lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20230412185133.GV1391488@zorba>
Date:   Wed, 12 Apr 2023 18:51:33 +0000
From:   "Daniel Walker (danielwa)" <danielwa@...co.com>
To:     Krzysztof Kozlowski <krzysztof.kozlowski@...aro.org>
CC:     "xe-linux-external(mailer list)" <xe-linux-external@...co.com>,
        "Marcin Wierzbicki -X (mawierzb - GLOBALLOGIC INC at Cisco)" 
        <mawierzb@...co.com>, Rob Herring <robh+dt@...nel.org>,
        Daniel Walker <dwalker@...o99.com>,
        Krzysztof Kozlowski <krzysztof.kozlowski+dt@...aro.org>,
        "devicetree@...r.kernel.org" <devicetree@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v2 2/2] dt-bindings: cisco: document the CrayAR
 compatibles

On Wed, Apr 12, 2023 at 07:18:51PM +0200, Krzysztof Kozlowski wrote:
> On 12/04/2023 19:01, Daniel Walker (danielwa) wrote:
> >>
> >> Yes, I understand this. But also how corporations work should not really
> >> be my problem. Especially that many of them were able to relicense even
> >> existing work, not mentioning new work. New work is piece of cake
> >> comparing with army of lawyers for existing, released work! Yet they
> >> could...
> >>
> >>>
> >>> What benefit does a BSD license hold for my employer over GPL v2 ?
> >>
> >> As BSD is permissive, it does not force the employer or its customer to
> >> release the derived works to customers. GPL requires it (simplifying
> >> now). The employer and its customer have now choice. Dual license gives
> >> more choices. More choices is beneficial for the company or its
> >> customers, isn't?
> > 
> > I don't think we derive value from this because Cisco only sells chips internally, not
> > externally.
> 
> My answer was generic: dual license is beneficial for a company. Not
> specific: dual license is beneficial for Cisco. It might be the case you
> do not have benefits from dual license, but you also do not loose anything.
> 
> Anyway, if SW release (for such chip) ever reaches external customer,
> then it matters. GPL compliance is for some lawyers huge pain and scary
> stuff, although should not be...
 
GPL v2 has benefits in that the sources must be release. Cisco would lose that
under a BSD license.


> >>>
> >>> It's very likely that new bindings will be made by making a copy of other
> >>> bindings, then make modifications. If my company copied bindings which are GPL
> >>> v2, then we are required to honor the license of the prior binding
> >>> and that means we legally aren't allowed to relicense under BSD AFAIK.
> >>
> >> So copy some bindings which are dual-licensed... Since this is new work,
> >> you can do it.
> > 
> > Writing the binding is already done. It's hard to go back.
> 
> You can go back any time. Just "rm -fr" and write again. Since there is
> no other copyright holder than you (and/or your employer), you can do
> pretty much anything you wish with it.
> 
> > 
> > Is this dual license mandate documented someplace,
> 
> Run checkpatch and do not send patches which fail.
 
checkpatch actually contributes to the problem because it doesn't tell you not
to use GPL v2 bindings as a base for new bindings prior to making the binding.
It tells you after you already made the binding.

> > because it seems like a
> > massive trap.
> 
> Trap? Of what? Srsly... I heard GPL is a trap, but never about dual or
> BSD license.
 
It's a trap because people may use GPL v2 bindings as a basis for new bindings,
then get told later to relicense (either by checkpatch or you), something that
maybe difficult or not possible to do after the fact, or worse they relicense in
violation of the GPL v2 license.

> > 
> >>>
> >>> Also the documentation for the bindings here Documentation/devicetree/
> >>>
> >>> changesets.rst
> >>> dynamic-resolution-notes.rst
> >>> index.rst
> >>> kernel-api.rst
> >>> of_unittest.rst
> >>> overlay-notes.rst
> >>> usage-model.rst
> >>>
> >>> all the rst files are GPL v2 and not dual license.
> >>
> >> These are not bindings, so I do not understand your argument. What do
> >> you prove? That non-bindings do not have to use bindings rules? Yes,
> >> they are not bindings...
> >>
> >> Anyway, I feel like we are making some useless circles and wasting quite
> >> a lot of energy on trivial rule. I tried to explain it, but if you do
> >> not like it - it's your choice. It will be a NAK.
> > 
> > I'm pointing out that your dual license mandate has problems. Another issue is
> > you have dts files exclusively GPL v2,
> 
> It's not a problem... but even if it was, why do you not want to
> dual-license them as well?
 
It's not my choice.

> > and the dt bindings have dts fragments
> > which then have to be relicensed under BSD.
> 
> Point me to the DTS fragment in this patch. I could not find it.

I'm saying generally many dts fragments are included inside the dt binding files
as examples. So examples can't be relicensed unless it's coming from the
original copyright holder.

> > 
> > Are you as well going to nak our dts files? Or are those ok without bindings ?
> 
> 1. All compatibles must be documented, so if your DTS does not follow
> this rule I will NAK.
> 2. New platforms are supposed to have zero dtbs_check warnings, which is
> depending on above (1) plus enforces DT schema conversion.

So your response is yes, you will nak even dts files licensed correctly in order
to enforce your dual licensing scheme on dt bindings.

It's kind of unbelievable that the Linux community rejects even correctly
licensed device tree files.


Daniel

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ