lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <e7d97b3d-1880-4c89-bbf2-a742d6ac9e6b@kernel.org>
Date: Thu, 14 Nov 2024 12:14:16 +0100
From: Uwe Kleine-König <ukleinek@...nel.org>
To: Werner Sembach <wse@...edocomputers.com>,
 Luis Chamberlain <mcgrof@...nel.org>
Cc: tux@...edocomputers.com, Petr Pavlu <petr.pavlu@...e.com>,
 Sami Tolvanen <samitolvanen@...gle.com>, Daniel Gomez
 <da.gomez@...sung.com>, linux-modules@...r.kernel.org,
 linux-kernel@...r.kernel.org, Thorsten Leemhuis <linux@...mhuis.info>
Subject: Re: [PATCH 0/2] module: Block modules by Tuxedo from accessing GPL
 symbols

Hello,

On 11/14/24 11:49, Werner Sembach wrote:
> Am 14.11.24 um 11:31 schrieb Uwe Kleine-König:
>> the kernel modules provided by Tuxedo on
>> https://gitlab.com/tuxedocomputers/development/packages/tuxedo-drivers
>> are licensed under GPLv3 or later. This is incompatible with the
>> kernel's license and so makes it impossible for distributions and other
>> third parties to support these at least in pre-compiled form and so
>> limits user experience and the possibilities to work on mainlining these
>> drivers.
>>
>> This incompatibility is created on purpose to control the upstream
>> process. See https://fosstodon.org/@kernellogger/113423314337991594 for
>> a nice summary of the situation and some further links about the issue.
>>
>> Note that the pull request that fixed the MODULE_LICENSE invocations to
>> stop claiming GPL(v2) compatibility was accepted and then immediately
>> reverted "for the time being until the legal stuff is sorted out"
>> (https://gitlab.com/tuxedocomputers/development/packages/tuxedo- 
>> drivers/-/commit/a8c09b6c2ce6393fe39d8652d133af9f06cfb427).
> 
> As already being implied by that commit message, this is sadly not an 
> issue that can be sorted out over night.
> 
> We ended up in this situation as MODULE_LICENSE("GPL") on its own does 
> not hint at GPL v2, if one is not aware of the license definition table 
> in the documentation.

That statement isn't consistent with you saying to pick GPLv3 as an 
explicitly incompatible license to control the mainlining process. So 
you knew that it's legally at least questionable to combine these licenses.

The only thing I could accept here is that you were surprised that the 
incompatibility has some technical enforcement resulting in your modules 
to become nonfunctional. But that's like a thieve in a supermarket who 
asks for forgiveness because while he was aware that steeling is not 
allowed, wasn't aware there is video surveillance that might actually 
catch him.

So I'd claim MODULE_LICENSE("GPL") not being explicit to not apply for 
GPLv3 code is not a valid excuse. (Which doesn't mean the kernel 
couldn't improve here.)

Best regards
Uwe

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ