On Thu, 2002-04-25 at 07:15, martin f krafft wrote: > [please cc me on responses] > > hey wise people, > > i have a question that's stunning us over here. there's someone > selling a complete firewall appliance atop a linux kernel. he > advertises it as hardened and as super-secure because he patched the > kernel here and there, and because he added userland stuff. > > now my question: the kernel's gpl, so everything using the kernel > source must be gpl. that does force this guy to make the source of all > his kernel tree patches available, unless he provides binary patches > for the kernel, right? in this case, does he have to let people know > exactly which patches are applied?
I think he needs to provide the exact patched source code. Quoting from the GPL: 2...a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. and 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, Section 3. c) does not apply, since he is the "upstream" for this particular modification. Together, these two sections mean that the complete source code must be provided, and that the modified sections must be marked as such. Unless he can come up with binary-only patches from nothing, his product is a derivative of the Linux kernel source, and therefore must be shipped with *complete* source code. > or, can he simply make the kernel source available, but ship it in > binary only form with his patches applied? Binaries are fine, but the complete source used to generate those binaries is the source that must be supplied, per 3a) or 3b). IANAL, TINLA, etc. -- Stephen Ryan Debian GNU/Linux Technology Coordinator Center for Educational Outcomes at Dartmouth College -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]