lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <f7f8fa08-004b-4092-a4df-90cac8e325e2@tuxedocomputers.com>
Date: Thu, 14 Nov 2024 12:44:11 +0100
From: Werner Sembach <wse@...edocomputers.com>
To: Uwe Kleine-König <ukleinek@...nel.org>,
 Luis Chamberlain <mcgrof@...nel.org>
Cc: tux@...edocomputers.com, Petr Pavlu <petr.pavlu@...e.com>,
 Sami Tolvanen <samitolvanen@...gle.com>, Daniel Gomez
 <da.gomez@...sung.com>, linux-modules@...r.kernel.org,
 linux-kernel@...r.kernel.org, Thorsten Leemhuis <linux@...mhuis.info>
Subject: Re: [PATCH 0/2] module: Block modules by Tuxedo from accessing GPL
 symbols

Hello,

Am 14.11.24 um 12:14 schrieb Uwe Kleine-König:
> Hello,
>
> On 11/14/24 11:49, Werner Sembach wrote:
>> Am 14.11.24 um 11:31 schrieb Uwe Kleine-König:
>>> the kernel modules provided by Tuxedo on
>>> https://gitlab.com/tuxedocomputers/development/packages/tuxedo-drivers
>>> are licensed under GPLv3 or later. This is incompatible with the
>>> kernel's license and so makes it impossible for distributions and other
>>> third parties to support these at least in pre-compiled form and so
>>> limits user experience and the possibilities to work on mainlining these
>>> drivers.
>>>
>>> This incompatibility is created on purpose to control the upstream
>>> process. See https://fosstodon.org/@kernellogger/113423314337991594 for
>>> a nice summary of the situation and some further links about the issue.
>>>
>>> Note that the pull request that fixed the MODULE_LICENSE invocations to
>>> stop claiming GPL(v2) compatibility was accepted and then immediately
>>> reverted "for the time being until the legal stuff is sorted out"
>>> (https://gitlab.com/tuxedocomputers/development/packages/tuxedo- 
>>> drivers/-/commit/a8c09b6c2ce6393fe39d8652d133af9f06cfb427).
>>
>> As already being implied by that commit message, this is sadly not an issue 
>> that can be sorted out over night.
>>
>> We ended up in this situation as MODULE_LICENSE("GPL") on its own does not 
>> hint at GPL v2, if one is not aware of the license definition table in the 
>> documentation.
>
> That statement isn't consistent with you saying to pick GPLv3 as an explicitly 
> incompatible license to control the mainlining process. So you knew that it's 
> legally at least questionable to combine these licenses.
Put in the time-dimension and you can figure out where this isn't inconsistent.
>
> The only thing I could accept here is that you were surprised that the 
> incompatibility has some technical enforcement resulting in your modules to 
> become nonfunctional. But that's like a thieve in a supermarket who asks for 
> forgiveness because while he was aware that steeling is not allowed, wasn't 
> aware there is video surveillance that might actually catch him.
>
> So I'd claim MODULE_LICENSE("GPL") not being explicit to not apply for GPLv3 
> code is not a valid excuse. (Which doesn't mean the kernel couldn't improve 
> here.)

I can not tell anything else than I wrote above so I probably can't gain your 
trust that it was an honest mistake.

Thing is we are working on rewriting the driver bit by bit directly for upstream 
under GPL v2, e.g. 
https://lore.kernel.org/all/20241001180658.76396-2-wse@tuxedocomputers.com/

And we don't stop anyone else from doing so and actively involve ourself in the 
process, giving advice where we can from our experience with the devices, e.g. 
https://github.com/Wer-Wolf/uniwill-laptop/issues/1

And tuxedo-drivers got code in the past from external contributors under GPL v3 
that also weren't aware of the correct definition of MODULE_LICENSE("GPL") which 
needs to be sorted out.

And no tuxedo-drivers module would get accepted upstream as is at the moment, 
because the focus of the driver package is mainly to get support for new devices 
out as quickly as possible, while upstream rightfully has way stricter 
guidelines on code quality (not implying that tuxedo-drivers has bad code 
quality, it's a spectrum after all).

What I want to say: If the end goal is upstream support for our devices nothing 
is speed up by the relicensing, arguably it's slowed down because someone now 
has to sort out legal stuff. If you want to take on the actual coding work 
yourself, please do so, I will give you advice as I did with Armins uniwill 
laptop driver and several times on the mailing list.

Kind regards,

Werner Sembach

>
> Best regards
> Uwe

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ