Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Alexandre Oliva wrote: > On Jun 26, 2007, Al Boldi <[EMAIL PROTECTED]> wrote: > > I read your scenario of the vendor not giving you the source to mean: > > not directly; i.e. they could give you a third-party download link. > > This has never been enough to comply with GPLv2. Section 3a of the GPLv2 mentions "a medium customarily used for software interchange". I would think the Internet is a medium customarily used for software interchange, is it not? Thanks! -- Al - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 26, 2007, [EMAIL PROTECTED] wrote: >> However, if the site takes the sources out, you're still responsible >> for providing sources to those who received the sources from you from >> that point on. Or something like that, IANAL ;-) > this sounds like a step backwards, you may not have the sources at > that point if you were relying on the other site to host them. You should have them. This provision is not an excuse from your obligations, it's just a pragmatic concession. > and by the way, internet access never was a barrier that could stop > someone from obtaining them Back when GPLv2 was written, it really was. -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
RE: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
[EMAIL PROTECTED] wrote: > this sounds like a step backwards, you may not have the sources at that > point if you were relying on the other site to host them. You would then be violating the GPL, under any version. The GPL is quite clear that being unable to comply with it means you do not get the benefits it offers rather than excusing you from meeting its requirements. You *MUST* have the source code in order to distribute it on request. You cannot ship GPL'd works without offering source code just by arranging it (deliberately or accidentally) so that you don't have the source code. > and by the way, internet access never was a barrier that could stop > someone from obtaining them, the only issue was you hosting the source vs > someone else hosting the source. The GPLv2 never specified one way or the other. If you do allow someone else to host them, you are responsible for making sure they remain available for at least three years from the last time you used them as an offer. Should they stop distributing, you would be violating the GPL. Nothing in the GPL says you can't rely on third parties for your GPL compliance. Of course, this could be a very risky thing to do. However, there is no GPL violation so long as they do in fact remain operational for three years from the last time you distributed. In fact, a third party is no more risky than any other setup. Any company can go out of business within the three-year period after distribution. There are many real-world cases where a third party having the source is actually more likely to result in actual GPL compliance than the distributor. (Consider a fly-by-night company selling Fedora binary distributions burnt to CDROM on the stop for $1 on a street corner.) One way to avoid this problem is to maintain your own web page that links to the third party's download. You would have to host the sources yourself if you couldn't make other arrangements at any point during the three year period. This is no different from any other case where the offer is not honored. If the offer is not honored in a case where the GPL requires that it be, the GPL is being violated. DS - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
RE: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
> On Jun 26, 2007, "David Schwartz" <[EMAIL PROTECTED]> wrote: > > > Alexandre Oliva: > > >> On Jun 26, 2007, Al Boldi <[EMAIL PROTECTED]> wrote: > > >> > I read your scenario of the vendor not giving you the source to > >> > mean: not directly; i.e. they could give you a third-party > >> > download link. > > >> This has never been enough to comply with GPLv2. > > > A lot of people seem to say this, but I don't think it's true. > > http://www.gnu.org/licenses/gpl-faq.html#TOCUnchangedJustBinary This consists of entirely unsupported statements. > and > the 3 questions after that should be enlightening as to why people say > this ;-) > > cost of physically performing source distribution, a complete > ^^ > > Why would 'physically' be there if it didn't mean anything? It does. It means you can't charge for adminsitrative or other costs associated with performing the source distribution. It's necessary because otherwise someone could claim that it costs them $10,000 to give you the source code because they need to purchase a license from someone else. This limits what you can charge for but does not specify what you have to do. > When > interpreting legal texts, that's one sort of question you should ask > yourself. It's obvious why it's there. If you're going to charge for the distribution, the charge must be nominal and justified by actual distribution cost. Note that even a distribution over the Internet must be physically performed in this sense (actual physical activity by a human being is required to perform this type of distribution, both in setup and in maintenance). I would argue that the GPL allows you to charge these costs if you really wanted to, though it's hard to imagine why anyone would bother. DS - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
RE: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
> But thats YOURcompanyname.com. Not a third party. If you gave as a > link somebodyelsescompany.com/gpl then somebodyelse could get rid of > the link, and your offer wouldn't be valid for "at least three years" > > T You mean it might not be valid for at least three years. It also might be. You also might go out of business in less than three years. You're not violating the GPL simply because you might not be able to honor your offer in less than three years. You're violating the GPL when you in fact fail to honor it. I do agree that providing a link to a third party URL is risky, but I do not agree that it doesn't comply with the GPL. DS - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 26, 2007, "David Schwartz" <[EMAIL PROTECTED]> wrote: > Alexandre Oliva: >> On Jun 26, 2007, Al Boldi <[EMAIL PROTECTED]> wrote: >> > I read your scenario of the vendor not giving you the source to >> > mean: not directly; i.e. they could give you a third-party >> > download link. >> This has never been enough to comply with GPLv2. > A lot of people seem to say this, but I don't think it's true. http://www.gnu.org/licenses/gpl-faq.html#TOCUnchangedJustBinary and the 3 questions after that should be enlightening as to why people say this ;-) cost of physically performing source distribution, a complete ^^ Why would 'physically' be there if it didn't mean anything? When interpreting legal texts, that's one sort of question you should ask yourself. -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Tue, 26 Jun 2007, Alexandre Oliva wrote: On Jun 26, 2007, [EMAIL PROTECTED] wrote: unless you are saying that the GPLv3 is saying that a third party link now _is_ sufficiant. Yup. The improvement in GPLv3 is to relax the requirement of providing source code in physical medium if you choose to not distribute it along with the binaries. It's recognizing that internet access is no longer a barrier that could stop someone from obtaining the sources they're entitled to. Even someone who doesn't have regular or fast internet access can hire a third party who does to perform the download and record it. I.e., with GPLv3, you *can* point at the sources you used, even in a site that you don't control. However, if the site takes the sources out, you're still responsible for providing sources to those who received the sources from you from that point on. Or something like that, IANAL ;-) this sounds like a step backwards, you may not have the sources at that point if you were relying on the other site to host them. and by the way, internet access never was a barrier that could stop someone from obtaining them, the only issue was you hosting the source vs someone else hosting the source. David Lang - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 26, 2007, [EMAIL PROTECTED] wrote: > unless you are saying that the GPLv3 is saying that a third party link > now _is_ sufficiant. Yup. The improvement in GPLv3 is to relax the requirement of providing source code in physical medium if you choose to not distribute it along with the binaries. It's recognizing that internet access is no longer a barrier that could stop someone from obtaining the sources they're entitled to. Even someone who doesn't have regular or fast internet access can hire a third party who does to perform the download and record it. I.e., with GPLv3, you *can* point at the sources you used, even in a site that you don't control. However, if the site takes the sources out, you're still responsible for providing sources to those who received the sources from you from that point on. Or something like that, IANAL ;-) -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
"The source code for this product is available under the terms of the GPL from the following web page http://www.mycompanyname.com/gpl; This assumes that no special steps are needed to obtain the software from that web page. But thats YOURcompanyname.com. Not a third party. If you gave as a link somebodyelsescompany.com/gpl then somebodyelse could get rid of the link, and your offer wouldn't be valid for "at least three years" T -- |_|0|_| |_|_|0| |0|0|0| - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
RE: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Alexandre Oliva: > On Jun 26, 2007, Al Boldi <[EMAIL PROTECTED]> wrote: > > > I read your scenario of the vendor not giving you the source to > > mean: not > > directly; i.e. they could give you a third-party download link. > > This has never been enough to comply with GPLv2. A lot of people seem to say this, but I don't think it's true. Section 3b says: Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, A web page with a download URL is just such an offer. The Internet is a medium customarily used for software interchange. I do not see why the following statement doesn't meet the requirements above: "The source code for this product is available under the terms of the GPL from the following web page http://www.mycompanyname.com/gpl; This assumes that no special steps are needed to obtain the software from that web page. DS - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Tue, 26 Jun 2007, Alexandre Oliva wrote: On Jun 26, 2007, Al Boldi <[EMAIL PROTECTED]> wrote: I read your scenario of the vendor not giving you the source to mean: not directly; i.e. they could give you a third-party download link. This has never been enough to comply with GPLv2. FWIW, it is one of the improvements in GPLv3. either it's an improvement in the GPLv3 or it's a violation of GPLv2. you can't say that the GPLv2 prohibits it _and_ it's an improvement in the GPLv3. unless you are saying that the GPLv3 is saying that a third party link now _is_ sufficiant. this seems to be counter to what the FSF is claiming (with good reasoning. after all, you don't control the third party site, so it could change or go away and now the people who got the binaries from you can't get the sources) David Lang - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 26, 2007, Al Boldi <[EMAIL PROTECTED]> wrote: > I read your scenario of the vendor not giving you the source to mean: not > directly; i.e. they could give you a third-party download link. This has never been enough to comply with GPLv2. FWIW, it is one of the improvements in GPLv3. -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Alexandre Oliva wrote: > On Jun 26, 2007, Al Boldi <[EMAIL PROTECTED]> wrote: > >> Is it in the spirit of GPLv2? > > > > No, but that's besides the point. > > Thanks for informing me about the point *I*'m trying to make ;-) > > > You can only hold people responsible for the letter, lest there be > > chaos. > > That's not *quite* how it works, but that's a general idea, yes. > > >> How are the sources passed on in this way going to benefit the user or > >> the community? > > > > They still have to provide the source by other GPL means of their > > choosing. > > This is contradictory. You said the scenario I described was > permitted, and the scenario included the vendor's refusal to give > customers other copies of the sources. > > Which is it? I read your scenario of the vendor not giving you the source to mean: not directly; i.e. they could give you a third-party download link. Thanks! -- Al - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 26, 2007, Al Boldi <[EMAIL PROTECTED]> wrote: >> Is it in the spirit of GPLv2? > No, but that's besides the point. Thanks for informing me about the point *I*'m trying to make ;-) > You can only hold people responsible for the letter, lest there be chaos. That's not *quite* how it works, but that's a general idea, yes. >> How are the sources passed on in this way going to benefit the user or the >> community? > They still have to provide the source by other GPL means of their choosing. This is contradictory. You said the scenario I described was permitted, and the scenario included the vendor's refusal to give customers other copies of the sources. Which is it? -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 26, 2007, Al Boldi [EMAIL PROTECTED] wrote: Is it in the spirit of GPLv2? No, but that's besides the point. Thanks for informing me about the point *I*'m trying to make ;-) You can only hold people responsible for the letter, lest there be chaos. That's not *quite* how it works, but that's a general idea, yes. How are the sources passed on in this way going to benefit the user or the community? They still have to provide the source by other GPL means of their choosing. This is contradictory. You said the scenario I described was permitted, and the scenario included the vendor's refusal to give customers other copies of the sources. Which is it? -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Alexandre Oliva wrote: On Jun 26, 2007, Al Boldi [EMAIL PROTECTED] wrote: Is it in the spirit of GPLv2? No, but that's besides the point. Thanks for informing me about the point *I*'m trying to make ;-) You can only hold people responsible for the letter, lest there be chaos. That's not *quite* how it works, but that's a general idea, yes. How are the sources passed on in this way going to benefit the user or the community? They still have to provide the source by other GPL means of their choosing. This is contradictory. You said the scenario I described was permitted, and the scenario included the vendor's refusal to give customers other copies of the sources. Which is it? I read your scenario of the vendor not giving you the source to mean: not directly; i.e. they could give you a third-party download link. Thanks! -- Al - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 26, 2007, Al Boldi [EMAIL PROTECTED] wrote: I read your scenario of the vendor not giving you the source to mean: not directly; i.e. they could give you a third-party download link. This has never been enough to comply with GPLv2. FWIW, it is one of the improvements in GPLv3. -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Tue, 26 Jun 2007, Alexandre Oliva wrote: On Jun 26, 2007, Al Boldi [EMAIL PROTECTED] wrote: I read your scenario of the vendor not giving you the source to mean: not directly; i.e. they could give you a third-party download link. This has never been enough to comply with GPLv2. FWIW, it is one of the improvements in GPLv3. either it's an improvement in the GPLv3 or it's a violation of GPLv2. you can't say that the GPLv2 prohibits it _and_ it's an improvement in the GPLv3. unless you are saying that the GPLv3 is saying that a third party link now _is_ sufficiant. this seems to be counter to what the FSF is claiming (with good reasoning. after all, you don't control the third party site, so it could change or go away and now the people who got the binaries from you can't get the sources) David Lang - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
RE: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Alexandre Oliva: On Jun 26, 2007, Al Boldi [EMAIL PROTECTED] wrote: I read your scenario of the vendor not giving you the source to mean: not directly; i.e. they could give you a third-party download link. This has never been enough to comply with GPLv2. A lot of people seem to say this, but I don't think it's true. Section 3b says: Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, A web page with a download URL is just such an offer. The Internet is a medium customarily used for software interchange. I do not see why the following statement doesn't meet the requirements above: The source code for this product is available under the terms of the GPL from the following web page http://www.mycompanyname.com/gpl; This assumes that no special steps are needed to obtain the software from that web page. DS - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
The source code for this product is available under the terms of the GPL from the following web page http://www.mycompanyname.com/gpl; This assumes that no special steps are needed to obtain the software from that web page. But thats YOURcompanyname.com. Not a third party. If you gave as a link somebodyelsescompany.com/gpl then somebodyelse could get rid of the link, and your offer wouldn't be valid for at least three years T -- |_|0|_| |_|_|0| |0|0|0| - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 26, 2007, [EMAIL PROTECTED] wrote: unless you are saying that the GPLv3 is saying that a third party link now _is_ sufficiant. Yup. The improvement in GPLv3 is to relax the requirement of providing source code in physical medium if you choose to not distribute it along with the binaries. It's recognizing that internet access is no longer a barrier that could stop someone from obtaining the sources they're entitled to. Even someone who doesn't have regular or fast internet access can hire a third party who does to perform the download and record it. I.e., with GPLv3, you *can* point at the sources you used, even in a site that you don't control. However, if the site takes the sources out, you're still responsible for providing sources to those who received the sources from you from that point on. Or something like that, IANAL ;-) -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Tue, 26 Jun 2007, Alexandre Oliva wrote: On Jun 26, 2007, [EMAIL PROTECTED] wrote: unless you are saying that the GPLv3 is saying that a third party link now _is_ sufficiant. Yup. The improvement in GPLv3 is to relax the requirement of providing source code in physical medium if you choose to not distribute it along with the binaries. It's recognizing that internet access is no longer a barrier that could stop someone from obtaining the sources they're entitled to. Even someone who doesn't have regular or fast internet access can hire a third party who does to perform the download and record it. I.e., with GPLv3, you *can* point at the sources you used, even in a site that you don't control. However, if the site takes the sources out, you're still responsible for providing sources to those who received the sources from you from that point on. Or something like that, IANAL ;-) this sounds like a step backwards, you may not have the sources at that point if you were relying on the other site to host them. and by the way, internet access never was a barrier that could stop someone from obtaining them, the only issue was you hosting the source vs someone else hosting the source. David Lang - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 26, 2007, David Schwartz [EMAIL PROTECTED] wrote: Alexandre Oliva: On Jun 26, 2007, Al Boldi [EMAIL PROTECTED] wrote: I read your scenario of the vendor not giving you the source to mean: not directly; i.e. they could give you a third-party download link. This has never been enough to comply with GPLv2. A lot of people seem to say this, but I don't think it's true. http://www.gnu.org/licenses/gpl-faq.html#TOCUnchangedJustBinary and the 3 questions after that should be enlightening as to why people say this ;-) cost of physically performing source distribution, a complete ^^ Why would 'physically' be there if it didn't mean anything? When interpreting legal texts, that's one sort of question you should ask yourself. -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
RE: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
But thats YOURcompanyname.com. Not a third party. If you gave as a link somebodyelsescompany.com/gpl then somebodyelse could get rid of the link, and your offer wouldn't be valid for at least three years T You mean it might not be valid for at least three years. It also might be. You also might go out of business in less than three years. You're not violating the GPL simply because you might not be able to honor your offer in less than three years. You're violating the GPL when you in fact fail to honor it. I do agree that providing a link to a third party URL is risky, but I do not agree that it doesn't comply with the GPL. DS - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
RE: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 26, 2007, David Schwartz [EMAIL PROTECTED] wrote: Alexandre Oliva: On Jun 26, 2007, Al Boldi [EMAIL PROTECTED] wrote: I read your scenario of the vendor not giving you the source to mean: not directly; i.e. they could give you a third-party download link. This has never been enough to comply with GPLv2. A lot of people seem to say this, but I don't think it's true. http://www.gnu.org/licenses/gpl-faq.html#TOCUnchangedJustBinary This consists of entirely unsupported statements. and the 3 questions after that should be enlightening as to why people say this ;-) cost of physically performing source distribution, a complete ^^ Why would 'physically' be there if it didn't mean anything? It does. It means you can't charge for adminsitrative or other costs associated with performing the source distribution. It's necessary because otherwise someone could claim that it costs them $10,000 to give you the source code because they need to purchase a license from someone else. This limits what you can charge for but does not specify what you have to do. When interpreting legal texts, that's one sort of question you should ask yourself. It's obvious why it's there. If you're going to charge for the distribution, the charge must be nominal and justified by actual distribution cost. Note that even a distribution over the Internet must be physically performed in this sense (actual physical activity by a human being is required to perform this type of distribution, both in setup and in maintenance). I would argue that the GPL allows you to charge these costs if you really wanted to, though it's hard to imagine why anyone would bother. DS - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
RE: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
[EMAIL PROTECTED] wrote: this sounds like a step backwards, you may not have the sources at that point if you were relying on the other site to host them. You would then be violating the GPL, under any version. The GPL is quite clear that being unable to comply with it means you do not get the benefits it offers rather than excusing you from meeting its requirements. You *MUST* have the source code in order to distribute it on request. You cannot ship GPL'd works without offering source code just by arranging it (deliberately or accidentally) so that you don't have the source code. and by the way, internet access never was a barrier that could stop someone from obtaining them, the only issue was you hosting the source vs someone else hosting the source. The GPLv2 never specified one way or the other. If you do allow someone else to host them, you are responsible for making sure they remain available for at least three years from the last time you used them as an offer. Should they stop distributing, you would be violating the GPL. Nothing in the GPL says you can't rely on third parties for your GPL compliance. Of course, this could be a very risky thing to do. However, there is no GPL violation so long as they do in fact remain operational for three years from the last time you distributed. In fact, a third party is no more risky than any other setup. Any company can go out of business within the three-year period after distribution. There are many real-world cases where a third party having the source is actually more likely to result in actual GPL compliance than the distributor. (Consider a fly-by-night company selling Fedora binary distributions burnt to CDROM on the stop for $1 on a street corner.) One way to avoid this problem is to maintain your own web page that links to the third party's download. You would have to host the sources yourself if you couldn't make other arrangements at any point during the three year period. This is no different from any other case where the offer is not honored. If the offer is not honored in a case where the GPL requires that it be, the GPL is being violated. DS - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 26, 2007, [EMAIL PROTECTED] wrote: However, if the site takes the sources out, you're still responsible for providing sources to those who received the sources from you from that point on. Or something like that, IANAL ;-) this sounds like a step backwards, you may not have the sources at that point if you were relying on the other site to host them. You should have them. This provision is not an excuse from your obligations, it's just a pragmatic concession. and by the way, internet access never was a barrier that could stop someone from obtaining them Back when GPLv2 was written, it really was. -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Alexandre Oliva wrote: On Jun 26, 2007, Al Boldi [EMAIL PROTECTED] wrote: I read your scenario of the vendor not giving you the source to mean: not directly; i.e. they could give you a third-party download link. This has never been enough to comply with GPLv2. Section 3a of the GPLv2 mentions a medium customarily used for software interchange. I would think the Internet is a medium customarily used for software interchange, is it not? Thanks! -- Al - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Alexandre Oliva wrote: > Consider this scenario: vendor tivoizes Linux in the device, and > includes the corresponding sources only in a partition that is > theoretically accessible using the shipped kernel, but that nothing in > the software available in the machine will let you get to. Further, > sources (like everything else on disk) are encrypted, and you can only > decrypt it with hardware crypto that is disabled if the boot loader > doesn't find a correct signature for the boot partition, or maybe the > signature is irrelevant, given that everything on disk is encrypted in > such a way that, if you don't have the keys, you can't update the > kernel properly anyway. The vendor refuses to give customers other > copies of the sources. To add insult to the injury, the vendor > configures the computer to set up the encrypted disk partition > containing the sources as a swap device, such that the shared-secret > key used to access that entire filesystem is overwritten upon the > first boot, rendering the entire previous contents of the partition > holding the source code into an incomprehensible stream of bits. > > Does anyone think this is permitted by the letter of GPLv2? Yes. > Is it in the spirit of GPLv2? No, but that's besides the point. You can only hold people responsible for the letter, lest there be chaos. If there is a specific usage spirit you want to protect, then you must formulate it in letter. > How are the sources passed on in this way going to benefit the user or the > community? They still have to provide the source by other GPL means of their choosing. > Is this still desirable by the Linux developers? Looks undesirable to me, but still valid. Thanks! -- Al - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Alexandre Oliva wrote: Consider this scenario: vendor tivoizes Linux in the device, and includes the corresponding sources only in a partition that is theoretically accessible using the shipped kernel, but that nothing in the software available in the machine will let you get to. Further, sources (like everything else on disk) are encrypted, and you can only decrypt it with hardware crypto that is disabled if the boot loader doesn't find a correct signature for the boot partition, or maybe the signature is irrelevant, given that everything on disk is encrypted in such a way that, if you don't have the keys, you can't update the kernel properly anyway. The vendor refuses to give customers other copies of the sources. To add insult to the injury, the vendor configures the computer to set up the encrypted disk partition containing the sources as a swap device, such that the shared-secret key used to access that entire filesystem is overwritten upon the first boot, rendering the entire previous contents of the partition holding the source code into an incomprehensible stream of bits. Does anyone think this is permitted by the letter of GPLv2? Yes. Is it in the spirit of GPLv2? No, but that's besides the point. You can only hold people responsible for the letter, lest there be chaos. If there is a specific usage spirit you want to protect, then you must formulate it in letter. How are the sources passed on in this way going to benefit the user or the community? They still have to provide the source by other GPL means of their choosing. Is this still desirable by the Linux developers? Looks undesirable to me, but still valid. Thanks! -- Al - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
In the sense that he can decide to remove all contributions from dissenting authors, yes, he does. But he can't impose his more lax interpretation upon other authors. Under copyright, it's the more yes, I saw my argument going weak as I wrote it, but what I said later: So if you own a part of the kernel, then you can pursuit TiVo on your own, if they did direct use of that part especifically and break (in your opinion) what you feel GPLv2 means. You can form the CATV2 (CodersAgainstTiVo v2) and try to get TiVo to stop using the Linux Kernel for their product (because, believe me, they WON'T release the keys). Yeay, we lost Tivo's improvements on the kernel, and the posibility of having a working kernel if anyone feels like back-ingeneering TiVo for their own amusement. is still right. What I meant, at least by the end of that email, was that he has the last word on trying to stop TiVo from using The Linux Kernel. Each author can still go and stop them from using his part, and the derivative work that is The Linux Kernel. But that brings another question: what if TiVo decided to remove all code from the complaining parts and rewrite them? that wouldn't be The Linux Kernel anymore, but it would be a derivative work of all the parts that don't disagree with Tivoization, but is that legal? -- |_|0|_| |_|_|0| |0|0|0| - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 22, 2007, "Tomas Neme" <[EMAIL PROTECTED]> wrote: > The thing is, what matters in copyright and licencing matters is what > the author of the code understands, no the licence's author, if > ambiguous. And the kernel's rights holder is Linus. Since he didn't get copyright assignments, each contributor is the copyright holder of her/his own contribution. And this means each holder gets a say on how s/he understood GPLv2. IANAL, but I think if Linus' intended interpretation had been clarified all the way from the beginning, he could have grounds to claim that everyone else had implicitly accepted that reading by contributing to the project. But since it was a decision made many years later, his clarification on his reading of the license is in a way an additional permission that affects only his own contributions; other authors are still entitled to try to enforce their understanding of the legal terms of the license, and they would have the spirit of the GPL and its preamble on their side to guide the interpretation. Even if contract law states something like, in adhesion contracts, the party who writes the contract gives the other party the benefits of any ambiguity in the writing, the GPL is not a contract, it's a license, and per copyright law, licenses are to be interpreted restrictively. > Linus has the last word on it. In the sense that he can decide to remove all contributions from dissenting authors, yes, he does. But he can't impose his more lax interpretation upon other authors. Under copyright, it's the more restrictive reading that prevails, in that any holder who understands his rights are being trampled can enforce them. And since at least one such author is vocal in his dissent, not even estoppel defenses would apply. But IANAL. -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
powerful. It is pretty obvious that when Linus adopted GPLv2 he didn't realize it reached that point. That when Tivo invented Tivoization, he decided he wanted to permit this, and thus grants an implicit additional permission for anyone to do it with his code, doesn't mean other participants in the Linux community feel the same way, or read the GPLv2 the same way, and could be somehow stopped from enforcing the license the way they meant it. The thing is, what matters in copyright and licencing matters is what the author of the code understands, no the licence's author, if ambiguous. And the kernel's rights holder is Linus. The authors of the particular bits of code can complain about what tivo's doing, but since TiVo's using the linux kernel, and GPLv2 says "These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it." Linus has the last word on it. IANAL, but as far as I can tell this reads as "this licence applies to the whole, not to the parts by themselves", and so does who the "holder" is, I'd believe. So if you own a part of the kernel, then you can pursuit TiVo on your own, if they did direct use of that part especifically and break (in your opinion) what you feel GPLv2 means. You can form the CATV2 (CodersAgainstTiVo v2) and try to get TiVo to stop using the Linux Kernel for their product (because, believe me, they WON'T release the keys). Yeay, we lost Tivo's improvements on the kernel, and the posibility of having a working kernel if anyone feels like back-ingeneering TiVo for their own amusement. T -- |_|0|_| |_|_|0| |0|0|0| - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
powerful. It is pretty obvious that when Linus adopted GPLv2 he didn't realize it reached that point. That when Tivo invented Tivoization, he decided he wanted to permit this, and thus grants an implicit additional permission for anyone to do it with his code, doesn't mean other participants in the Linux community feel the same way, or read the GPLv2 the same way, and could be somehow stopped from enforcing the license the way they meant it. The thing is, what matters in copyright and licencing matters is what the author of the code understands, no the licence's author, if ambiguous. And the kernel's rights holder is Linus. The authors of the particular bits of code can complain about what tivo's doing, but since TiVo's using the linux kernel, and GPLv2 says These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Linus has the last word on it. IANAL, but as far as I can tell this reads as this licence applies to the whole, not to the parts by themselves, and so does who the holder is, I'd believe. So if you own a part of the kernel, then you can pursuit TiVo on your own, if they did direct use of that part especifically and break (in your opinion) what you feel GPLv2 means. You can form the CATV2 (CodersAgainstTiVo v2) and try to get TiVo to stop using the Linux Kernel for their product (because, believe me, they WON'T release the keys). Yeay, we lost Tivo's improvements on the kernel, and the posibility of having a working kernel if anyone feels like back-ingeneering TiVo for their own amusement. T -- |_|0|_| |_|_|0| |0|0|0| - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 22, 2007, Tomas Neme [EMAIL PROTECTED] wrote: The thing is, what matters in copyright and licencing matters is what the author of the code understands, no the licence's author, if ambiguous. And the kernel's rights holder is Linus. Since he didn't get copyright assignments, each contributor is the copyright holder of her/his own contribution. And this means each holder gets a say on how s/he understood GPLv2. IANAL, but I think if Linus' intended interpretation had been clarified all the way from the beginning, he could have grounds to claim that everyone else had implicitly accepted that reading by contributing to the project. But since it was a decision made many years later, his clarification on his reading of the license is in a way an additional permission that affects only his own contributions; other authors are still entitled to try to enforce their understanding of the legal terms of the license, and they would have the spirit of the GPL and its preamble on their side to guide the interpretation. Even if contract law states something like, in adhesion contracts, the party who writes the contract gives the other party the benefits of any ambiguity in the writing, the GPL is not a contract, it's a license, and per copyright law, licenses are to be interpreted restrictively. Linus has the last word on it. In the sense that he can decide to remove all contributions from dissenting authors, yes, he does. But he can't impose his more lax interpretation upon other authors. Under copyright, it's the more restrictive reading that prevails, in that any holder who understands his rights are being trampled can enforce them. And since at least one such author is vocal in his dissent, not even estoppel defenses would apply. But IANAL. -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
In the sense that he can decide to remove all contributions from dissenting authors, yes, he does. But he can't impose his more lax interpretation upon other authors. Under copyright, it's the more yes, I saw my argument going weak as I wrote it, but what I said later: So if you own a part of the kernel, then you can pursuit TiVo on your own, if they did direct use of that part especifically and break (in your opinion) what you feel GPLv2 means. You can form the CATV2 (CodersAgainstTiVo v2) and try to get TiVo to stop using the Linux Kernel for their product (because, believe me, they WON'T release the keys). Yeay, we lost Tivo's improvements on the kernel, and the posibility of having a working kernel if anyone feels like back-ingeneering TiVo for their own amusement. is still right. What I meant, at least by the end of that email, was that he has the last word on trying to stop TiVo from using The Linux Kernel. Each author can still go and stop them from using his part, and the derivative work that is The Linux Kernel. But that brings another question: what if TiVo decided to remove all code from the complaining parts and rewrite them? that wouldn't be The Linux Kernel anymore, but it would be a derivative work of all the parts that don't disagree with Tivoization, but is that legal? -- |_|0|_| |_|_|0| |0|0|0| - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 21, 2007, at 15:19:35, Stephen Clark wrote: David Schwartz wrote: On Wed, 20 Jun 2007 12:55:10 -0700 "David Schwartz" <[EMAIL PROTECTED]> wrote: A key is a number. A signature is a number. They are neither statements nor instructions. The argument that GPLv2 prohibits Tivoization is really and truly absurd. It has neither a legal nor a moral leg to stand on. A computer program is a number too. No, it's not. It can be expressed as a number, but it is not a number. ??? can be expressed as a number, but it is not a number ??? sure its a number. Keys are purely numbers, they are nothing else. Signatures are pure primitive facts encoded as numbers (authority X blessed object Y). A computer program is a set of instructions to accomplish a particular result. It can be expressed as a number, but that doesn't mean it is a number. It might be true in principle to develop a scheme whereby every physical object uniquely corresponds to an extremely large number. That doesn't turn physical objects into numbers. Both of you lose this argument. All irrational numbers, for example, "break" every copyright that could possibly exist. For example, you can find any arbitrary sequence of Base-N digits when you express PI in base-N form. I can simultaneously express both the laws of physics (not copyrightable) and the latest episode of the TV show "Numbers" (thoroughly copyrighted) as numbers. In fact, we do both all the time (you can express both the latest equations for theoretical physics and a TV show as bits (IE: numbers) on an HDD. Ergo "$FOO is a number" says *NOTHING* about whether or not copyright applies to $FOO. In case you haven't noticed, the whole damn point of math is that you can express *EVERYTHING* as numbers, albeit maybe horribly unbelievably complex ones. Now, back to actual legal issues: Since most copyright laws explicitly prevent copyrighting of pure math, the only actual protection you have for some collection of so-called numbers is whether or not the numbers *REPRESENT* something which may be copyrighted. Furthermore, copyright has _always_ been independent of representation; a person owns copyright on a book regardless of whether it's hardback, softcover, digital, memorized, etc. The person who owns the copyright on a book is able to prevent someone who has memorized the book from giving public recitals of said book, and the neuron-linkage-based storage the brain uses is about as far as you can possibly get from twiddling magnetic bits on a disk drive or dumping carbon-based inks on a page made of plant cellulose. Cheers, Kyle Moffett - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
RE: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 21, 2007, [EMAIL PROTECTED] wrote: > On Jun 21, 2007, [EMAIL PROTECTED] wrote: > >> For the record, GPLv2 is already meant to accomplish this. I don't > >> understand why people who disagree with this stance chose GPLv2. > >> Isn't "no further restrictions" clear enough? > > everyone else is reading this as 'no further license restrictions' > I didn't see anyone else add "license" where you did. "No further > restrictions on the rights granted herein" is very powerful and > extensive, and that's how it was meant to be. I agree. For example, a patent might impose a further restriction. The GPL was clearly meant to foreclose that. There are any number of other ways of nasty, subtle ways to impose further restrictions, and the GPLv2 meant to foreclose all of them. > > not no hardware restrictions' becouse GPLv2 explicitly says that it > > has nothing to do with running the software, only with distributing > > it. > It also says that running the software is not restricted, and since > copyright law in the US doesn't regulate execution, receiving the > software does grant the recipient the right to run the software. So > the distributor can't impose restrictions on it. Right. The response to this argument is that it is mind-bogglingly obvious that the GPL doesn't mean that no *authorization* decisions can stand in your way. It didn't mean that I couldn't keep the root password to my server secret even though that denies you the "right" to modify the Linux kernel running on it. Some entity has to decide what software runs on any particular piece of hardware, and it was never the intent of the GPL to specify or limit who that person was. This has been discussed many times over many years, longer before Tivoization was even thought of, and it was agreed that the GPL didn't foreclose authorization obstacles to software modification. Why doesn't Linux allow a non-root user to install a module or change which kernel the system runs? Doesn't that limit the GPL rights of all non-root users to modify the GPL'd kernel software on that machine? OF COURSE NOT. DS - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 21, 2007, [EMAIL PROTECTED] wrote: > On Thu, 21 Jun 2007, Alexandre Oliva wrote: >> On Jun 21, 2007, [EMAIL PROTECTED] wrote: >> >>> this is your right with your code. please stop browbeating people who >>> disagree with you. >> >> For the record, GPLv2 is already meant to accomplish this. I don't >> understand why people who disagree with this stance chose GPLv2. >> Isn't "no further restrictions" clear enough? > everyone else is reading this as 'no further license restrictions' I didn't see anyone else add "license" where you did. "No further restrictions on the rights granted herein" is very powerful and extensive, and that's how it was meant to be. > not no hardware restrictions' becouse GPLv2 explicitly says that it > has nothing to do with running the software, only with distributing > it. It also says that running the software is not restricted, and since copyright law in the US doesn't regulate execution, receiving the software does grant the recipient the right to run the software. So the distributor can't impose restrictions on it. -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Thu, 21 Jun 2007, Alexandre Oliva wrote: On Jun 21, 2007, [EMAIL PROTECTED] wrote: this is your right with your code. please stop browbeating people who disagree with you. For the record, GPLv2 is already meant to accomplish this. I don't understand why people who disagree with this stance chose GPLv2. Isn't "no further restrictions" clear enough? everyone else is reading this as 'no further license restrictions' not 'no hardware restrictions' becouse GPLv2 explicitly says that it has nothing to do with running the software, only with distributing it. David Lang - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 21, 2007, [EMAIL PROTECTED] wrote: > this is your right with your code. please stop browbeating people who > disagree with you. For the record, GPLv2 is already meant to accomplish this. I don't understand why people who disagree with this stance chose GPLv2. Isn't "no further restrictions" clear enough? -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 21, 2007, Andrew McKay <[EMAIL PROTECTED]> wrote: > Alexandre Oliva wrote: >> On Jun 21, 2007, Andrew McKay <[EMAIL PROTECTED]> wrote: >> >>> A balance of freedom to the licensee and the licenser. It's my >>> opinion that GPLv3 potentially shifts the balance too far to the >>> licensee. >> >> It's more of a balance of freedom between licensee and licensee, >> actually. It's a lot about making sure no one can acquire a >> privileged position, such that every licensee plays under the same >> rules. (The copyright holder is not *acquiring* a privileged >> position, copyright law had already granted him/her that position.) > I do see what you're saying here. But it does take the away the > ability of a licensee to protect themselves from another malicious > licensee. Sorry, I don't follow what the "it" refers to in your sentence. > If the ultimate goal of the Free Software community is to get source > code out to the public, I think that was captured in GPLv2. That's a correct logical inference, but since the premise is false, the conclusion is garbage. GPLv2 goes far beyond getting source code out to the public. It contains the "no further restrictions" language, which is very powerful. It is pretty obvious that when Linus adopted GPLv2 he didn't realize it reached that point. That when Tivo invented Tivoization, he decided he wanted to permit this, and thus grants an implicit additional permission for anyone to do it with his code, doesn't mean other participants in the Linux community feel the same way, or read the GPLv2 the same way, and could be somehow stopped from enforcing the license the way they meant it. Ultimately, the current situation is that we have two mutually-incompatible license intents being used in Linux, and no matter how much those who want to grant the permission say so, this doesn't trample other contributor's rights to enforce the license they chose for their code. Especially those who started contributing long before the decision that "what TiVo does is good" was announced. Now, since these two license intents are expressed by the same license, and what the license demands is that derived works must be under the same license, they are compatible, but since the intents are distinct, what prevails is, as in any case of combination of different licensing provisions, is the most restrictive provision. So Linux does not permit tivoization today. Linus does, Linux doesn't. All this fuss about the anti-tivoization provisions in GPLv3 is just a consequence of reading the GPLv2 without fully understanding its intended consequences, not having foresight to clarify the intent to constrain the "no further restrictions" provisions to match the alternate interpretation, and opposing the removal of the ambiguity because it doesn't match the choice that *some* of the developers would like it to go. Who's the ambiguity good for? -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Thu, 21 Jun 2007, Alexandre Oliva wrote: On Jun 21, 2007, [EMAIL PROTECTED] wrote: On Thu, 21 Jun 2007, Alexandre Oliva wrote: If it's input-only, then you can't possibly harm the operation of the network by only listening in, can you? Ok, so you consider any anti-piracy measures to be something that GPLv3 should prohibit. In general, I object to the use of my code in ways that don't permit users to run it for any purpose, study it, adapt it to suit their own needs, modify the code and distribute it, modified or not. If this means my code can't be used to implement DRM, that's a good thing. All anti-piracy measures I've ever known deprive users of legitimate rights too. So, yes, I don't agree with these measures. I believe in punishing the guilty, not in punishing innocent bystanders just such that the guilty have to find work arounds to become guilty. this is your right with your code. please stop browbeating people who disagree with you. David Lang - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 21, 2007, [EMAIL PROTECTED] wrote: > On Thu, 21 Jun 2007, Alexandre Oliva wrote: >> If it's input-only, then you can't possibly harm the operation of the >> network by only listening in, can you? > Ok, so you consider any anti-piracy measures to be something that > GPLv3 should prohibit. In general, I object to the use of my code in ways that don't permit users to run it for any purpose, study it, adapt it to suit their own needs, modify the code and distribute it, modified or not. If this means my code can't be used to implement DRM, that's a good thing. All anti-piracy measures I've ever known deprive users of legitimate rights too. So, yes, I don't agree with these measures. I believe in punishing the guilty, not in punishing innocent bystanders just such that the guilty have to find work arounds to become guilty. -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Alexandre Oliva wrote: On Jun 21, 2007, Andrew McKay <[EMAIL PROTECTED]> wrote: A balance of freedom to the licensee and the licenser. It's my opinion that GPLv3 potentially shifts the balance too far to the licensee. It's more of a balance of freedom between licensee and licensee, actually. It's a lot about making sure no one can acquire a privileged position, such that every licensee plays under the same rules. (The copyright holder is not *acquiring* a privileged position, copyright law had already granted him/her that position.) I do see what you're saying here. But it does take the away the ability of a licensee to protect themselves from another malicious licensee. If the ultimate goal of the Free Software community is to get source code out to the public, I think that was captured in GPLv2. GPLv3 oversteps its bounds. Anyways I think this topic has been quite covered. Andrew - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Alexandre Oliva wrote: On Jun 21, 2007, Andrew McKay <[EMAIL PROTECTED]> wrote: [EMAIL PROTECTED] wrote: how can the server tell if it's been tampered with? I agree with this statement. Err... That's a question, not a statement ;-) Sorry, that's what happens when one types before getting a cup of coffee in the morning. Andrew - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Thu, 21 Jun 2007, Alexandre Oliva wrote: On Jun 21, 2007, [EMAIL PROTECTED] wrote: On Thu, 21 Jun 2007, Alexandre Oliva wrote: On Jun 21, 2007, [EMAIL PROTECTED] wrote: no, one of the rules for the network is that the software must be certified, In this case you might have grounds to enforce this restriction of the network on the network controller itself, I suppose. how would the network controller know if the software has been modified? The loader could check that and set a flag in the controller. what sort of signal can the network controller send that couldn't be forged by the OS? Whatever the network controller designer created to enable it to do so. how would you do this where the device is a receiver on the netwoek (such as a satellite receiver) If it's input-only, then you can't possibly harm the operation of the network by only listening in, can you? Ok, so you consider any anti-piracy measures to be something that GPLv3 should prohibit. thanks for finally takeing a position. David Lang - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 21, 2007, [EMAIL PROTECTED] wrote: > On Thu, 21 Jun 2007, Lennart Sorensen wrote: >> You can't use this code if you cooporate with anyone that requires >> DRM systems. > I think their earlier versions did say this. Show me a GPLv3 draft that did it? Start here, section 3: http://gplv3.fsf.org/gpl-draft-2006-01-16.html > DRM does have some legitimate uses, for example redhat installations > not installing unsigned software is a form of DRM Doh. Then chmod og-r is DRM too. And stronger DRM while at that, since the user denied permission to read the file cannot take it back, whereas the verification of unsigned software is just a warning, that you can often bypass by telling the software to go ahead and install it regardless of signatures. -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 21, 2007, Andrew McKay <[EMAIL PROTECTED]> wrote: > A balance of freedom to the licensee and the licenser. It's my > opinion that GPLv3 potentially shifts the balance too far to the > licensee. It's more of a balance of freedom between licensee and licensee, actually. It's a lot about making sure no one can acquire a privileged position, such that every licensee plays under the same rules. (The copyright holder is not *acquiring* a privileged position, copyright law had already granted him/her that position.) -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 21, 2007, Andrew McKay <[EMAIL PROTECTED]> wrote: > [EMAIL PROTECTED] wrote: >> how can the server tell if it's been tampered with? > I agree with this statement. Err... That's a question, not a statement ;-) -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 21, 2007, [EMAIL PROTECTED] (Lennart Sorensen) wrote: > Apparently the only restrictions ever permitted are the ones the FSF > thinks of. Where does this nonsensical idea come from? How does it follow that, from FSF offering a licensing option to authors, you conclude that nobody could ever establish whatever other restrictions they liked? > So really what the GPL v3 wants to have is to make sure that the user > can reproduce from the sources a bit for bit identical copy of the > binaries? No, this is not enough to enable someone to adapt the software to one's own needs. > Too bad compilers that put time stamps and such into the > binary would make that imposible. This would be the copyright author imposing such a restriction, not the software distributor. > I don't think there is any way that can be written into the GPL that > can prevent all loop holes for how to make signed binaries. Which is one possible reason to explain why the FSF switched to the 'Installation Information' approach. > There doesn't have to be an agreement. The software company could just > release specs for a hardware design and let others freely go and build > them from that design. Aah, so the software company has designed a mechanism to restrict users' freedoms, and is just leaving it up to third parties to complete the implementation? I think these design documents could be used in a court to prove intent to impose restrictions on the users, but IANAL. >> However, if there's no such agreement, if the copyright holder has no >> copyright claims over the hardware or works shipped in it, there's >> nothing the copyright holder can do about it, and that's probably how >> it should be, since a copyright license (!= contract) can't possibly >> prohibit people from creating hardware limited in function, it can >> only tell people that, in order for them to have permission to modify >> or distribute the covered work, they must abide by certain conditions. >> And if they don't want to abide by the conditions, and they don't >> manage to obtain a license from the copyright holders that doesn't >> impose conditions they can't accept, they just can't modify or >> distribute the work. > But if the hardware ships with only code that simply waits for the user > to provide some code for it to isntall (which has to be signed in a way > the hardware likes), then the hardware has nothing to do with the > license of the software. Correct. That's pretty much what I said, isn't it? > I hope no one does this, but I still don't see how the GPLv3 draft deals > with this case, or even how it could deal with it. It doesn't, and it probably shouldn't. -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 21, 2007, Bernd Schmidt <[EMAIL PROTECTED]> wrote: > I went and made some comments on the draft, and they appear to no > longer be there a few days later. This would be very bad. Please let me know what they were about and I'll try to figure out what happened. Did you by any chance file them against an earlier draft? Those (for obvious reasons) no longer appear against the current draft, but they're still accessible by other means. -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 21, 2007, "David Schwartz" <[EMAIL PROTECTED]> wrote: >> On Wed, 20 Jun 2007 12:55:10 -0700 >> "David Schwartz" <[EMAIL PROTECTED]> wrote: >> > A key is a number. A signature is a number. They are neither >> > statements nor >> > instructions. The argument that GPLv2 prohibits Tivoization is >> > really and >> > truly absurd. It has neither a legal nor a moral leg to stand on. >> A computer program is a number too. > No, it's not. It can be expressed as a number, but it is not a number. By this logic, then a key is a key, and a signature is a signature. They can be expressed as numbers, sure. > A computer program is a set of instructions to accomplish a particular > result. It can be expressed as a number, but that doesn't mean it is a > number. A key is an input to a cryptographical algorithm, and a signature is an output. I could try to come up with more creative definitions, but you get the idea already. -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 21, 2007, [EMAIL PROTECTED] wrote: > On Thu, 21 Jun 2007, Alexandre Oliva wrote: >> On Jun 21, 2007, [EMAIL PROTECTED] wrote: >> >>> no, one of the rules for the network is that the software must be >>> certified, >> >> In this case you might have grounds to enforce this restriction of the >> network on the network controller itself, I suppose. > how would the network controller know if the software has been modified? The loader could check that and set a flag in the controller. > what sort of signal can the network controller send that couldn't be > forged by the OS? Whatever the network controller designer created to enable it to do so. > how would you do this where the device is a receiver on the netwoek > (such as a satellite receiver) If it's input-only, then you can't possibly harm the operation of the network by only listening in, can you? -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
David Schwartz wrote: On Wed, 20 Jun 2007 12:55:10 -0700 "David Schwartz" <[EMAIL PROTECTED]> wrote: A key is a number. A signature is a number. They are neither statements nor instructions. The argument that GPLv2 prohibits Tivoization is really and truly absurd. It has neither a legal nor a moral leg to stand on. A computer program is a number too. No, it's not. It can be expressed as a number, but it is not a number. ??? can be expressed as a number, but it is not a number ??? sure its a number. Keys are purely numbers, they are nothing else. Signatures are pure primitive facts encoded as numbers (authority X blessed object Y). A computer program is a set of instructions to accomplish a particular result. It can be expressed as a number, but that doesn't mean it is a number. It might be true in principle to develop a scheme whereby every physical object uniquely corresponds to an extremely large number. That doesn't turn physical objects into numbers. DS - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/ -- "They that give up essential liberty to obtain temporary safety, deserve neither liberty nor safety." (Ben Franklin) "The course of history shows that as a government grows, liberty decreases." (Thomas Jefferson) - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
> So much for "Land of the free". :( That was always just a typo. Its the Land of the Fee - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Thu, 21 Jun 2007, Lennart Sorensen wrote: On Thu, Jun 21, 2007 at 10:51:06AM -0700, [EMAIL PROTECTED] wrote: you snippede the bit about not knowing how to stop it I did? As far as I can tell I quoted it all. What did I miss? they call the section the anti-tivoization, how much more explicit can they get? They could be as explicit as: You can't use this code if you cooporate with anyone that requires DRM systems. I think their earlier versions did say this. All their attempts to define user devices and such is just going to screw up and miss some things they wanted covered, and disallow things they didn't intend to disallow (assuming there is any such thing). by the way, just in case anyone is misunderstanding me. I don't believe for a moment that all these anti-tamper features actually work in the real world (the PS3 hacking kits are proof of the lengths people will go to to make the 'hard' hardware-level hacking trivial to do) but the approach needs to be at secure modulo hardware tampering or software bugs. DRM is completely pointless. It only stops casual end users from doing things. It doesn't stop anyone with any technical clue from doing things. I keep hoping one day the people in charge at the big media companies will understand this, and stop asking for people to implement it. Of course in the mean time there are companies perfectly willing to claim to have unbreakable DRM for sale, while knowing full well (if they are competent) that it is a lie. So as long as the people in charge at big media are clueless about technology, and as long as there are companies willing to lie to them for money, then we will probably continue to have DRM crap to deal with. DRM does have some legitimate uses, for example redhat installations not installing unsigned software is a form of DRM I don't think the GPLv3 is the place to try to remove DRM. What the FSF should be doing is try to educate the people who are advocating the use of DRM about the fact that it can't ever work. You can make more and more stupid laws about how people can't remove the DRM, but people who break copyright obviously already are breaking the law, so what is the point in having more lows for them to break. That is where this problem should be fought, not in the GPLv3. The GPLv3 is never going to solve the problem, only educating people can do that. this is exactly what most of the people who are arguing against this provision are saying. David Lang - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
RE: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
> On Wed, 20 Jun 2007 12:55:10 -0700 > "David Schwartz" <[EMAIL PROTECTED]> wrote: > > A key is a number. A signature is a number. They are neither > > statements nor > > instructions. The argument that GPLv2 prohibits Tivoization is > > really and > > truly absurd. It has neither a legal nor a moral leg to stand on. > A computer program is a number too. No, it's not. It can be expressed as a number, but it is not a number. Keys are purely numbers, they are nothing else. Signatures are pure primitive facts encoded as numbers (authority X blessed object Y). A computer program is a set of instructions to accomplish a particular result. It can be expressed as a number, but that doesn't mean it is a number. It might be true in principle to develop a scheme whereby every physical object uniquely corresponds to an extremely large number. That doesn't turn physical objects into numbers. DS - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Thu, Jun 21, 2007 at 10:51:06AM -0700, [EMAIL PROTECTED] wrote: > you snippede the bit about not knowing how to stop it I did? As far as I can tell I quoted it all. What did I miss? > they call the section the anti-tivoization, how much more explicit can > they get? They could be as explicit as: You can't use this code if you cooporate with anyone that requires DRM systems. All their attempts to define user devices and such is just going to screw up and miss some things they wanted covered, and disallow things they didn't intend to disallow (assuming there is any such thing). > by the way, just in case anyone is misunderstanding me. I don't believe > for a moment that all these anti-tamper features actually work in the real > world (the PS3 hacking kits are proof of the lengths people will go to to > make the 'hard' hardware-level hacking trivial to do) but the approach > needs to be at secure modulo hardware tampering or software bugs. DRM is completely pointless. It only stops casual end users from doing things. It doesn't stop anyone with any technical clue from doing things. I keep hoping one day the people in charge at the big media companies will understand this, and stop asking for people to implement it. Of course in the mean time there are companies perfectly willing to claim to have unbreakable DRM for sale, while knowing full well (if they are competent) that it is a lie. So as long as the people in charge at big media are clueless about technology, and as long as there are companies willing to lie to them for money, then we will probably continue to have DRM crap to deal with. I don't think the GPLv3 is the place to try to remove DRM. What the FSF should be doing is try to educate the people who are advocating the use of DRM about the fact that it can't ever work. You can make more and more stupid laws about how people can't remove the DRM, but people who break copyright obviously already are breaking the law, so what is the point in having more lows for them to break. That is where this problem should be fought, not in the GPLv3. The GPLv3 is never going to solve the problem, only educating people can do that. -- Len Sorensen - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Thu, 21 Jun 2007, Lennart Sorensen wrote: On Thu, Jun 21, 2007 at 10:26:04AM -0700, [EMAIL PROTECTED] wrote: the bios doesn't have enough capability to talk to the outside world for updates. Of course, although perhaps it could. More likely my thought was that the service when it decides to download an update, would include the updated bios image and put it on the boot drive where the existing bios can find it. No signature needs to be added to the boot drive or kernel, just checksums in the bios image. what tivo actually does is very similar to this they encode into the bios the ability to check a checksum/signature for the kernel+boot filesystem and if they don't match look to see if there is another kernel+boot filesystem available then software on the boot filesystem checks to see if the rest of the system has been tampered with before it mounts / you snippede the bit about not knowing how to stop it the GPLv3 is trying to do this. Perhaps they should just explicitly say that then. they call the section the anti-tivoization, how much more explicit can they get? David Lang by the way, just in case anyone is misunderstanding me. I don't believe for a moment that all these anti-tamper features actually work in the real world (the PS3 hacking kits are proof of the lengths people will go to to make the 'hard' hardware-level hacking trivial to do) but the approach needs to be at secure modulo hardware tampering or software bugs. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Thu, Jun 21, 2007 at 10:26:04AM -0700, [EMAIL PROTECTED] wrote: > the bios doesn't have enough capability to talk to the outside world for > updates. Of course, although perhaps it could. More likely my thought was that the service when it decides to download an update, would include the updated bios image and put it on the boot drive where the existing bios can find it. No signature needs to be added to the boot drive or kernel, just checksums in the bios image. > what tivo actually does is very similar to this > > they encode into the bios the ability to check a checksum/signature for > the kernel+boot filesystem and if they don't match look to see if there is > another kernel+boot filesystem available > > then software on the boot filesystem checks to see if the rest of the > system has been tampered with before it mounts / > > the GPLv3 is trying to do this. Perhaps they should just explicitly say that then. -- Len Sorensen - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Thu, 21 Jun 2007, Lennart Sorensen wrote: On Wed, Jun 20, 2007 at 04:07:57PM -0400, Michael Poole wrote: I do not say that the BIOS is doing anything (legally) wrong. The wrong act is distributing the binary kernel image without distributing complete source code for it. So how about this idea then: Tivo builds a kernel for their box, and release all the sources for how to build exactly that kernel. Tivo builds a bios image for their box, and encodes into it the checksum of the kernel, or at least parts of it that they want to ensure are present and unmodified. Everytime the device boots, it checks the kernel image, and it the checksums match, it loads and runs the kernel, and otherwise it checks if there is a new bios image with a proper signature, updates itself and reboots and tries again. the bios doesn't have enough capability to talk to the outside world for updates. what tivo actually does is very similar to this they encode into the bios the ability to check a checksum/signature for the kernel+boot filesystem and if they don't match look to see if there is another kernel+boot filesystem available then software on the boot filesystem checks to see if the rest of the system has been tampered with before it mounts / Preventing people from doing things with their own hardware certainly seems morally wrong, but legally, I don't see any way to prevent it. I suppose you could say in the license: You may not use this code in any way if you do what the RIPP/MPAA/etc want you to do. the GPLv3 is trying to do this. David Lang - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Wed, Jun 20, 2007 at 04:07:57PM -0400, Michael Poole wrote: > I do not say that the BIOS is doing anything (legally) wrong. The > wrong act is distributing the binary kernel image without distributing > complete source code for it. So how about this idea then: Tivo builds a kernel for their box, and release all the sources for how to build exactly that kernel. Tivo builds a bios image for their box, and encodes into it the checksum of the kernel, or at least parts of it that they want to ensure are present and unmodified. Everytime the device boots, it checks the kernel image, and it the checksums match, it loads and runs the kernel, and otherwise it checks if there is a new bios image with a proper signature, updates itself and reboots and tries again. Preventing people from doing things with their own hardware certainly seems morally wrong, but legally, I don't see any way to prevent it. I suppose you could say in the license: You may not use this code in any way if you do what the RIPP/MPAA/etc want you to do. -- Len Sorensen - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Thu, Jun 21, 2007 at 01:23:01AM -0300, Alexandre Oliva wrote: > And then the user who uses such features in ways not permitted by the > copyright holders are committing a crime. They can be prosecuted by > the copyright holders and convicted of the crime. Well we already clearly know the content providers in the US don't trust anyone else, and certainly don't think just using copyright laws to sue people who violate copyright is enough. No they want to put all sorts of things in place to try to prevent it from even being possible to violate copyright in the first place. They don't believe in innocent until proven guilty at all. > That TiVo can somehow become liable for this just shows how broken the > legal system in the US is. It's like making a knife manufacturer > liable for a killing using a knife they made, just because the knife > didn't have technical measures intended to prevent the knife from > being used to kill people. So much for "Land of the free". :( -- Len Sorensen - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Thu, 21 Jun 2007, Tomas Neme wrote: > as long as this right is not used by the software distributor to > impose restrictions on the user's ability to adapt the software to > their own needs. The GPLv3 paragraph above makes a fair concession in > this regard, don't you agree? no, one of the rules for the network is that the software must be certified, you are requireing the device to permit the software to be changed to an uncertified version.(to store credit card numbers and send them to a third party for example) Also another way of doing this is having every network ask the kernel for its key, and checking it. If it doesn't match a certified key, then not allowing you to access the network. no, this doesn't work becouse if the software has been altered you don't know if the key it's giving you matches that software. it could be giving you the key from the unmodified software. David Lang - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Alan Cox wrote: You've made an important mistake. You said "their system". Now its "our code" and "whoever bought the units' hardware" so it isn't their anything. Yes, the hardware belongs to the user, and the software belongs to the Linux community. However I think I wasn't 100% clear, I also mean keeping companies networks and content secured. Credit card companies insuring the software hasn't been modified to skim cards (not that it's the only way to skim a card), If credit card companies are doing this they are failing badly and it clearly isn't working. Also lets be clear about this - I don't need any credit card company network access to skim older cards, and the newer ones have been broken by various non software schemes. Agreed. Credit card companies are failing very badly at preventing skimming. They definitely need to rethink their model of how the credit card system should work. or Tivo making sure that their content providers are protected. Lets look at the credit card example. Sure the user could modify the system and boot their own kernel, but it doesn't have to play nice with Mastercard's network anymore. Or better yet, would actually report that a certain business's card reader had been tampered with. That to me is a fair comment. I should IMHO be able to load my code and my keys on my Tivo. And Walt Disney in return probably should be quite free not to trust my keys. You need some fairly strong competition law enforcement to make all that work right in the marketplace but as a philosophical basis it seems fine. In practice it is likely to lead to serious monopoly abuse problems and all sorts of ugly tying of goods that you don't want in a free market. Given the completely ineffectual way the US enforces its anti-monopoly law, and the slowness of the EU at it the results might well be bad - but for other reasons. I agree as well, the model could be heavily abused. I'm not sure what the solution is as far as fighting monopolies and corporate greed. But I'd rather that it was fought through education of consumers and not with a license agreement that should be giving people freedom. A balance of freedom to the licensee and the licenser. It's my opinion that GPLv3 potentially shifts the balance too far to the licensee. Andrew McKay - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
[EMAIL PROTECTED] wrote: On Thu, 21 Jun 2007, Alexandre Oliva wrote: On Jun 21, 2007, [EMAIL PROTECTED] wrote: how exactly can they prevent a system that's been tampered with from accessing their network? By denying access to their servers? By not granting whatever is needed to initiate network sessions? And note, "it's been tampered with" is not necessarily enough of a reason to cut someone off, it has to meet these requirements: how can the server tell if it's been tampered with? I agree with this statement. Imagine a proprietary private network where a device has been modified to run in an invisible promiscuous mode. The device looks as if it isn't doing anything wrong, but is forwarding the network out another interface. The only way to prevent that type of attack is to not allow unauthorized signed Kernels onto that network. Andrew McKay - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Thu, Jun 21, 2007 at 10:56:33AM +0400, Manu Abraham wrote: > Providing the changes back itself is a great thing altogether. It also makes sense. If the changes are accepted back, the community at large will keep the changes maintained. Less work for me to do when going to newer code versions later. And even better, it may help someone else out too. A company is likely to like the reduced maintenance burden part, but I think the other part is even better. After all we saved time not having to write everything our selves, so helping others save time seems only fair. The GPL may only require giving the sources to the people who buys the product, but there isn't really any benefit to us in doing only that. -- Len Sorensen - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Wed, Jun 20, 2007 at 05:52:40PM -0300, Alexandre Oliva wrote: > On Jun 20, 2007, [EMAIL PROTECTED] (Lennart Sorensen) wrote: > > A patent prevents you from using the software in any way at all, > > while a hardware restriction prevents you from using the software on > > that particular hardware, but not on lots of other hardware. Very > > big difference. > > So, one disrespects a lot, the other disrespects a little. Is that > relevant, when the requirement is "no further restrictions"? What about the freedom to buy devices with certified code on it, while still being able to look through the source code and verify for yourself that it is correct and not full of bugs? Would it be better if the devices that have to be certified and locked down used secret code so that the purchaser can't verify the code? Apparently the only restrictions ever permitted are the ones the FSF thinks of. > > So what would happen if some company was to make software for a tivo and > > released their binaries signed with some specific key, and they released > > information on how to check this was signed with their key, and then > > some other companies went and made tivo hardware and decided that they > > would only allow code signed by the first companies key to run on it, > > I was pretty sure this had been covered in the section about technical > barriers to modification in the third draft's rationale, but I can't > find it right now. http://gplv3.fsf.org/gpl3-dd3-rationale.pdf So really what the GPL v3 wants to have is to make sure that the user can reproduce from the sources a bit for bit identical copy of the binaries? Too bad compilers that put time stamps and such into the binary would make that imposible. I don't think there is any way that can be written into the GPL that can prevent all loop holes for how to make signed binaries. > Anyhow, the argument I read went like: if there's an agreement between > the parties to do this, then the copyright holder can probably enforce > the license regardless of the software and hardware distributor being > different parties, since the software is being distributed with > information whose purpose is to enable the hardware to deny the user > the freedom to run modified versions of the software. There doesn't have to be an agreement. The software company could just release specs for a hardware design and let others freely go and build them from that design. > However, if there's no such agreement, if the copyright holder has no > copyright claims over the hardware or works shipped in it, there's > nothing the copyright holder can do about it, and that's probably how > it should be, since a copyright license (!= contract) can't possibly > prohibit people from creating hardware limited in function, it can > only tell people that, in order for them to have permission to modify > or distribute the covered work, they must abide by certain conditions. > And if they don't want to abide by the conditions, and they don't > manage to obtain a license from the copyright holders that doesn't > impose conditions they can't accept, they just can't modify or > distribute the work. But if the hardware ships with only code that simply waits for the user to provide some code for it to isntall (which has to be signed in a way the hardware likes), then the hardware has nothing to do with the license of the software. The signed binaries from the service provider/software developer on the other hand is GPL and the sources are released with changes. They just happen to sign their binaries in a way that allows them to install on the hardware in question. It could also install on hardware that doesn't check the signature as long as it is functionally identical otherwise. I hope no one does this, but I still don't see how the GPLv3 draft deals with this case, or even how it could deal with it. -- Len Sorensen - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
> as long as this right is not used by the software distributor to > impose restrictions on the user's ability to adapt the software to > their own needs. The GPLv3 paragraph above makes a fair concession in > this regard, don't you agree? no, one of the rules for the network is that the software must be certified, you are requireing the device to permit the software to be changed to an uncertified version.(to store credit card numbers and send them to a third party for example) Also another way of doing this is having every network ask the kernel for its key, and checking it. If it doesn't match a certified key, then not allowing you to access the network. Besides the fact that this would be a very costly approach, having every network needing to update their certified keys list every time TiVo and every other DVR vendor updates their kernels, it would also prevent any form of modified software to give you any of the TiVo's expected functionality: it would load, you would be able to play pong on it, but not watch or record TV, and they can't be blamed for it, because if the kernel's been tampered with, it might have been made so it saves the video unencrypted on the Harddrive, and it certainly *is* the network's right to stop you from doing so. So what the fuck do you want from them? T -- |_|0|_| |_|_|0| |0|0|0| - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
> > You've made an important mistake. You said "their system". Now its "our > > code" and "whoever bought the units' hardware" so it isn't their anything. > > Yes, the hardware belongs to the user, and the software belongs to the Linux > community. However I think I wasn't 100% clear, I also mean keeping > companies > networks and content secured. Credit card companies insuring the software > hasn't been modified to skim cards (not that it's the only way to skim a > card), If credit card companies are doing this they are failing badly and it clearly isn't working. Also lets be clear about this - I don't need any credit card company network access to skim older cards, and the newer ones have been broken by various non software schemes. > or Tivo making sure that their content providers are protected. Lets look > at > the credit card example. Sure the user could modify the system and boot > their > own kernel, but it doesn't have to play nice with Mastercard's network > anymore. > Or better yet, would actually report that a certain business's card reader > had > been tampered with. That to me is a fair comment. I should IMHO be able to load my code and my keys on my Tivo. And Walt Disney in return probably should be quite free not to trust my keys. You need some fairly strong competition law enforcement to make all that work right in the marketplace but as a philosophical basis it seems fine. In practice it is likely to lead to serious monopoly abuse problems and all sorts of ugly tying of goods that you don't want in a free market. Given the completely ineffectual way the US enforces its anti-monopoly law, and the slowness of the EU at it the results might well be bad - but for other reasons. Alan - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Wed, 20 Jun 2007 12:55:10 -0700 "David Schwartz" <[EMAIL PROTECTED]> wrote: > > > The kernel you build from the source code that Tivo distributes must > > be accepted by Tivo's hardware without making other modifications (to > > Tivo's hardware or bootloader). If that is possible, I will retract > > what I said. If it is not possible, they are omitting part of the > > program's source code: > > > > A "computer program" is a set of statements or instructions to be > > used directly or indirectly in a computer in order to bring about > > a certain result. > > -- US Code, Title 17, Section 101 > > A key is a number. A signature is a number. They are neither statements nor > instructions. The argument that GPLv2 prohibits Tivoization is really and > truly absurd. It has neither a legal nor a moral leg to stand on. A computer program is a number too. Alan - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Greg KH wrote: On Sun, Jun 17, 2007 at 02:56:24AM -0300, Alexandre Oliva wrote: If you want your opinions to stand a chance to make a difference, the right place to provide them is gplv3.fsf.org/comments, and time is running short. [...] So, why would we want to waste our time filling out web forms after that? In case anyone was wondering if the FSF is genuinely interested in feedback - I went and made some comments on the draft, and they appear to no longer be there a few days later. Thanks for the invitation Alex. Bernd - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Wed, 2007-06-20 at 22:30 -0700, [EMAIL PROTECTED] wrote: > > asking a device that's running software that you haven't verified to give > you a checksum of itself isn't going to work becouse the software can just > lie to you. > I don't think there is any way I _could_ make a device if it had to be tamper proof and use free software if that was the case. I'd need to make some kind of proprietary network connection back to my company that used its own network device. I could not trust it if the free kernel could touch it, if I wanted to allow a modified in place kernel. If I hope for that device to use the internet to talk to me (i.e. just a secondary nic), I'd have to write my own kernel to power this second network device that was capable of encrypting and validating traffic over tcp-ip. Or I have to pull my own copper to every location where my device is used. So either way, I'm writing my own kernel if I want to do that, because I could not POSSIBLY allow the kernel talking to my private connection to the device to be modified. What a nasty, vicious cycle that would be. Yikes! --Tim - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Bernd Petrovitsch wrote: > On Wed, 2007-06-20 at 18:14 -0300, Tomas Neme wrote: > [] >> Why, if you let user-compiled kernels to run in a TiVo, it might be >> modified so the TiVo can be used to pirate-copy protected content, > > Or it might be modified to fix a bug - either a technical one or a legal > one as described below. > >> which is a serious security hole. TiVo would need to read, approve of, > > "Pirate copying" is forbidden anyways in almost every jurisdiction > AFAIK. Perhaps we should disallow cars on the streets since one could > drive too fast with them. > Pirate copying should not be a reason to keep things closed as there are better methods to keep things open, yet provide a _not_ free service. But that would be upto the vendor how/what they wish to do rather than we talking about it. Which would be of no use. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Wed, 2007-06-20 at 18:14 -0300, Tomas Neme wrote: [] > Why, if you let user-compiled kernels to run in a TiVo, it might be > modified so the TiVo can be used to pirate-copy protected content, Or it might be modified to fix a bug - either a technical one or a legal one as described below. > which is a serious security hole. TiVo would need to read, approve of, "Pirate copying" is forbidden anyways in almost every jurisdiction AFAIK. Perhaps we should disallow cars on the streets since one could drive too fast with them. And it is not a security hole for the owner of the hardware (I consider secret keys somewhere else a much greater security threat) to the Linux community or a lot of other entities. Probably just music industry thinks like above. And there are legislations were it is *legal* to make private copies (for sure as long as you don't pass them on and somewhere even giving away for nothing is legal). So I actually have a *right* (which also can't be killed by contracts) to copy that movie for my private use. And up to now it is actually legal in .at to do (more or less) everything to get this right (and that may include hacking the device). > and sign any modified kernels the users intend to use on their > hardware. If GPLv3 allows for this, it'd be doing exactly that Bernd -- Firmix Software GmbH http://www.firmix.at/ mobil: +43 664 4416156 fax: +43 1 7890849-55 Embedded Linux Development and Services - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
[EMAIL PROTECTED] wrote: > what sort of signal can the network controller send that couldn't be > forged by the OS? > > how would you do this where the device is a receiver on the netwoek > (such as a satellite receiver) just for the question on the HOWTO (not on anything else) You can easily have scrambled streams with regards to DVB, eg: using EN50221. Some (like NDS for example in _some_ instances) use proprietary schemes, but there are standards based methods also. eg: Common Scrambling Algorithm (CSA) But in any case, this can be broken down too .. :-) - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Thu, 21 Jun 2007, Alexandre Oliva wrote: On Jun 21, 2007, [EMAIL PROTECTED] wrote: no, one of the rules for the network is that the software must be certified, In this case you might have grounds to enforce this restriction of the network on the network controller itself, I suppose. how would the network controller know if the software has been modified? Not that you should disable the network controller entirely (this would render the computer useless for many other purpose unrelated with blocking connections to your network). You could instead arrange for the network controller to send some signal that enables the network to recognize that the device is running certified software. what sort of signal can the network controller send that couldn't be forged by the OS? how would you do this where the device is a receiver on the netwoek (such as a satellite receiver) David Lang - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Thu, 21 Jun 2007, Alexandre Oliva wrote: On Jun 21, 2007, [EMAIL PROTECTED] wrote: frankly, I haven't checked the licenses on the software. I'd suggest going to www.tivo.com/linux and download all the source for all the different versions there. Yeah, thanks, I remembered someone had posted that URL the second after a hit Send :-( I've already got cmd.tar.gz and I'm looking at it now. Thanks again, by the way, it looks like there is one wireless driver that they ship in some releases but don't provide the source for. but if you plan on going after them for that you better go after everyone who ships binary kernel modules. Only copyright holders of Linux can go after them on matters of kernel drivers. Or is this driver derived from any software copyrighted by myself? Or did you mean the FSF, with whom I'm not associated in any way other than ideologically? from the page listed above NOTE: 4.0.1a and later releases contain Atmel WLAN drivers in addition to the other network adapter drivers that are posted here. These WLAN drivers were received by TiVo directly from Atmel and are under the terms of a formal non-disclosure agreement, so we cannot publish them under the terms of the GPL version 2. Atmel has since released a different version of the drivers under the GPL version 2; however, that release does not change our prior obligation with Atmel. At this time, we have no plans to use Atmel's publicly released drivers in our development. when I talked about 'going after tivo' I wasn't just refering to doing so with lawsuits. the way some people in this thread have acted I could see people trying to use this as 'the smoking gun' that proves that the evil tivo people didn't release everything they were supposed to. modules are a grey area, some are clearly derived from the kernel and some are just as clearly not derived from the kernel, most are not as clear. I don't know the situation for this particular module, but that has nothing to do with this topic. David Lang - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 21, 2007, [EMAIL PROTECTED] wrote: > no, one of the rules for the network is that the software must be > certified, In this case you might have grounds to enforce this restriction of the network on the network controller itself, I suppose. Not that you should disable the network controller entirely (this would render the computer useless for many other purpose unrelated with blocking connections to your network). You could instead arrange for the network controller to send some signal that enables the network to recognize that the device is running certified software. -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 21, 2007, [EMAIL PROTECTED] wrote: > frankly, I haven't checked the licenses on the software. I'd suggest > going to www.tivo.com/linux and download all the source for all the > different versions there. Yeah, thanks, I remembered someone had posted that URL the second after a hit Send :-( I've already got cmd.tar.gz and I'm looking at it now. Thanks again, > by the way, it looks like there is one wireless driver that they ship > in some releases but don't provide the source for. but if you plan on > going after them for that you better go after everyone who ships > binary kernel modules. Only copyright holders of Linux can go after them on matters of kernel drivers. Or is this driver derived from any software copyrighted by myself? Or did you mean the FSF, with whom I'm not associated in any way other than ideologically? -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Lennart Sorensen wrote: > On Tue, Jun 19, 2007 at 07:28:22PM +0400, Manu Abraham wrote: >> Well, it is not Tivo alone -- look at http://aminocom.com/ for an >> example. If you want the kernel sources pay USD 50k and we will provide >> the kernel sources, was their attitude. > > Hmm, set top boxes are often rented from the cable company rather than > sold. Stupid grey area for sure. At least tivo does give you the > sources, without demanding more money. Rather big difference. I am not talking about the rented aspect, since these STB's are usually sold rather than rented. >> Well, it is not Tivo alone, a large chunk of the vendors do that. The >> vendors who actually do it the clean way are just few and can be counted >> very easily. > > Well at least where I work we don't try to lock down the hardware, we do > contribute our changes and bug fixes to upstream when it makes sense > (and where our changes wouldn't make sense for upstream, they are still > clearly included with the sources we have.) If a customer wants a copy > of the sources, they will get a nice DVD, although strangely none have > asked for one yet. Providing the changes back itself is a great thing altogether. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Thu, 21 Jun 2007, Alexandre Oliva wrote: On Jun 21, 2007, [EMAIL PROTECTED] wrote: how exactly can they prevent a system that's been tampered with from accessing their network? By denying access to their servers? By not granting whatever is needed to initiate network sessions? And note, "it's been tampered with" is not necessarily enough of a reason to cut someone off, it has to meet these requirements: how can the server tell if it's been tampered with? when the modification itself materially and adversely affects the operation of the network or violates the rules and protocols for communication across the network. (something even you say they have a right to do) as long as this right is not used by the software distributor to impose restrictions on the user's ability to adapt the software to their own needs. The GPLv3 paragraph above makes a fair concession in this regard, don't you agree? no, one of the rules for the network is that the software must be certified, you are requireing the device to permit the software to be changed to an uncertified version.(to store credit card numbers and send them to a third party for example) David Lang - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Thu, 21 Jun 2007, Alexandre Oliva wrote: On Jun 21, 2007, [EMAIL PROTECTED] wrote: On Thu, 21 Jun 2007, Alexandre Oliva wrote: On Jun 20, 2007, [EMAIL PROTECTED] wrote: but the signature isn't part of the kernel, and the code that checks the signature is completely independant. Well, then remove or otherwise mangle the signature in the disk of your TiVo DVR and see at what point the boot-up process halts. I have actually done exactly that. what happens is that the bootloader detects a problem and switches to the other active partition ane reboots. ir neither of the boot partitions meet the requirements the cycle will continue forever. Oh, too bad. That must be a bug in the boot loader, right? :-) BTW, since you got a TiVo... I'm writing an article on Tivoization, could you (or anyone else) please help me get information as to what other GPLed programs or libraries TiVo includes in their devices? Thanks in advance, frankly, I haven't checked the licenses on the software. I'd suggest going to www.tivo.com/linux and download all the source for all the different versions there. by the way, it looks like there is one wireless driver that they ship in some releases but don't provide the source for. but if you plan on going after them for that you better go after everyone who ships binary kernel modules. David Lang - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 21, 2007, [EMAIL PROTECTED] wrote: > how exactly can they prevent a system that's been tampered with from > accessing their network? By denying access to their servers? By not granting whatever is needed to initiate network sessions? And note, "it's been tampered with" is not necessarily enough of a reason to cut someone off, it has to meet these requirements: > when the modification itself materially and adversely affects the > operation of the network or violates the rules and protocols for > communication across the network. > (something even you say they have a right to do) as long as this right is not used by the software distributor to impose restrictions on the user's ability to adapt the software to their own needs. The GPLv3 paragraph above makes a fair concession in this regard, don't you agree? -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 21, 2007, [EMAIL PROTECTED] wrote: > On Thu, 21 Jun 2007, Alexandre Oliva wrote: >> On Jun 20, 2007, [EMAIL PROTECTED] wrote: >> >>> but the signature isn't part of the kernel, and the code that checks >>> the signature is completely independant. >> >> Well, then remove or otherwise mangle the signature in the disk of >> your TiVo DVR and see at what point the boot-up process halts. > I have actually done exactly that. what happens is that the bootloader > detects a problem and switches to the other active partition ane > reboots. ir neither of the boot partitions meet the requirements the > cycle will continue forever. Oh, too bad. That must be a bug in the boot loader, right? :-) BTW, since you got a TiVo... I'm writing an article on Tivoization, could you (or anyone else) please help me get information as to what other GPLed programs or libraries TiVo includes in their devices? Thanks in advance, -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 21, 2007, [EMAIL PROTECTED] wrote: On Thu, 21 Jun 2007, Alexandre Oliva wrote: On Jun 20, 2007, [EMAIL PROTECTED] wrote: but the signature isn't part of the kernel, and the code that checks the signature is completely independant. Well, then remove or otherwise mangle the signature in the disk of your TiVo DVR and see at what point the boot-up process halts. I have actually done exactly that. what happens is that the bootloader detects a problem and switches to the other active partition ane reboots. ir neither of the boot partitions meet the requirements the cycle will continue forever. Oh, too bad. That must be a bug in the boot loader, right? :-) BTW, since you got a TiVo... I'm writing an article on Tivoization, could you (or anyone else) please help me get information as to what other GPLed programs or libraries TiVo includes in their devices? Thanks in advance, -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 21, 2007, [EMAIL PROTECTED] wrote: how exactly can they prevent a system that's been tampered with from accessing their network? By denying access to their servers? By not granting whatever is needed to initiate network sessions? And note, it's been tampered with is not necessarily enough of a reason to cut someone off, it has to meet these requirements: when the modification itself materially and adversely affects the operation of the network or violates the rules and protocols for communication across the network. (something even you say they have a right to do) as long as this right is not used by the software distributor to impose restrictions on the user's ability to adapt the software to their own needs. The GPLv3 paragraph above makes a fair concession in this regard, don't you agree? -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Thu, 21 Jun 2007, Alexandre Oliva wrote: On Jun 21, 2007, [EMAIL PROTECTED] wrote: On Thu, 21 Jun 2007, Alexandre Oliva wrote: On Jun 20, 2007, [EMAIL PROTECTED] wrote: but the signature isn't part of the kernel, and the code that checks the signature is completely independant. Well, then remove or otherwise mangle the signature in the disk of your TiVo DVR and see at what point the boot-up process halts. I have actually done exactly that. what happens is that the bootloader detects a problem and switches to the other active partition ane reboots. ir neither of the boot partitions meet the requirements the cycle will continue forever. Oh, too bad. That must be a bug in the boot loader, right? :-) BTW, since you got a TiVo... I'm writing an article on Tivoization, could you (or anyone else) please help me get information as to what other GPLed programs or libraries TiVo includes in their devices? Thanks in advance, frankly, I haven't checked the licenses on the software. I'd suggest going to www.tivo.com/linux and download all the source for all the different versions there. by the way, it looks like there is one wireless driver that they ship in some releases but don't provide the source for. but if you plan on going after them for that you better go after everyone who ships binary kernel modules. David Lang - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Thu, 21 Jun 2007, Alexandre Oliva wrote: On Jun 21, 2007, [EMAIL PROTECTED] wrote: how exactly can they prevent a system that's been tampered with from accessing their network? By denying access to their servers? By not granting whatever is needed to initiate network sessions? And note, it's been tampered with is not necessarily enough of a reason to cut someone off, it has to meet these requirements: how can the server tell if it's been tampered with? when the modification itself materially and adversely affects the operation of the network or violates the rules and protocols for communication across the network. (something even you say they have a right to do) as long as this right is not used by the software distributor to impose restrictions on the user's ability to adapt the software to their own needs. The GPLv3 paragraph above makes a fair concession in this regard, don't you agree? no, one of the rules for the network is that the software must be certified, you are requireing the device to permit the software to be changed to an uncertified version.(to store credit card numbers and send them to a third party for example) David Lang - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Lennart Sorensen wrote: On Tue, Jun 19, 2007 at 07:28:22PM +0400, Manu Abraham wrote: Well, it is not Tivo alone -- look at http://aminocom.com/ for an example. If you want the kernel sources pay USD 50k and we will provide the kernel sources, was their attitude. Hmm, set top boxes are often rented from the cable company rather than sold. Stupid grey area for sure. At least tivo does give you the sources, without demanding more money. Rather big difference. I am not talking about the rented aspect, since these STB's are usually sold rather than rented. Well, it is not Tivo alone, a large chunk of the vendors do that. The vendors who actually do it the clean way are just few and can be counted very easily. Well at least where I work we don't try to lock down the hardware, we do contribute our changes and bug fixes to upstream when it makes sense (and where our changes wouldn't make sense for upstream, they are still clearly included with the sources we have.) If a customer wants a copy of the sources, they will get a nice DVD, although strangely none have asked for one yet. Providing the changes back itself is a great thing altogether. - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 21, 2007, [EMAIL PROTECTED] wrote: frankly, I haven't checked the licenses on the software. I'd suggest going to www.tivo.com/linux and download all the source for all the different versions there. Yeah, thanks, I remembered someone had posted that URL the second after a hit Send :-( I've already got cmd.tar.gz and I'm looking at it now. Thanks again, by the way, it looks like there is one wireless driver that they ship in some releases but don't provide the source for. but if you plan on going after them for that you better go after everyone who ships binary kernel modules. Only copyright holders of Linux can go after them on matters of kernel drivers. Or is this driver derived from any software copyrighted by myself? Or did you mean the FSF, with whom I'm not associated in any way other than ideologically? -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 21, 2007, [EMAIL PROTECTED] wrote: no, one of the rules for the network is that the software must be certified, In this case you might have grounds to enforce this restriction of the network on the network controller itself, I suppose. Not that you should disable the network controller entirely (this would render the computer useless for many other purpose unrelated with blocking connections to your network). You could instead arrange for the network controller to send some signal that enables the network to recognize that the device is running certified software. -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Thu, 21 Jun 2007, Alexandre Oliva wrote: On Jun 21, 2007, [EMAIL PROTECTED] wrote: frankly, I haven't checked the licenses on the software. I'd suggest going to www.tivo.com/linux and download all the source for all the different versions there. Yeah, thanks, I remembered someone had posted that URL the second after a hit Send :-( I've already got cmd.tar.gz and I'm looking at it now. Thanks again, by the way, it looks like there is one wireless driver that they ship in some releases but don't provide the source for. but if you plan on going after them for that you better go after everyone who ships binary kernel modules. Only copyright holders of Linux can go after them on matters of kernel drivers. Or is this driver derived from any software copyrighted by myself? Or did you mean the FSF, with whom I'm not associated in any way other than ideologically? from the page listed above NOTE: 4.0.1a and later releases contain Atmel WLAN drivers in addition to the other network adapter drivers that are posted here. These WLAN drivers were received by TiVo directly from Atmel and are under the terms of a formal non-disclosure agreement, so we cannot publish them under the terms of the GPL version 2. Atmel has since released a different version of the drivers under the GPL version 2; however, that release does not change our prior obligation with Atmel. At this time, we have no plans to use Atmel's publicly released drivers in our development. when I talked about 'going after tivo' I wasn't just refering to doing so with lawsuits. the way some people in this thread have acted I could see people trying to use this as 'the smoking gun' that proves that the evil tivo people didn't release everything they were supposed to. modules are a grey area, some are clearly derived from the kernel and some are just as clearly not derived from the kernel, most are not as clear. I don't know the situation for this particular module, but that has nothing to do with this topic. David Lang - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Thu, 21 Jun 2007, Alexandre Oliva wrote: On Jun 21, 2007, [EMAIL PROTECTED] wrote: no, one of the rules for the network is that the software must be certified, In this case you might have grounds to enforce this restriction of the network on the network controller itself, I suppose. how would the network controller know if the software has been modified? Not that you should disable the network controller entirely (this would render the computer useless for many other purpose unrelated with blocking connections to your network). You could instead arrange for the network controller to send some signal that enables the network to recognize that the device is running certified software. what sort of signal can the network controller send that couldn't be forged by the OS? how would you do this where the device is a receiver on the netwoek (such as a satellite receiver) David Lang - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
[EMAIL PROTECTED] wrote: what sort of signal can the network controller send that couldn't be forged by the OS? how would you do this where the device is a receiver on the netwoek (such as a satellite receiver) just for the question on the HOWTO (not on anything else) You can easily have scrambled streams with regards to DVB, eg: using EN50221. Some (like NDS for example in _some_ instances) use proprietary schemes, but there are standards based methods also. eg: Common Scrambling Algorithm (CSA) But in any case, this can be broken down too .. :-) - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Wed, 2007-06-20 at 18:14 -0300, Tomas Neme wrote: [] Why, if you let user-compiled kernels to run in a TiVo, it might be modified so the TiVo can be used to pirate-copy protected content, Or it might be modified to fix a bug - either a technical one or a legal one as described below. which is a serious security hole. TiVo would need to read, approve of, Pirate copying is forbidden anyways in almost every jurisdiction AFAIK. Perhaps we should disallow cars on the streets since one could drive too fast with them. And it is not a security hole for the owner of the hardware (I consider secret keys somewhere else a much greater security threat) to the Linux community or a lot of other entities. Probably just music industry thinks like above. And there are legislations were it is *legal* to make private copies (for sure as long as you don't pass them on and somewhere even giving away for nothing is legal). So I actually have a *right* (which also can't be killed by contracts) to copy that movie for my private use. And up to now it is actually legal in .at to do (more or less) everything to get this right (and that may include hacking the device). and sign any modified kernels the users intend to use on their hardware. If GPLv3 allows for this, it'd be doing exactly that Bernd -- Firmix Software GmbH http://www.firmix.at/ mobil: +43 664 4416156 fax: +43 1 7890849-55 Embedded Linux Development and Services - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Bernd Petrovitsch wrote: On Wed, 2007-06-20 at 18:14 -0300, Tomas Neme wrote: [] Why, if you let user-compiled kernels to run in a TiVo, it might be modified so the TiVo can be used to pirate-copy protected content, Or it might be modified to fix a bug - either a technical one or a legal one as described below. which is a serious security hole. TiVo would need to read, approve of, Pirate copying is forbidden anyways in almost every jurisdiction AFAIK. Perhaps we should disallow cars on the streets since one could drive too fast with them. Pirate copying should not be a reason to keep things closed as there are better methods to keep things open, yet provide a _not_ free service. But that would be upto the vendor how/what they wish to do rather than we talking about it. Which would be of no use. - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Wed, 2007-06-20 at 22:30 -0700, [EMAIL PROTECTED] wrote: asking a device that's running software that you haven't verified to give you a checksum of itself isn't going to work becouse the software can just lie to you. I don't think there is any way I _could_ make a device if it had to be tamper proof and use free software if that was the case. I'd need to make some kind of proprietary network connection back to my company that used its own network device. I could not trust it if the free kernel could touch it, if I wanted to allow a modified in place kernel. If I hope for that device to use the internet to talk to me (i.e. just a secondary nic), I'd have to write my own kernel to power this second network device that was capable of encrypting and validating traffic over tcp-ip. Or I have to pull my own copper to every location where my device is used. So either way, I'm writing my own kernel if I want to do that, because I could not POSSIBLY allow the kernel talking to my private connection to the device to be modified. What a nasty, vicious cycle that would be. Yikes! --Tim - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Greg KH wrote: On Sun, Jun 17, 2007 at 02:56:24AM -0300, Alexandre Oliva wrote: If you want your opinions to stand a chance to make a difference, the right place to provide them is gplv3.fsf.org/comments, and time is running short. [...] So, why would we want to waste our time filling out web forms after that? In case anyone was wondering if the FSF is genuinely interested in feedback - I went and made some comments on the draft, and they appear to no longer be there a few days later. Thanks for the invitation Alex. Bernd - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
