3 attorneys have reviewed this by now. 2 at SUSE and
one at Red Hat. At least.

> If you just stuck the kernel one under GPLv2 with a note
> that you can get a non-GPL one at URL or as dual licence it would be a
> hell of a lot simpler.
> 
> There are reasons there is stuff under things like dual BSD/GPL.

I recall -- you clarified this to me a while back.

> It keeps lawyers happier because they don't have to spend time on it and
> the rest of us happy because we don't have to talk to lawyers 8)

I see, makes sense.

> > Since the license *already explicitly states GPLv2 applies* when
> > copyleft-next
> 
> Subject to getting your corporate legal team to evaluate it.

But I did, and I did try to go through any other process to vet for it.
The clarity should help us avoid the "dual or" language.

> It's all hassle and friction.

I have done the work though, however I can understand this might mean others
down the chain might need to burn some ink on this. Even if our position is:

"we rather avoid any attorneys burning any ink and we prefer to just always
require this 'dual or' language even for licenses which corporate attorneys
have vetted as compatible"

Wouldn't that still require a bit of ink?

  Luis

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ