Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Alexandre Oliva wrote: > On Jun 26, 2007, Al Boldi <[EMAIL PROTECTED]> wrote: > > I read your scenario of the vendor not giving you the source to mean: > > not directly; i.e. they could give you a third-party download link. > > This has never been enough to comply with GPLv2. Section 3a of the GPLv2 mentions "a medium customarily used for software interchange". I would think the Internet is a medium customarily used for software interchange, is it not? Thanks! -- Al - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 26, 2007, [EMAIL PROTECTED] wrote: >> However, if the site takes the sources out, you're still responsible >> for providing sources to those who received the sources from you from >> that point on. Or something like that, IANAL ;-) > this sounds like a step backwards, you may not have the sources at > that point if you were relying on the other site to host them. You should have them. This provision is not an excuse from your obligations, it's just a pragmatic concession. > and by the way, internet access never was a barrier that could stop > someone from obtaining them Back when GPLv2 was written, it really was. -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
RE: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
[EMAIL PROTECTED] wrote: > this sounds like a step backwards, you may not have the sources at that > point if you were relying on the other site to host them. You would then be violating the GPL, under any version. The GPL is quite clear that being unable to comply with it means you do not get the benefits it offers rather than excusing you from meeting its requirements. You *MUST* have the source code in order to distribute it on request. You cannot ship GPL'd works without offering source code just by arranging it (deliberately or accidentally) so that you don't have the source code. > and by the way, internet access never was a barrier that could stop > someone from obtaining them, the only issue was you hosting the source vs > someone else hosting the source. The GPLv2 never specified one way or the other. If you do allow someone else to host them, you are responsible for making sure they remain available for at least three years from the last time you used them as an offer. Should they stop distributing, you would be violating the GPL. Nothing in the GPL says you can't rely on third parties for your GPL compliance. Of course, this could be a very risky thing to do. However, there is no GPL violation so long as they do in fact remain operational for three years from the last time you distributed. In fact, a third party is no more risky than any other setup. Any company can go out of business within the three-year period after distribution. There are many real-world cases where a third party having the source is actually more likely to result in actual GPL compliance than the distributor. (Consider a fly-by-night company selling Fedora binary distributions burnt to CDROM on the stop for $1 on a street corner.) One way to avoid this problem is to maintain your own web page that links to the third party's download. You would have to host the sources yourself if you couldn't make other arrangements at any point during the three year period. This is no different from any other case where the offer is not honored. If the offer is not honored in a case where the GPL requires that it be, the GPL is being violated. DS - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
RE: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
> On Jun 26, 2007, "David Schwartz" <[EMAIL PROTECTED]> wrote: > > > Alexandre Oliva: > > >> On Jun 26, 2007, Al Boldi <[EMAIL PROTECTED]> wrote: > > >> > I read your scenario of the vendor not giving you the source to > >> > mean: not directly; i.e. they could give you a third-party > >> > download link. > > >> This has never been enough to comply with GPLv2. > > > A lot of people seem to say this, but I don't think it's true. > > http://www.gnu.org/licenses/gpl-faq.html#TOCUnchangedJustBinary This consists of entirely unsupported statements. > and > the 3 questions after that should be enlightening as to why people say > this ;-) > > cost of physically performing source distribution, a complete > ^^ > > Why would 'physically' be there if it didn't mean anything? It does. It means you can't charge for adminsitrative or other costs associated with performing the source distribution. It's necessary because otherwise someone could claim that it costs them $10,000 to give you the source code because they need to purchase a license from someone else. This limits what you can charge for but does not specify what you have to do. > When > interpreting legal texts, that's one sort of question you should ask > yourself. It's obvious why it's there. If you're going to charge for the distribution, the charge must be nominal and justified by actual distribution cost. Note that even a distribution over the Internet must be physically performed in this sense (actual physical activity by a human being is required to perform this type of distribution, both in setup and in maintenance). I would argue that the GPL allows you to charge these costs if you really wanted to, though it's hard to imagine why anyone would bother. DS - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
RE: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
> But thats YOURcompanyname.com. Not a third party. If you gave as a > link somebodyelsescompany.com/gpl then somebodyelse could get rid of > the link, and your offer wouldn't be valid for "at least three years" > > T You mean it might not be valid for at least three years. It also might be. You also might go out of business in less than three years. You're not violating the GPL simply because you might not be able to honor your offer in less than three years. You're violating the GPL when you in fact fail to honor it. I do agree that providing a link to a third party URL is risky, but I do not agree that it doesn't comply with the GPL. DS - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 26, 2007, "David Schwartz" <[EMAIL PROTECTED]> wrote: > Alexandre Oliva: >> On Jun 26, 2007, Al Boldi <[EMAIL PROTECTED]> wrote: >> > I read your scenario of the vendor not giving you the source to >> > mean: not directly; i.e. they could give you a third-party >> > download link. >> This has never been enough to comply with GPLv2. > A lot of people seem to say this, but I don't think it's true. http://www.gnu.org/licenses/gpl-faq.html#TOCUnchangedJustBinary and the 3 questions after that should be enlightening as to why people say this ;-) cost of physically performing source distribution, a complete ^^ Why would 'physically' be there if it didn't mean anything? When interpreting legal texts, that's one sort of question you should ask yourself. -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Tue, 26 Jun 2007, Alexandre Oliva wrote: On Jun 26, 2007, [EMAIL PROTECTED] wrote: unless you are saying that the GPLv3 is saying that a third party link now _is_ sufficiant. Yup. The improvement in GPLv3 is to relax the requirement of providing source code in physical medium if you choose to not distribute it along with the binaries. It's recognizing that internet access is no longer a barrier that could stop someone from obtaining the sources they're entitled to. Even someone who doesn't have regular or fast internet access can hire a third party who does to perform the download and record it. I.e., with GPLv3, you *can* point at the sources you used, even in a site that you don't control. However, if the site takes the sources out, you're still responsible for providing sources to those who received the sources from you from that point on. Or something like that, IANAL ;-) this sounds like a step backwards, you may not have the sources at that point if you were relying on the other site to host them. and by the way, internet access never was a barrier that could stop someone from obtaining them, the only issue was you hosting the source vs someone else hosting the source. David Lang - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 26, 2007, [EMAIL PROTECTED] wrote: > unless you are saying that the GPLv3 is saying that a third party link > now _is_ sufficiant. Yup. The improvement in GPLv3 is to relax the requirement of providing source code in physical medium if you choose to not distribute it along with the binaries. It's recognizing that internet access is no longer a barrier that could stop someone from obtaining the sources they're entitled to. Even someone who doesn't have regular or fast internet access can hire a third party who does to perform the download and record it. I.e., with GPLv3, you *can* point at the sources you used, even in a site that you don't control. However, if the site takes the sources out, you're still responsible for providing sources to those who received the sources from you from that point on. Or something like that, IANAL ;-) -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
"The source code for this product is available under the terms of the GPL from the following web page http://www.mycompanyname.com/gpl"; This assumes that no special steps are needed to obtain the software from that web page. But thats YOURcompanyname.com. Not a third party. If you gave as a link somebodyelsescompany.com/gpl then somebodyelse could get rid of the link, and your offer wouldn't be valid for "at least three years" T -- |_|0|_| |_|_|0| |0|0|0| - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
RE: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Alexandre Oliva: > On Jun 26, 2007, Al Boldi <[EMAIL PROTECTED]> wrote: > > > I read your scenario of the vendor not giving you the source to > > mean: not > > directly; i.e. they could give you a third-party download link. > > This has never been enough to comply with GPLv2. A lot of people seem to say this, but I don't think it's true. Section 3b says: Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, A web page with a download URL is just such an offer. The Internet is a medium customarily used for software interchange. I do not see why the following statement doesn't meet the requirements above: "The source code for this product is available under the terms of the GPL from the following web page http://www.mycompanyname.com/gpl"; This assumes that no special steps are needed to obtain the software from that web page. DS - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Tue, 26 Jun 2007, Alexandre Oliva wrote: On Jun 26, 2007, Al Boldi <[EMAIL PROTECTED]> wrote: I read your scenario of the vendor not giving you the source to mean: not directly; i.e. they could give you a third-party download link. This has never been enough to comply with GPLv2. FWIW, it is one of the improvements in GPLv3. either it's an improvement in the GPLv3 or it's a violation of GPLv2. you can't say that the GPLv2 prohibits it _and_ it's an improvement in the GPLv3. unless you are saying that the GPLv3 is saying that a third party link now _is_ sufficiant. this seems to be counter to what the FSF is claiming (with good reasoning. after all, you don't control the third party site, so it could change or go away and now the people who got the binaries from you can't get the sources) David Lang - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 26, 2007, Al Boldi <[EMAIL PROTECTED]> wrote: > I read your scenario of the vendor not giving you the source to mean: not > directly; i.e. they could give you a third-party download link. This has never been enough to comply with GPLv2. FWIW, it is one of the improvements in GPLv3. -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Alexandre Oliva wrote: > On Jun 26, 2007, Al Boldi <[EMAIL PROTECTED]> wrote: > >> Is it in the spirit of GPLv2? > > > > No, but that's besides the point. > > Thanks for informing me about the point *I*'m trying to make ;-) > > > You can only hold people responsible for the letter, lest there be > > chaos. > > That's not *quite* how it works, but that's a general idea, yes. > > >> How are the sources passed on in this way going to benefit the user or > >> the community? > > > > They still have to provide the source by other GPL means of their > > choosing. > > This is contradictory. You said the scenario I described was > permitted, and the scenario included the vendor's refusal to give > customers other copies of the sources. > > Which is it? I read your scenario of the vendor not giving you the source to mean: not directly; i.e. they could give you a third-party download link. Thanks! -- Al - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 26, 2007, Al Boldi <[EMAIL PROTECTED]> wrote: >> Is it in the spirit of GPLv2? > No, but that's besides the point. Thanks for informing me about the point *I*'m trying to make ;-) > You can only hold people responsible for the letter, lest there be chaos. That's not *quite* how it works, but that's a general idea, yes. >> How are the sources passed on in this way going to benefit the user or the >> community? > They still have to provide the source by other GPL means of their choosing. This is contradictory. You said the scenario I described was permitted, and the scenario included the vendor's refusal to give customers other copies of the sources. Which is it? -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Alexandre Oliva wrote: > Consider this scenario: vendor tivoizes Linux in the device, and > includes the corresponding sources only in a partition that is > theoretically accessible using the shipped kernel, but that nothing in > the software available in the machine will let you get to. Further, > sources (like everything else on disk) are encrypted, and you can only > decrypt it with hardware crypto that is disabled if the boot loader > doesn't find a correct signature for the boot partition, or maybe the > signature is irrelevant, given that everything on disk is encrypted in > such a way that, if you don't have the keys, you can't update the > kernel properly anyway. The vendor refuses to give customers other > copies of the sources. To add insult to the injury, the vendor > configures the computer to set up the encrypted disk partition > containing the sources as a swap device, such that the shared-secret > key used to access that entire filesystem is overwritten upon the > first boot, rendering the entire previous contents of the partition > holding the source code into an incomprehensible stream of bits. > > Does anyone think this is permitted by the letter of GPLv2? Yes. > Is it in the spirit of GPLv2? No, but that's besides the point. You can only hold people responsible for the letter, lest there be chaos. If there is a specific usage spirit you want to protect, then you must formulate it in letter. > How are the sources passed on in this way going to benefit the user or the > community? They still have to provide the source by other GPL means of their choosing. > Is this still desirable by the Linux developers? Looks undesirable to me, but still valid. Thanks! -- Al - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
In the sense that he can decide to remove all contributions from dissenting authors, yes, he does. But he can't impose his more lax interpretation upon other authors. Under copyright, it's the more yes, I saw my argument going weak as I wrote it, but what I said later: So if you own a part of the kernel, then you can pursuit TiVo on your own, if they did direct use of that part especifically and break (in your opinion) what you feel GPLv2 means. You can form the CATV2 (CodersAgainstTiVo v2) and try to get TiVo to stop using the Linux Kernel for their product (because, believe me, they WON'T release the keys). Yeay, we lost Tivo's improvements on the kernel, and the posibility of having a working kernel if anyone feels like back-ingeneering TiVo for their own amusement. is still right. What I meant, at least by the end of that email, was that he has the last word on trying to stop TiVo from using The Linux Kernel. Each author can still go and stop them from using his part, and the derivative work that is The Linux Kernel. But that brings another question: what if TiVo decided to remove all code from the complaining parts and rewrite them? that wouldn't be The Linux Kernel anymore, but it would be a derivative work of all the parts that don't disagree with Tivoization, but is that legal? -- |_|0|_| |_|_|0| |0|0|0| - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 22, 2007, "Tomas Neme" <[EMAIL PROTECTED]> wrote: > The thing is, what matters in copyright and licencing matters is what > the author of the code understands, no the licence's author, if > ambiguous. And the kernel's rights holder is Linus. Since he didn't get copyright assignments, each contributor is the copyright holder of her/his own contribution. And this means each holder gets a say on how s/he understood GPLv2. IANAL, but I think if Linus' intended interpretation had been clarified all the way from the beginning, he could have grounds to claim that everyone else had implicitly accepted that reading by contributing to the project. But since it was a decision made many years later, his clarification on his reading of the license is in a way an additional permission that affects only his own contributions; other authors are still entitled to try to enforce their understanding of the legal terms of the license, and they would have the spirit of the GPL and its preamble on their side to guide the interpretation. Even if contract law states something like, in adhesion contracts, the party who writes the contract gives the other party the benefits of any ambiguity in the writing, the GPL is not a contract, it's a license, and per copyright law, licenses are to be interpreted restrictively. > Linus has the last word on it. In the sense that he can decide to remove all contributions from dissenting authors, yes, he does. But he can't impose his more lax interpretation upon other authors. Under copyright, it's the more restrictive reading that prevails, in that any holder who understands his rights are being trampled can enforce them. And since at least one such author is vocal in his dissent, not even estoppel defenses would apply. But IANAL. -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
powerful. It is pretty obvious that when Linus adopted GPLv2 he didn't realize it reached that point. That when Tivo invented Tivoization, he decided he wanted to permit this, and thus grants an implicit additional permission for anyone to do it with his code, doesn't mean other participants in the Linux community feel the same way, or read the GPLv2 the same way, and could be somehow stopped from enforcing the license the way they meant it. The thing is, what matters in copyright and licencing matters is what the author of the code understands, no the licence's author, if ambiguous. And the kernel's rights holder is Linus. The authors of the particular bits of code can complain about what tivo's doing, but since TiVo's using the linux kernel, and GPLv2 says "These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it." Linus has the last word on it. IANAL, but as far as I can tell this reads as "this licence applies to the whole, not to the parts by themselves", and so does who the "holder" is, I'd believe. So if you own a part of the kernel, then you can pursuit TiVo on your own, if they did direct use of that part especifically and break (in your opinion) what you feel GPLv2 means. You can form the CATV2 (CodersAgainstTiVo v2) and try to get TiVo to stop using the Linux Kernel for their product (because, believe me, they WON'T release the keys). Yeay, we lost Tivo's improvements on the kernel, and the posibility of having a working kernel if anyone feels like back-ingeneering TiVo for their own amusement. T -- |_|0|_| |_|_|0| |0|0|0| - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 21, 2007, at 15:19:35, Stephen Clark wrote: David Schwartz wrote: On Wed, 20 Jun 2007 12:55:10 -0700 "David Schwartz" <[EMAIL PROTECTED]> wrote: A key is a number. A signature is a number. They are neither statements nor instructions. The argument that GPLv2 prohibits Tivoization is really and truly absurd. It has neither a legal nor a moral leg to stand on. A computer program is a number too. No, it's not. It can be expressed as a number, but it is not a number. ??? can be expressed as a number, but it is not a number ??? sure its a number. Keys are purely numbers, they are nothing else. Signatures are pure primitive facts encoded as numbers (authority X blessed object Y). A computer program is a set of instructions to accomplish a particular result. It can be expressed as a number, but that doesn't mean it is a number. It might be true in principle to develop a scheme whereby every physical object uniquely corresponds to an extremely large number. That doesn't turn physical objects into numbers. Both of you lose this argument. All irrational numbers, for example, "break" every copyright that could possibly exist. For example, you can find any arbitrary sequence of Base-N digits when you express PI in base-N form. I can simultaneously express both the laws of physics (not copyrightable) and the latest episode of the TV show "Numbers" (thoroughly copyrighted) as numbers. In fact, we do both all the time (you can express both the latest equations for theoretical physics and a TV show as bits (IE: numbers) on an HDD. Ergo "$FOO is a number" says *NOTHING* about whether or not copyright applies to $FOO. In case you haven't noticed, the whole damn point of math is that you can express *EVERYTHING* as numbers, albeit maybe horribly unbelievably complex ones. Now, back to actual legal issues: Since most copyright laws explicitly prevent copyrighting of pure math, the only actual protection you have for some collection of so-called numbers is whether or not the numbers *REPRESENT* something which may be copyrighted. Furthermore, copyright has _always_ been independent of representation; a person owns copyright on a book regardless of whether it's hardback, softcover, digital, memorized, etc. The person who owns the copyright on a book is able to prevent someone who has memorized the book from giving public recitals of said book, and the neuron-linkage-based storage the brain uses is about as far as you can possibly get from twiddling magnetic bits on a disk drive or dumping carbon-based inks on a page made of plant cellulose. Cheers, Kyle Moffett - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
RE: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 21, 2007, [EMAIL PROTECTED] wrote: > On Jun 21, 2007, [EMAIL PROTECTED] wrote: > >> For the record, GPLv2 is already meant to accomplish this. I don't > >> understand why people who disagree with this stance chose GPLv2. > >> Isn't "no further restrictions" clear enough? > > everyone else is reading this as 'no further license restrictions' > I didn't see anyone else add "license" where you did. "No further > restrictions on the rights granted herein" is very powerful and > extensive, and that's how it was meant to be. I agree. For example, a patent might impose a further restriction. The GPL was clearly meant to foreclose that. There are any number of other ways of nasty, subtle ways to impose further restrictions, and the GPLv2 meant to foreclose all of them. > > not no hardware restrictions' becouse GPLv2 explicitly says that it > > has nothing to do with running the software, only with distributing > > it. > It also says that running the software is not restricted, and since > copyright law in the US doesn't regulate execution, receiving the > software does grant the recipient the right to run the software. So > the distributor can't impose restrictions on it. Right. The response to this argument is that it is mind-bogglingly obvious that the GPL doesn't mean that no *authorization* decisions can stand in your way. It didn't mean that I couldn't keep the root password to my server secret even though that denies you the "right" to modify the Linux kernel running on it. Some entity has to decide what software runs on any particular piece of hardware, and it was never the intent of the GPL to specify or limit who that person was. This has been discussed many times over many years, longer before Tivoization was even thought of, and it was agreed that the GPL didn't foreclose authorization obstacles to software modification. Why doesn't Linux allow a non-root user to install a module or change which kernel the system runs? Doesn't that limit the GPL rights of all non-root users to modify the GPL'd kernel software on that machine? OF COURSE NOT. DS - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 21, 2007, [EMAIL PROTECTED] wrote: > On Thu, 21 Jun 2007, Alexandre Oliva wrote: >> On Jun 21, 2007, [EMAIL PROTECTED] wrote: >> >>> this is your right with your code. please stop browbeating people who >>> disagree with you. >> >> For the record, GPLv2 is already meant to accomplish this. I don't >> understand why people who disagree with this stance chose GPLv2. >> Isn't "no further restrictions" clear enough? > everyone else is reading this as 'no further license restrictions' I didn't see anyone else add "license" where you did. "No further restrictions on the rights granted herein" is very powerful and extensive, and that's how it was meant to be. > not no hardware restrictions' becouse GPLv2 explicitly says that it > has nothing to do with running the software, only with distributing > it. It also says that running the software is not restricted, and since copyright law in the US doesn't regulate execution, receiving the software does grant the recipient the right to run the software. So the distributor can't impose restrictions on it. -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Thu, 21 Jun 2007, Alexandre Oliva wrote: On Jun 21, 2007, [EMAIL PROTECTED] wrote: this is your right with your code. please stop browbeating people who disagree with you. For the record, GPLv2 is already meant to accomplish this. I don't understand why people who disagree with this stance chose GPLv2. Isn't "no further restrictions" clear enough? everyone else is reading this as 'no further license restrictions' not 'no hardware restrictions' becouse GPLv2 explicitly says that it has nothing to do with running the software, only with distributing it. David Lang - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 21, 2007, [EMAIL PROTECTED] wrote: > this is your right with your code. please stop browbeating people who > disagree with you. For the record, GPLv2 is already meant to accomplish this. I don't understand why people who disagree with this stance chose GPLv2. Isn't "no further restrictions" clear enough? -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 21, 2007, Andrew McKay <[EMAIL PROTECTED]> wrote: > Alexandre Oliva wrote: >> On Jun 21, 2007, Andrew McKay <[EMAIL PROTECTED]> wrote: >> >>> A balance of freedom to the licensee and the licenser. It's my >>> opinion that GPLv3 potentially shifts the balance too far to the >>> licensee. >> >> It's more of a balance of freedom between licensee and licensee, >> actually. It's a lot about making sure no one can acquire a >> privileged position, such that every licensee plays under the same >> rules. (The copyright holder is not *acquiring* a privileged >> position, copyright law had already granted him/her that position.) > I do see what you're saying here. But it does take the away the > ability of a licensee to protect themselves from another malicious > licensee. Sorry, I don't follow what the "it" refers to in your sentence. > If the ultimate goal of the Free Software community is to get source > code out to the public, I think that was captured in GPLv2. That's a correct logical inference, but since the premise is false, the conclusion is garbage. GPLv2 goes far beyond getting source code out to the public. It contains the "no further restrictions" language, which is very powerful. It is pretty obvious that when Linus adopted GPLv2 he didn't realize it reached that point. That when Tivo invented Tivoization, he decided he wanted to permit this, and thus grants an implicit additional permission for anyone to do it with his code, doesn't mean other participants in the Linux community feel the same way, or read the GPLv2 the same way, and could be somehow stopped from enforcing the license the way they meant it. Ultimately, the current situation is that we have two mutually-incompatible license intents being used in Linux, and no matter how much those who want to grant the permission say so, this doesn't trample other contributor's rights to enforce the license they chose for their code. Especially those who started contributing long before the decision that "what TiVo does is good" was announced. Now, since these two license intents are expressed by the same license, and what the license demands is that derived works must be under the same license, they are compatible, but since the intents are distinct, what prevails is, as in any case of combination of different licensing provisions, is the most restrictive provision. So Linux does not permit tivoization today. Linus does, Linux doesn't. All this fuss about the anti-tivoization provisions in GPLv3 is just a consequence of reading the GPLv2 without fully understanding its intended consequences, not having foresight to clarify the intent to constrain the "no further restrictions" provisions to match the alternate interpretation, and opposing the removal of the ambiguity because it doesn't match the choice that *some* of the developers would like it to go. Who's the ambiguity good for? -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Thu, 21 Jun 2007, Alexandre Oliva wrote: On Jun 21, 2007, [EMAIL PROTECTED] wrote: On Thu, 21 Jun 2007, Alexandre Oliva wrote: If it's input-only, then you can't possibly harm the operation of the network by only listening in, can you? Ok, so you consider any anti-piracy measures to be something that GPLv3 should prohibit. In general, I object to the use of my code in ways that don't permit users to run it for any purpose, study it, adapt it to suit their own needs, modify the code and distribute it, modified or not. If this means my code can't be used to implement DRM, that's a good thing. All anti-piracy measures I've ever known deprive users of legitimate rights too. So, yes, I don't agree with these measures. I believe in punishing the guilty, not in punishing innocent bystanders just such that the guilty have to find work arounds to become guilty. this is your right with your code. please stop browbeating people who disagree with you. David Lang - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 21, 2007, [EMAIL PROTECTED] wrote: > On Thu, 21 Jun 2007, Alexandre Oliva wrote: >> If it's input-only, then you can't possibly harm the operation of the >> network by only listening in, can you? > Ok, so you consider any anti-piracy measures to be something that > GPLv3 should prohibit. In general, I object to the use of my code in ways that don't permit users to run it for any purpose, study it, adapt it to suit their own needs, modify the code and distribute it, modified or not. If this means my code can't be used to implement DRM, that's a good thing. All anti-piracy measures I've ever known deprive users of legitimate rights too. So, yes, I don't agree with these measures. I believe in punishing the guilty, not in punishing innocent bystanders just such that the guilty have to find work arounds to become guilty. -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Alexandre Oliva wrote: On Jun 21, 2007, Andrew McKay <[EMAIL PROTECTED]> wrote: A balance of freedom to the licensee and the licenser. It's my opinion that GPLv3 potentially shifts the balance too far to the licensee. It's more of a balance of freedom between licensee and licensee, actually. It's a lot about making sure no one can acquire a privileged position, such that every licensee plays under the same rules. (The copyright holder is not *acquiring* a privileged position, copyright law had already granted him/her that position.) I do see what you're saying here. But it does take the away the ability of a licensee to protect themselves from another malicious licensee. If the ultimate goal of the Free Software community is to get source code out to the public, I think that was captured in GPLv2. GPLv3 oversteps its bounds. Anyways I think this topic has been quite covered. Andrew - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Alexandre Oliva wrote: On Jun 21, 2007, Andrew McKay <[EMAIL PROTECTED]> wrote: [EMAIL PROTECTED] wrote: how can the server tell if it's been tampered with? I agree with this statement. Err... That's a question, not a statement ;-) Sorry, that's what happens when one types before getting a cup of coffee in the morning. Andrew - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Thu, 21 Jun 2007, Alexandre Oliva wrote: On Jun 21, 2007, [EMAIL PROTECTED] wrote: On Thu, 21 Jun 2007, Alexandre Oliva wrote: On Jun 21, 2007, [EMAIL PROTECTED] wrote: no, one of the rules for the network is that the software must be certified, In this case you might have grounds to enforce this restriction of the network on the network controller itself, I suppose. how would the network controller know if the software has been modified? The loader could check that and set a flag in the controller. what sort of signal can the network controller send that couldn't be forged by the OS? Whatever the network controller designer created to enable it to do so. how would you do this where the device is a receiver on the netwoek (such as a satellite receiver) If it's input-only, then you can't possibly harm the operation of the network by only listening in, can you? Ok, so you consider any anti-piracy measures to be something that GPLv3 should prohibit. thanks for finally takeing a position. David Lang - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 21, 2007, [EMAIL PROTECTED] wrote: > On Thu, 21 Jun 2007, Lennart Sorensen wrote: >> You can't use this code if you cooporate with anyone that requires >> DRM systems. > I think their earlier versions did say this. Show me a GPLv3 draft that did it? Start here, section 3: http://gplv3.fsf.org/gpl-draft-2006-01-16.html > DRM does have some legitimate uses, for example redhat installations > not installing unsigned software is a form of DRM Doh. Then chmod og-r is DRM too. And stronger DRM while at that, since the user denied permission to read the file cannot take it back, whereas the verification of unsigned software is just a warning, that you can often bypass by telling the software to go ahead and install it regardless of signatures. -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 21, 2007, Andrew McKay <[EMAIL PROTECTED]> wrote: > A balance of freedom to the licensee and the licenser. It's my > opinion that GPLv3 potentially shifts the balance too far to the > licensee. It's more of a balance of freedom between licensee and licensee, actually. It's a lot about making sure no one can acquire a privileged position, such that every licensee plays under the same rules. (The copyright holder is not *acquiring* a privileged position, copyright law had already granted him/her that position.) -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 21, 2007, Andrew McKay <[EMAIL PROTECTED]> wrote: > [EMAIL PROTECTED] wrote: >> how can the server tell if it's been tampered with? > I agree with this statement. Err... That's a question, not a statement ;-) -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 21, 2007, [EMAIL PROTECTED] (Lennart Sorensen) wrote: > Apparently the only restrictions ever permitted are the ones the FSF > thinks of. Where does this nonsensical idea come from? How does it follow that, from FSF offering a licensing option to authors, you conclude that nobody could ever establish whatever other restrictions they liked? > So really what the GPL v3 wants to have is to make sure that the user > can reproduce from the sources a bit for bit identical copy of the > binaries? No, this is not enough to enable someone to adapt the software to one's own needs. > Too bad compilers that put time stamps and such into the > binary would make that imposible. This would be the copyright author imposing such a restriction, not the software distributor. > I don't think there is any way that can be written into the GPL that > can prevent all loop holes for how to make signed binaries. Which is one possible reason to explain why the FSF switched to the 'Installation Information' approach. > There doesn't have to be an agreement. The software company could just > release specs for a hardware design and let others freely go and build > them from that design. Aah, so the software company has designed a mechanism to restrict users' freedoms, and is just leaving it up to third parties to complete the implementation? I think these design documents could be used in a court to prove intent to impose restrictions on the users, but IANAL. >> However, if there's no such agreement, if the copyright holder has no >> copyright claims over the hardware or works shipped in it, there's >> nothing the copyright holder can do about it, and that's probably how >> it should be, since a copyright license (!= contract) can't possibly >> prohibit people from creating hardware limited in function, it can >> only tell people that, in order for them to have permission to modify >> or distribute the covered work, they must abide by certain conditions. >> And if they don't want to abide by the conditions, and they don't >> manage to obtain a license from the copyright holders that doesn't >> impose conditions they can't accept, they just can't modify or >> distribute the work. > But if the hardware ships with only code that simply waits for the user > to provide some code for it to isntall (which has to be signed in a way > the hardware likes), then the hardware has nothing to do with the > license of the software. Correct. That's pretty much what I said, isn't it? > I hope no one does this, but I still don't see how the GPLv3 draft deals > with this case, or even how it could deal with it. It doesn't, and it probably shouldn't. -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 21, 2007, Bernd Schmidt <[EMAIL PROTECTED]> wrote: > I went and made some comments on the draft, and they appear to no > longer be there a few days later. This would be very bad. Please let me know what they were about and I'll try to figure out what happened. Did you by any chance file them against an earlier draft? Those (for obvious reasons) no longer appear against the current draft, but they're still accessible by other means. -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 21, 2007, "David Schwartz" <[EMAIL PROTECTED]> wrote: >> On Wed, 20 Jun 2007 12:55:10 -0700 >> "David Schwartz" <[EMAIL PROTECTED]> wrote: >> > A key is a number. A signature is a number. They are neither >> > statements nor >> > instructions. The argument that GPLv2 prohibits Tivoization is >> > really and >> > truly absurd. It has neither a legal nor a moral leg to stand on. >> A computer program is a number too. > No, it's not. It can be expressed as a number, but it is not a number. By this logic, then a key is a key, and a signature is a signature. They can be expressed as numbers, sure. > A computer program is a set of instructions to accomplish a particular > result. It can be expressed as a number, but that doesn't mean it is a > number. A key is an input to a cryptographical algorithm, and a signature is an output. I could try to come up with more creative definitions, but you get the idea already. -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 21, 2007, [EMAIL PROTECTED] wrote: > On Thu, 21 Jun 2007, Alexandre Oliva wrote: >> On Jun 21, 2007, [EMAIL PROTECTED] wrote: >> >>> no, one of the rules for the network is that the software must be >>> certified, >> >> In this case you might have grounds to enforce this restriction of the >> network on the network controller itself, I suppose. > how would the network controller know if the software has been modified? The loader could check that and set a flag in the controller. > what sort of signal can the network controller send that couldn't be > forged by the OS? Whatever the network controller designer created to enable it to do so. > how would you do this where the device is a receiver on the netwoek > (such as a satellite receiver) If it's input-only, then you can't possibly harm the operation of the network by only listening in, can you? -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
David Schwartz wrote: On Wed, 20 Jun 2007 12:55:10 -0700 "David Schwartz" <[EMAIL PROTECTED]> wrote: A key is a number. A signature is a number. They are neither statements nor instructions. The argument that GPLv2 prohibits Tivoization is really and truly absurd. It has neither a legal nor a moral leg to stand on. A computer program is a number too. No, it's not. It can be expressed as a number, but it is not a number. ??? can be expressed as a number, but it is not a number ??? sure its a number. Keys are purely numbers, they are nothing else. Signatures are pure primitive facts encoded as numbers (authority X blessed object Y). A computer program is a set of instructions to accomplish a particular result. It can be expressed as a number, but that doesn't mean it is a number. It might be true in principle to develop a scheme whereby every physical object uniquely corresponds to an extremely large number. That doesn't turn physical objects into numbers. DS - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/ -- "They that give up essential liberty to obtain temporary safety, deserve neither liberty nor safety." (Ben Franklin) "The course of history shows that as a government grows, liberty decreases." (Thomas Jefferson) - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
> So much for "Land of the free". :( That was always just a typo. Its the Land of the Fee - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Thu, 21 Jun 2007, Lennart Sorensen wrote: On Thu, Jun 21, 2007 at 10:51:06AM -0700, [EMAIL PROTECTED] wrote: you snippede the bit about not knowing how to stop it I did? As far as I can tell I quoted it all. What did I miss? they call the section the anti-tivoization, how much more explicit can they get? They could be as explicit as: You can't use this code if you cooporate with anyone that requires DRM systems. I think their earlier versions did say this. All their attempts to define user devices and such is just going to screw up and miss some things they wanted covered, and disallow things they didn't intend to disallow (assuming there is any such thing). by the way, just in case anyone is misunderstanding me. I don't believe for a moment that all these anti-tamper features actually work in the real world (the PS3 hacking kits are proof of the lengths people will go to to make the 'hard' hardware-level hacking trivial to do) but the approach needs to be at secure modulo hardware tampering or software bugs. DRM is completely pointless. It only stops casual end users from doing things. It doesn't stop anyone with any technical clue from doing things. I keep hoping one day the people in charge at the big media companies will understand this, and stop asking for people to implement it. Of course in the mean time there are companies perfectly willing to claim to have unbreakable DRM for sale, while knowing full well (if they are competent) that it is a lie. So as long as the people in charge at big media are clueless about technology, and as long as there are companies willing to lie to them for money, then we will probably continue to have DRM crap to deal with. DRM does have some legitimate uses, for example redhat installations not installing unsigned software is a form of DRM I don't think the GPLv3 is the place to try to remove DRM. What the FSF should be doing is try to educate the people who are advocating the use of DRM about the fact that it can't ever work. You can make more and more stupid laws about how people can't remove the DRM, but people who break copyright obviously already are breaking the law, so what is the point in having more lows for them to break. That is where this problem should be fought, not in the GPLv3. The GPLv3 is never going to solve the problem, only educating people can do that. this is exactly what most of the people who are arguing against this provision are saying. David Lang - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
RE: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
> On Wed, 20 Jun 2007 12:55:10 -0700 > "David Schwartz" <[EMAIL PROTECTED]> wrote: > > A key is a number. A signature is a number. They are neither > > statements nor > > instructions. The argument that GPLv2 prohibits Tivoization is > > really and > > truly absurd. It has neither a legal nor a moral leg to stand on. > A computer program is a number too. No, it's not. It can be expressed as a number, but it is not a number. Keys are purely numbers, they are nothing else. Signatures are pure primitive facts encoded as numbers (authority X blessed object Y). A computer program is a set of instructions to accomplish a particular result. It can be expressed as a number, but that doesn't mean it is a number. It might be true in principle to develop a scheme whereby every physical object uniquely corresponds to an extremely large number. That doesn't turn physical objects into numbers. DS - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Thu, Jun 21, 2007 at 10:51:06AM -0700, [EMAIL PROTECTED] wrote: > you snippede the bit about not knowing how to stop it I did? As far as I can tell I quoted it all. What did I miss? > they call the section the anti-tivoization, how much more explicit can > they get? They could be as explicit as: You can't use this code if you cooporate with anyone that requires DRM systems. All their attempts to define user devices and such is just going to screw up and miss some things they wanted covered, and disallow things they didn't intend to disallow (assuming there is any such thing). > by the way, just in case anyone is misunderstanding me. I don't believe > for a moment that all these anti-tamper features actually work in the real > world (the PS3 hacking kits are proof of the lengths people will go to to > make the 'hard' hardware-level hacking trivial to do) but the approach > needs to be at secure modulo hardware tampering or software bugs. DRM is completely pointless. It only stops casual end users from doing things. It doesn't stop anyone with any technical clue from doing things. I keep hoping one day the people in charge at the big media companies will understand this, and stop asking for people to implement it. Of course in the mean time there are companies perfectly willing to claim to have unbreakable DRM for sale, while knowing full well (if they are competent) that it is a lie. So as long as the people in charge at big media are clueless about technology, and as long as there are companies willing to lie to them for money, then we will probably continue to have DRM crap to deal with. I don't think the GPLv3 is the place to try to remove DRM. What the FSF should be doing is try to educate the people who are advocating the use of DRM about the fact that it can't ever work. You can make more and more stupid laws about how people can't remove the DRM, but people who break copyright obviously already are breaking the law, so what is the point in having more lows for them to break. That is where this problem should be fought, not in the GPLv3. The GPLv3 is never going to solve the problem, only educating people can do that. -- Len Sorensen - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Thu, 21 Jun 2007, Lennart Sorensen wrote: On Thu, Jun 21, 2007 at 10:26:04AM -0700, [EMAIL PROTECTED] wrote: the bios doesn't have enough capability to talk to the outside world for updates. Of course, although perhaps it could. More likely my thought was that the service when it decides to download an update, would include the updated bios image and put it on the boot drive where the existing bios can find it. No signature needs to be added to the boot drive or kernel, just checksums in the bios image. what tivo actually does is very similar to this they encode into the bios the ability to check a checksum/signature for the kernel+boot filesystem and if they don't match look to see if there is another kernel+boot filesystem available then software on the boot filesystem checks to see if the rest of the system has been tampered with before it mounts / you snippede the bit about not knowing how to stop it the GPLv3 is trying to do this. Perhaps they should just explicitly say that then. they call the section the anti-tivoization, how much more explicit can they get? David Lang by the way, just in case anyone is misunderstanding me. I don't believe for a moment that all these anti-tamper features actually work in the real world (the PS3 hacking kits are proof of the lengths people will go to to make the 'hard' hardware-level hacking trivial to do) but the approach needs to be at secure modulo hardware tampering or software bugs. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Thu, Jun 21, 2007 at 10:26:04AM -0700, [EMAIL PROTECTED] wrote: > the bios doesn't have enough capability to talk to the outside world for > updates. Of course, although perhaps it could. More likely my thought was that the service when it decides to download an update, would include the updated bios image and put it on the boot drive where the existing bios can find it. No signature needs to be added to the boot drive or kernel, just checksums in the bios image. > what tivo actually does is very similar to this > > they encode into the bios the ability to check a checksum/signature for > the kernel+boot filesystem and if they don't match look to see if there is > another kernel+boot filesystem available > > then software on the boot filesystem checks to see if the rest of the > system has been tampered with before it mounts / > > the GPLv3 is trying to do this. Perhaps they should just explicitly say that then. -- Len Sorensen - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Thu, 21 Jun 2007, Lennart Sorensen wrote: On Wed, Jun 20, 2007 at 04:07:57PM -0400, Michael Poole wrote: I do not say that the BIOS is doing anything (legally) wrong. The wrong act is distributing the binary kernel image without distributing complete source code for it. So how about this idea then: Tivo builds a kernel for their box, and release all the sources for how to build exactly that kernel. Tivo builds a bios image for their box, and encodes into it the checksum of the kernel, or at least parts of it that they want to ensure are present and unmodified. Everytime the device boots, it checks the kernel image, and it the checksums match, it loads and runs the kernel, and otherwise it checks if there is a new bios image with a proper signature, updates itself and reboots and tries again. the bios doesn't have enough capability to talk to the outside world for updates. what tivo actually does is very similar to this they encode into the bios the ability to check a checksum/signature for the kernel+boot filesystem and if they don't match look to see if there is another kernel+boot filesystem available then software on the boot filesystem checks to see if the rest of the system has been tampered with before it mounts / Preventing people from doing things with their own hardware certainly seems morally wrong, but legally, I don't see any way to prevent it. I suppose you could say in the license: You may not use this code in any way if you do what the RIPP/MPAA/etc want you to do. the GPLv3 is trying to do this. David Lang - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Wed, Jun 20, 2007 at 04:07:57PM -0400, Michael Poole wrote: > I do not say that the BIOS is doing anything (legally) wrong. The > wrong act is distributing the binary kernel image without distributing > complete source code for it. So how about this idea then: Tivo builds a kernel for their box, and release all the sources for how to build exactly that kernel. Tivo builds a bios image for their box, and encodes into it the checksum of the kernel, or at least parts of it that they want to ensure are present and unmodified. Everytime the device boots, it checks the kernel image, and it the checksums match, it loads and runs the kernel, and otherwise it checks if there is a new bios image with a proper signature, updates itself and reboots and tries again. Preventing people from doing things with their own hardware certainly seems morally wrong, but legally, I don't see any way to prevent it. I suppose you could say in the license: You may not use this code in any way if you do what the RIPP/MPAA/etc want you to do. -- Len Sorensen - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Thu, Jun 21, 2007 at 01:23:01AM -0300, Alexandre Oliva wrote: > And then the user who uses such features in ways not permitted by the > copyright holders are committing a crime. They can be prosecuted by > the copyright holders and convicted of the crime. Well we already clearly know the content providers in the US don't trust anyone else, and certainly don't think just using copyright laws to sue people who violate copyright is enough. No they want to put all sorts of things in place to try to prevent it from even being possible to violate copyright in the first place. They don't believe in innocent until proven guilty at all. > That TiVo can somehow become liable for this just shows how broken the > legal system in the US is. It's like making a knife manufacturer > liable for a killing using a knife they made, just because the knife > didn't have technical measures intended to prevent the knife from > being used to kill people. So much for "Land of the free". :( -- Len Sorensen - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Thu, 21 Jun 2007, Tomas Neme wrote: > as long as this right is not used by the software distributor to > impose restrictions on the user's ability to adapt the software to > their own needs. The GPLv3 paragraph above makes a fair concession in > this regard, don't you agree? no, one of the rules for the network is that the software must be certified, you are requireing the device to permit the software to be changed to an uncertified version.(to store credit card numbers and send them to a third party for example) Also another way of doing this is having every network ask the kernel for its key, and checking it. If it doesn't match a certified key, then not allowing you to access the network. no, this doesn't work becouse if the software has been altered you don't know if the key it's giving you matches that software. it could be giving you the key from the unmodified software. David Lang - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Alan Cox wrote: You've made an important mistake. You said "their system". Now its "our code" and "whoever bought the units' hardware" so it isn't their anything. Yes, the hardware belongs to the user, and the software belongs to the Linux community. However I think I wasn't 100% clear, I also mean keeping companies networks and content secured. Credit card companies insuring the software hasn't been modified to skim cards (not that it's the only way to skim a card), If credit card companies are doing this they are failing badly and it clearly isn't working. Also lets be clear about this - I don't need any credit card company network access to skim older cards, and the newer ones have been broken by various non software schemes. Agreed. Credit card companies are failing very badly at preventing skimming. They definitely need to rethink their model of how the credit card system should work. or Tivo making sure that their content providers are protected. Lets look at the credit card example. Sure the user could modify the system and boot their own kernel, but it doesn't have to play nice with Mastercard's network anymore. Or better yet, would actually report that a certain business's card reader had been tampered with. That to me is a fair comment. I should IMHO be able to load my code and my keys on my Tivo. And Walt Disney in return probably should be quite free not to trust my keys. You need some fairly strong competition law enforcement to make all that work right in the marketplace but as a philosophical basis it seems fine. In practice it is likely to lead to serious monopoly abuse problems and all sorts of ugly tying of goods that you don't want in a free market. Given the completely ineffectual way the US enforces its anti-monopoly law, and the slowness of the EU at it the results might well be bad - but for other reasons. I agree as well, the model could be heavily abused. I'm not sure what the solution is as far as fighting monopolies and corporate greed. But I'd rather that it was fought through education of consumers and not with a license agreement that should be giving people freedom. A balance of freedom to the licensee and the licenser. It's my opinion that GPLv3 potentially shifts the balance too far to the licensee. Andrew McKay - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
[EMAIL PROTECTED] wrote: On Thu, 21 Jun 2007, Alexandre Oliva wrote: On Jun 21, 2007, [EMAIL PROTECTED] wrote: how exactly can they prevent a system that's been tampered with from accessing their network? By denying access to their servers? By not granting whatever is needed to initiate network sessions? And note, "it's been tampered with" is not necessarily enough of a reason to cut someone off, it has to meet these requirements: how can the server tell if it's been tampered with? I agree with this statement. Imagine a proprietary private network where a device has been modified to run in an invisible promiscuous mode. The device looks as if it isn't doing anything wrong, but is forwarding the network out another interface. The only way to prevent that type of attack is to not allow unauthorized signed Kernels onto that network. Andrew McKay - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Thu, Jun 21, 2007 at 10:56:33AM +0400, Manu Abraham wrote: > Providing the changes back itself is a great thing altogether. It also makes sense. If the changes are accepted back, the community at large will keep the changes maintained. Less work for me to do when going to newer code versions later. And even better, it may help someone else out too. A company is likely to like the reduced maintenance burden part, but I think the other part is even better. After all we saved time not having to write everything our selves, so helping others save time seems only fair. The GPL may only require giving the sources to the people who buys the product, but there isn't really any benefit to us in doing only that. -- Len Sorensen - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Wed, Jun 20, 2007 at 05:52:40PM -0300, Alexandre Oliva wrote: > On Jun 20, 2007, [EMAIL PROTECTED] (Lennart Sorensen) wrote: > > A patent prevents you from using the software in any way at all, > > while a hardware restriction prevents you from using the software on > > that particular hardware, but not on lots of other hardware. Very > > big difference. > > So, one disrespects a lot, the other disrespects a little. Is that > relevant, when the requirement is "no further restrictions"? What about the freedom to buy devices with certified code on it, while still being able to look through the source code and verify for yourself that it is correct and not full of bugs? Would it be better if the devices that have to be certified and locked down used secret code so that the purchaser can't verify the code? Apparently the only restrictions ever permitted are the ones the FSF thinks of. > > So what would happen if some company was to make software for a tivo and > > released their binaries signed with some specific key, and they released > > information on how to check this was signed with their key, and then > > some other companies went and made tivo hardware and decided that they > > would only allow code signed by the first companies key to run on it, > > I was pretty sure this had been covered in the section about technical > barriers to modification in the third draft's rationale, but I can't > find it right now. http://gplv3.fsf.org/gpl3-dd3-rationale.pdf So really what the GPL v3 wants to have is to make sure that the user can reproduce from the sources a bit for bit identical copy of the binaries? Too bad compilers that put time stamps and such into the binary would make that imposible. I don't think there is any way that can be written into the GPL that can prevent all loop holes for how to make signed binaries. > Anyhow, the argument I read went like: if there's an agreement between > the parties to do this, then the copyright holder can probably enforce > the license regardless of the software and hardware distributor being > different parties, since the software is being distributed with > information whose purpose is to enable the hardware to deny the user > the freedom to run modified versions of the software. There doesn't have to be an agreement. The software company could just release specs for a hardware design and let others freely go and build them from that design. > However, if there's no such agreement, if the copyright holder has no > copyright claims over the hardware or works shipped in it, there's > nothing the copyright holder can do about it, and that's probably how > it should be, since a copyright license (!= contract) can't possibly > prohibit people from creating hardware limited in function, it can > only tell people that, in order for them to have permission to modify > or distribute the covered work, they must abide by certain conditions. > And if they don't want to abide by the conditions, and they don't > manage to obtain a license from the copyright holders that doesn't > impose conditions they can't accept, they just can't modify or > distribute the work. But if the hardware ships with only code that simply waits for the user to provide some code for it to isntall (which has to be signed in a way the hardware likes), then the hardware has nothing to do with the license of the software. The signed binaries from the service provider/software developer on the other hand is GPL and the sources are released with changes. They just happen to sign their binaries in a way that allows them to install on the hardware in question. It could also install on hardware that doesn't check the signature as long as it is functionally identical otherwise. I hope no one does this, but I still don't see how the GPLv3 draft deals with this case, or even how it could deal with it. -- Len Sorensen - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
> as long as this right is not used by the software distributor to > impose restrictions on the user's ability to adapt the software to > their own needs. The GPLv3 paragraph above makes a fair concession in > this regard, don't you agree? no, one of the rules for the network is that the software must be certified, you are requireing the device to permit the software to be changed to an uncertified version.(to store credit card numbers and send them to a third party for example) Also another way of doing this is having every network ask the kernel for its key, and checking it. If it doesn't match a certified key, then not allowing you to access the network. Besides the fact that this would be a very costly approach, having every network needing to update their certified keys list every time TiVo and every other DVR vendor updates their kernels, it would also prevent any form of modified software to give you any of the TiVo's expected functionality: it would load, you would be able to play pong on it, but not watch or record TV, and they can't be blamed for it, because if the kernel's been tampered with, it might have been made so it saves the video unencrypted on the Harddrive, and it certainly *is* the network's right to stop you from doing so. So what the fuck do you want from them? T -- |_|0|_| |_|_|0| |0|0|0| - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
> > You've made an important mistake. You said "their system". Now its "our > > code" and "whoever bought the units' hardware" so it isn't their anything. > > Yes, the hardware belongs to the user, and the software belongs to the Linux > community. However I think I wasn't 100% clear, I also mean keeping > companies > networks and content secured. Credit card companies insuring the software > hasn't been modified to skim cards (not that it's the only way to skim a > card), If credit card companies are doing this they are failing badly and it clearly isn't working. Also lets be clear about this - I don't need any credit card company network access to skim older cards, and the newer ones have been broken by various non software schemes. > or Tivo making sure that their content providers are protected. Lets look > at > the credit card example. Sure the user could modify the system and boot > their > own kernel, but it doesn't have to play nice with Mastercard's network > anymore. > Or better yet, would actually report that a certain business's card reader > had > been tampered with. That to me is a fair comment. I should IMHO be able to load my code and my keys on my Tivo. And Walt Disney in return probably should be quite free not to trust my keys. You need some fairly strong competition law enforcement to make all that work right in the marketplace but as a philosophical basis it seems fine. In practice it is likely to lead to serious monopoly abuse problems and all sorts of ugly tying of goods that you don't want in a free market. Given the completely ineffectual way the US enforces its anti-monopoly law, and the slowness of the EU at it the results might well be bad - but for other reasons. Alan - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Wed, 20 Jun 2007 12:55:10 -0700 "David Schwartz" <[EMAIL PROTECTED]> wrote: > > > The kernel you build from the source code that Tivo distributes must > > be accepted by Tivo's hardware without making other modifications (to > > Tivo's hardware or bootloader). If that is possible, I will retract > > what I said. If it is not possible, they are omitting part of the > > program's source code: > > > > A "computer program" is a set of statements or instructions to be > > used directly or indirectly in a computer in order to bring about > > a certain result. > > -- US Code, Title 17, Section 101 > > A key is a number. A signature is a number. They are neither statements nor > instructions. The argument that GPLv2 prohibits Tivoization is really and > truly absurd. It has neither a legal nor a moral leg to stand on. A computer program is a number too. Alan - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Greg KH wrote: On Sun, Jun 17, 2007 at 02:56:24AM -0300, Alexandre Oliva wrote: If you want your opinions to stand a chance to make a difference, the right place to provide them is gplv3.fsf.org/comments, and time is running short. [...] So, why would we want to waste our time filling out web forms after that? In case anyone was wondering if the FSF is genuinely interested in feedback - I went and made some comments on the draft, and they appear to no longer be there a few days later. Thanks for the invitation Alex. Bernd - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Wed, 2007-06-20 at 22:30 -0700, [EMAIL PROTECTED] wrote: > > asking a device that's running software that you haven't verified to give > you a checksum of itself isn't going to work becouse the software can just > lie to you. > I don't think there is any way I _could_ make a device if it had to be tamper proof and use free software if that was the case. I'd need to make some kind of proprietary network connection back to my company that used its own network device. I could not trust it if the free kernel could touch it, if I wanted to allow a modified in place kernel. If I hope for that device to use the internet to talk to me (i.e. just a secondary nic), I'd have to write my own kernel to power this second network device that was capable of encrypting and validating traffic over tcp-ip. Or I have to pull my own copper to every location where my device is used. So either way, I'm writing my own kernel if I want to do that, because I could not POSSIBLY allow the kernel talking to my private connection to the device to be modified. What a nasty, vicious cycle that would be. Yikes! --Tim - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Bernd Petrovitsch wrote: > On Wed, 2007-06-20 at 18:14 -0300, Tomas Neme wrote: > [] >> Why, if you let user-compiled kernels to run in a TiVo, it might be >> modified so the TiVo can be used to pirate-copy protected content, > > Or it might be modified to fix a bug - either a technical one or a legal > one as described below. > >> which is a serious security hole. TiVo would need to read, approve of, > > "Pirate copying" is forbidden anyways in almost every jurisdiction > AFAIK. Perhaps we should disallow cars on the streets since one could > drive too fast with them. > Pirate copying should not be a reason to keep things closed as there are better methods to keep things open, yet provide a _not_ free service. But that would be upto the vendor how/what they wish to do rather than we talking about it. Which would be of no use. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Wed, 2007-06-20 at 18:14 -0300, Tomas Neme wrote: [] > Why, if you let user-compiled kernels to run in a TiVo, it might be > modified so the TiVo can be used to pirate-copy protected content, Or it might be modified to fix a bug - either a technical one or a legal one as described below. > which is a serious security hole. TiVo would need to read, approve of, "Pirate copying" is forbidden anyways in almost every jurisdiction AFAIK. Perhaps we should disallow cars on the streets since one could drive too fast with them. And it is not a security hole for the owner of the hardware (I consider secret keys somewhere else a much greater security threat) to the Linux community or a lot of other entities. Probably just music industry thinks like above. And there are legislations were it is *legal* to make private copies (for sure as long as you don't pass them on and somewhere even giving away for nothing is legal). So I actually have a *right* (which also can't be killed by contracts) to copy that movie for my private use. And up to now it is actually legal in .at to do (more or less) everything to get this right (and that may include hacking the device). > and sign any modified kernels the users intend to use on their > hardware. If GPLv3 allows for this, it'd be doing exactly that Bernd -- Firmix Software GmbH http://www.firmix.at/ mobil: +43 664 4416156 fax: +43 1 7890849-55 Embedded Linux Development and Services - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
[EMAIL PROTECTED] wrote: > what sort of signal can the network controller send that couldn't be > forged by the OS? > > how would you do this where the device is a receiver on the netwoek > (such as a satellite receiver) just for the question on the HOWTO (not on anything else) You can easily have scrambled streams with regards to DVB, eg: using EN50221. Some (like NDS for example in _some_ instances) use proprietary schemes, but there are standards based methods also. eg: Common Scrambling Algorithm (CSA) But in any case, this can be broken down too .. :-) - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Thu, 21 Jun 2007, Alexandre Oliva wrote: On Jun 21, 2007, [EMAIL PROTECTED] wrote: no, one of the rules for the network is that the software must be certified, In this case you might have grounds to enforce this restriction of the network on the network controller itself, I suppose. how would the network controller know if the software has been modified? Not that you should disable the network controller entirely (this would render the computer useless for many other purpose unrelated with blocking connections to your network). You could instead arrange for the network controller to send some signal that enables the network to recognize that the device is running certified software. what sort of signal can the network controller send that couldn't be forged by the OS? how would you do this where the device is a receiver on the netwoek (such as a satellite receiver) David Lang - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Thu, 21 Jun 2007, Alexandre Oliva wrote: On Jun 21, 2007, [EMAIL PROTECTED] wrote: frankly, I haven't checked the licenses on the software. I'd suggest going to www.tivo.com/linux and download all the source for all the different versions there. Yeah, thanks, I remembered someone had posted that URL the second after a hit Send :-( I've already got cmd.tar.gz and I'm looking at it now. Thanks again, by the way, it looks like there is one wireless driver that they ship in some releases but don't provide the source for. but if you plan on going after them for that you better go after everyone who ships binary kernel modules. Only copyright holders of Linux can go after them on matters of kernel drivers. Or is this driver derived from any software copyrighted by myself? Or did you mean the FSF, with whom I'm not associated in any way other than ideologically? from the page listed above NOTE: 4.0.1a and later releases contain Atmel WLAN drivers in addition to the other network adapter drivers that are posted here. These WLAN drivers were received by TiVo directly from Atmel and are under the terms of a formal non-disclosure agreement, so we cannot publish them under the terms of the GPL version 2. Atmel has since released a different version of the drivers under the GPL version 2; however, that release does not change our prior obligation with Atmel. At this time, we have no plans to use Atmel's publicly released drivers in our development. when I talked about 'going after tivo' I wasn't just refering to doing so with lawsuits. the way some people in this thread have acted I could see people trying to use this as 'the smoking gun' that proves that the evil tivo people didn't release everything they were supposed to. modules are a grey area, some are clearly derived from the kernel and some are just as clearly not derived from the kernel, most are not as clear. I don't know the situation for this particular module, but that has nothing to do with this topic. David Lang - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 21, 2007, [EMAIL PROTECTED] wrote: > no, one of the rules for the network is that the software must be > certified, In this case you might have grounds to enforce this restriction of the network on the network controller itself, I suppose. Not that you should disable the network controller entirely (this would render the computer useless for many other purpose unrelated with blocking connections to your network). You could instead arrange for the network controller to send some signal that enables the network to recognize that the device is running certified software. -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 21, 2007, [EMAIL PROTECTED] wrote: > frankly, I haven't checked the licenses on the software. I'd suggest > going to www.tivo.com/linux and download all the source for all the > different versions there. Yeah, thanks, I remembered someone had posted that URL the second after a hit Send :-( I've already got cmd.tar.gz and I'm looking at it now. Thanks again, > by the way, it looks like there is one wireless driver that they ship > in some releases but don't provide the source for. but if you plan on > going after them for that you better go after everyone who ships > binary kernel modules. Only copyright holders of Linux can go after them on matters of kernel drivers. Or is this driver derived from any software copyrighted by myself? Or did you mean the FSF, with whom I'm not associated in any way other than ideologically? -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Lennart Sorensen wrote: > On Tue, Jun 19, 2007 at 07:28:22PM +0400, Manu Abraham wrote: >> Well, it is not Tivo alone -- look at http://aminocom.com/ for an >> example. If you want the kernel sources pay USD 50k and we will provide >> the kernel sources, was their attitude. > > Hmm, set top boxes are often rented from the cable company rather than > sold. Stupid grey area for sure. At least tivo does give you the > sources, without demanding more money. Rather big difference. I am not talking about the rented aspect, since these STB's are usually sold rather than rented. >> Well, it is not Tivo alone, a large chunk of the vendors do that. The >> vendors who actually do it the clean way are just few and can be counted >> very easily. > > Well at least where I work we don't try to lock down the hardware, we do > contribute our changes and bug fixes to upstream when it makes sense > (and where our changes wouldn't make sense for upstream, they are still > clearly included with the sources we have.) If a customer wants a copy > of the sources, they will get a nice DVD, although strangely none have > asked for one yet. Providing the changes back itself is a great thing altogether. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Thu, 21 Jun 2007, Alexandre Oliva wrote: On Jun 21, 2007, [EMAIL PROTECTED] wrote: how exactly can they prevent a system that's been tampered with from accessing their network? By denying access to their servers? By not granting whatever is needed to initiate network sessions? And note, "it's been tampered with" is not necessarily enough of a reason to cut someone off, it has to meet these requirements: how can the server tell if it's been tampered with? when the modification itself materially and adversely affects the operation of the network or violates the rules and protocols for communication across the network. (something even you say they have a right to do) as long as this right is not used by the software distributor to impose restrictions on the user's ability to adapt the software to their own needs. The GPLv3 paragraph above makes a fair concession in this regard, don't you agree? no, one of the rules for the network is that the software must be certified, you are requireing the device to permit the software to be changed to an uncertified version.(to store credit card numbers and send them to a third party for example) David Lang - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Thu, 21 Jun 2007, Alexandre Oliva wrote: On Jun 21, 2007, [EMAIL PROTECTED] wrote: On Thu, 21 Jun 2007, Alexandre Oliva wrote: On Jun 20, 2007, [EMAIL PROTECTED] wrote: but the signature isn't part of the kernel, and the code that checks the signature is completely independant. Well, then remove or otherwise mangle the signature in the disk of your TiVo DVR and see at what point the boot-up process halts. I have actually done exactly that. what happens is that the bootloader detects a problem and switches to the other active partition ane reboots. ir neither of the boot partitions meet the requirements the cycle will continue forever. Oh, too bad. That must be a bug in the boot loader, right? :-) BTW, since you got a TiVo... I'm writing an article on Tivoization, could you (or anyone else) please help me get information as to what other GPLed programs or libraries TiVo includes in their devices? Thanks in advance, frankly, I haven't checked the licenses on the software. I'd suggest going to www.tivo.com/linux and download all the source for all the different versions there. by the way, it looks like there is one wireless driver that they ship in some releases but don't provide the source for. but if you plan on going after them for that you better go after everyone who ships binary kernel modules. David Lang - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 21, 2007, [EMAIL PROTECTED] wrote: > how exactly can they prevent a system that's been tampered with from > accessing their network? By denying access to their servers? By not granting whatever is needed to initiate network sessions? And note, "it's been tampered with" is not necessarily enough of a reason to cut someone off, it has to meet these requirements: > when the modification itself materially and adversely affects the > operation of the network or violates the rules and protocols for > communication across the network. > (something even you say they have a right to do) as long as this right is not used by the software distributor to impose restrictions on the user's ability to adapt the software to their own needs. The GPLv3 paragraph above makes a fair concession in this regard, don't you agree? -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 21, 2007, [EMAIL PROTECTED] wrote: > On Thu, 21 Jun 2007, Alexandre Oliva wrote: >> On Jun 20, 2007, [EMAIL PROTECTED] wrote: >> >>> but the signature isn't part of the kernel, and the code that checks >>> the signature is completely independant. >> >> Well, then remove or otherwise mangle the signature in the disk of >> your TiVo DVR and see at what point the boot-up process halts. > I have actually done exactly that. what happens is that the bootloader > detects a problem and switches to the other active partition ane > reboots. ir neither of the boot partitions meet the requirements the > cycle will continue forever. Oh, too bad. That must be a bug in the boot loader, right? :-) BTW, since you got a TiVo... I'm writing an article on Tivoization, could you (or anyone else) please help me get information as to what other GPLed programs or libraries TiVo includes in their devices? Thanks in advance, -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Tue, Jun 19, 2007 at 07:28:22PM +0400, Manu Abraham wrote: > Well, it is not Tivo alone -- look at http://aminocom.com/ for an > example. If you want the kernel sources pay USD 50k and we will provide > the kernel sources, was their attitude. Hmm, set top boxes are often rented from the cable company rather than sold. Stupid grey area for sure. At least tivo does give you the sources, without demanding more money. Rather big difference. > Well, it is not Tivo alone, a large chunk of the vendors do that. The > vendors who actually do it the clean way are just few and can be counted > very easily. Well at least where I work we don't try to lock down the hardware, we do contribute our changes and bug fixes to upstream when it makes sense (and where our changes wouldn't make sense for upstream, they are still clearly included with the sources we have.) If a customer wants a copy of the sources, they will get a nice DVD, although strangely none have asked for one yet. -- Len Sorensen - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Thu, 21 Jun 2007, Alexandre Oliva wrote: On Jun 20, 2007, [EMAIL PROTECTED] wrote: On Wed, 20 Jun 2007, Alexandre Oliva wrote: Subject: Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3 On Jun 20, 2007, Andrew McKay <[EMAIL PROTECTED]> wrote: However, I don't see how this would ever require a company like Tivo or Mastercard to have their networks play nice with a unit that has been modified by the end user, potentially opening up some serious security holes. Which is why the GPLv3 doesn't make the requirement that you stated. so if the BIOS checked the checksum of the boot image and if it found it wasn't correct would disable the video input hardware but let you boot the system otherwise it would be acceptable to you and the GPLv3? I don't think so, but IANAL. What do you think? Here's what I think to be the relevant passages. [...] The information must suffice to ensure that the continued functioning of the modified object code is in no case prevented or interfered with solely because modification has been made. [...] The requirement to provide Installation Information does not include a requirement to continue to provide support service, warranty, or updates for a work that has been modified or installed by the recipient, or for the User Product in which it has been modified or installed. Network access may be denied when the modification itself materially and adversely affects the operation of the network or violates the rules and protocols for communication across the network. Ok, so if refusing to run software that's tampered with isn't acceptable, and disabling the hardware that would be needed to talk on the network isn't acceptable. how exactly can they prevent a system that's been tampered with from accessing their network? (something even you say they have a right to do) asking a device that's running software that you haven't verified to give you a checksum of itself isn't going to work becouse the software can just lie to you. you claim they have this right, but then claim to prohibit every possible method of them excercising that right. pick one side or the other, you don't get both. David Lang - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 20, 2007, Linus Torvalds <[EMAIL PROTECTED]> wrote: > It allows everybody do make that choice that I consider to be really > important: the choice of how something _you_ designed gets used. > And it does that exactly by *limiting* the license to only that one work. > Not trying to extend it past the work. Actually, the two paragraphs above are contradictory, and the second is not true in as much as it gives way to the former. Consider an independent file contributed to Linux. It is an independent work. But the moment it gets combined with Linux, the only license you can use is GPLv2. Consider a patch, or any modified version of Linux. It's another work. But the license applies to it as well. Similarly, the GPL affects patents that somehow cover the work: the distributor can no longer enforce them against downstream users of the software. See? > The GPLv3 can never do that. It does it in just the same way that GPLv1 and GPLv2 do: "no further restrictions". That it has to make some of them explicit, such that people understand they apply, or such that this provision can't be trampled on by other laws that by default trample copyright law, is just a legal implementation detail. > It's missing the point that "morals" are about _personal_ choices. You > cannot force others to a certain moral standpoint. FWIW, I tend to consider morals more of a society issue than an individual issue. Morals encode what the society understands to be the common good, and that's often something evolutionary, even with biological roots. Laws (as you say) try to reflect the morals of the society, but since it's based on morals, it often lags behind. Which is why some laws become forgotten and no longer applied, even if still applicable in theory. And that's also why (as you alluded to in your message), when laws actively diverge from morals, you observe a lot of civil disobedience: think DRM, DMCA, non-benevolent dictatorships and other abusive regimes. I must say that it *is* lovely to watch you talk about morals in ways that I agree so much with, even if I dissent in a some details. This has further increased my admiration for you. Thank you. -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 20, 2007, "Jesper Juhl" <[EMAIL PROTECTED]> wrote: > On 18/06/07, Alexandre Oliva <[EMAIL PROTECTED]> wrote: >> Your analysis stopped at the downside of prohibiting tivoization. You >> didn't analyze the potential upsides, > Maybe that's because I don't really see any up sides. You do: > a few vendors that currently tivoize hardware may open up their > hardware but I doubt that will be very many You just don't think they'd prevail over the downsides. *This* is an opinion I can respect, even if it's as much of a guestimate as mine. I'm sure both are highly influenced by personal opinions, wishful thinking and fears. This is all very human. >> so you may indeed come to different conclusions, and they may very >> well be wrong. > Just because I come to a different conclusion than you doesn't > nessesarily make it wrong. Agreed. I didn't say they were. I said they could be. Can you prove they're right? Do you even have any supporting evidence to back your guestimates? Heck, you may even have more than I do. I openly admit mine is mostly theoretical. I extrapolate the initial success of GNU+Linux on the PC environment, due in a large part to the ability for users to tinker with their computers, and expect it not to be so significantly different for other kinds of computers. For sure you'll get a far lower *percentage* of hackers in consumer devices than on PCs, whose users used to be far more technically-inclined and thus more propense to become hackers when GNU+Linux started than these days. But then I think of all of these computer users who helped make GNU+Linux what it is today, and other hackers that hadn't discovered this inclination before because they haven't had access to hackable computers. They could be tinkering with their DVRs, cell phones, wireless routers et al, and bringing the same kind of exciting community development to these kinds of computers. I'm saddened that the major Linux developers are willing to trade all of this (which I openly admit may be just a figment of my imagination, or just a tip of an iceberg) for some professional contributions (good) and some additional exposure that won't do justice to their software (bad), because these users will miss a big part of the picture by not being able to tinker with the software in the environment where they use the software. >> It's very human to look only at the potential downside of an action >> and conclude it's a bad action. > And you believe yourself to be immune to that - right? Last I looked, I was still human. So no. I try to use logic to reason out such behaviors when I realize they might be in action. But, as the saying goes, logic is a tool we use to justify our intutions. Or, logical reasoning is a tool to make the wrong decisions with a greater amount of confidence ;-) >> You can create the device using GPLv3 software in it. > Not as long as I want to prevent the user from tampering with it, no. mumble ROM mumble > But do you really expect a vendor to put a device on the market where > they also lock themselves out of upgrading it and releasing new > software for it? Depends on how badly they want to use the GPLed software. Don't you guys think Linux is so technically superior that some vendors might prefer to stick with it (should it move to GPLv3, or tivoization be found to be already forbidden by GPLv2 in a US court or elsewhere) even if this means going to ROM or respecting users' freedoms? Or are Linux advantages so thin and fragile (if they exist at all) that you're just hoping nobody realizes there are better choices out there, and you're desperate for vendors not to realize this? > For a few select individuals that may be true. But for the majority of > the population it won't mean a thing. Agreed. You're thinking of percentages (fewer percent hackers among consumers of user products than among PC users). I'm thinking all hackers in PCs could become hackers of such devices as well, and then some. >> This is the upside that you left out from your analysis, and from >> every other analysis that set out to "prove" that anti-tivoization is >> bad that I've seen so far. > I'm sorry, but I don't think it holds water. Fair enough. -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 20, 2007, [EMAIL PROTECTED] wrote: > On Wed, 20 Jun 2007, Alexandre Oliva wrote: >> We already know the vendor doesn't care about the user, so why should >> we take this into account when analyzing the reasoning of the vendor? > no, we don't know this. you attribute the reason for the lockdown to > be anti-user. others view it as being pro-user becouse it lets the > user get functionality that they wouldn't have access to otherwise. Yeah, yeah, now please put your hands to the back such that I can place your handcuffs, such that you can't use your hands to kill someone. Well, you might still be able to use your hands for this purpose if you're really clever, or you can kill people by other means. But at least I'll be able to claim that I did my part. :-/ -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 20, 2007, [EMAIL PROTECTED] wrote: > On Wed, 20 Jun 2007, Alexandre Oliva wrote: >> Subject: Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3 >> >> On Jun 20, 2007, Andrew McKay <[EMAIL PROTECTED]> wrote: >> >>> However, I don't see how this would ever require a company like Tivo >>> or Mastercard to have their networks play nice with a unit that has >>> been modified by the end user, potentially opening up some serious >>> security holes. >> >> Which is why the GPLv3 doesn't make the requirement that you stated. > so if the BIOS checked the checksum of the boot image and if it found > it wasn't correct would disable the video input hardware but let you > boot the system otherwise it would be acceptable to you and the GPLv3? I don't think so, but IANAL. What do you think? Here's what I think to be the relevant passages. [...] The information must suffice to ensure that the continued functioning of the modified object code is in no case prevented or interfered with solely because modification has been made. [...] The requirement to provide Installation Information does not include a requirement to continue to provide support service, warranty, or updates for a work that has been modified or installed by the recipient, or for the User Product in which it has been modified or installed. Network access may be denied when the modification itself materially and adversely affects the operation of the network or violates the rules and protocols for communication across the network. -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 20, 2007, "Tomas Neme" <[EMAIL PROTECTED]> wrote: >> > However, I don't see how this would ever require a company like Tivo >> > or Mastercard to have their networks play nice with a unit that has >> > been modified by the end user, potentially opening up some serious >> > security holes. >> >> Which is why the GPLv3 doesn't make the requirement that you stated. > Why, if you let user-compiled kernels to run in a TiVo, it might be > modified so the TiVo can be used to pirate-copy protected content, And then the user who uses such features in ways not permitted by the copyright holders are committing a crime. They can be prosecuted by the copyright holders and convicted of the crime. That TiVo can somehow become liable for this just shows how broken the legal system in the US is. It's like making a knife manufacturer liable for a killing using a knife they made, just because the knife didn't have technical measures intended to prevent the knife from being used to kill people. -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 20, 2007, [EMAIL PROTECTED] wrote: > On Wed, 20 Jun 2007, Alexandre Oliva wrote: >> On Jun 20, 2007, [EMAIL PROTECTED] (Lennart Sorensen) wrote: It is the duty of the FSF to defend these freedoms. It's its public mission. That's a publicly stated goal of the GPL, for anyone who cares to understand it, or miss it completely and then complain about changes in spirit. >> >>> I wouldn't call it a duty. It is the chosen mission perhaps, but nobody >>> is making them do it. >> >> Everyone who donates to it does so understanding what the mission is. >> Detracting from that mission would be failing the public commitment. > true, but selecting the GPL as the license for your project is not > donating to the FSF. Oh, that's what you meant. Indeed, absolutely not. The GPL is "just" a set of permissions you, as an author, grant to anyone who comes across your program. Whether you share FSF's goals or not, you can do that. If you share FSF's goals of not only respecting users' freedoms, but also defending them as much as deemed legally possible under copyright law, you can also offer your code under any later version of the GPL, such that it remains usable by the community who cares about this. In theory, this shouldn't be a problem for anyone who chose the GPLv2, since all of the permissions granted by GPLv3 are granted by GPLv2, and this is how it should be. The difference is that GPLv3 plugs some holes that were found in GPLv2, in a similar way that GPLv2 plugged holes found in GPLv1, and GPL "plugs holes" in LGPL, which "plugs holes" in other even more permissive licenses. Each GPL revision is expected to plug holes ("address new problems", as in the legal terms of GPLv2) that might enable licensees to deny other licensees the rights you meant to grant them. This will necessarily make each revision incompatible with the previous, for being stricter, thus imposing further restrictions, even if only by removing exploitable ambiguities. This should have been clear since GPLv1, anyone who understands the goals of the GPL and with enough foresight to understand the recommendation of permitting relicensing under newer versions should be able to see this. So, since new restrictions are always on licensees' ways to deny other licensees the enjoyment of the permissions you meant to grant them, if you mean to permit people to use your work in the ways permitted by GPLv2, not permitting them to be used in GPLv3 software amounts to pure selfishness: "if I won't get to use your code, you don't get to use mine." Tit-for-tat, for sure, but certainly not in the spirit of sharing clearly established early in the preamble of every version of the GPL. Permitting such relicensing wouldn't deny anyone any freedom, and it wouldn't create any obligations whatsoever for the licensor. Whoever wanted to use the work under the more liberal terms of the earlier version of the GPL under which the work was licensed still could: this license can't be unilaterally revoked, not by you, not by anyone else. -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Thu, 21 Jun 2007, Alexandre Oliva wrote: On Jun 20, 2007, [EMAIL PROTECTED] wrote: but the signature isn't part of the kernel, and the code that checks the signature is completely independant. Well, then remove or otherwise mangle the signature in the disk of your TiVo DVR and see at what point the boot-up process halts. I have actually done exactly that. what happens is that the bootloader detects a problem and switches to the other active partition ane reboots. ir neither of the boot partitions meet the requirements the cycle will continue forever. David Lang - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 20, 2007, "David Schwartz" <[EMAIL PROTECTED]> wrote: > A key is a number. A signature is a number. And a program is a number. http://asdf.org/~fatphil/maths/illegal.html Your point? -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
[EMAIL PROTECTED] writes: > On Wed, 20 Jun 2007, Michael Poole wrote: > >> [EMAIL PROTECTED] writes: >> >>> if the GPL can excercise control over compilations, then if Oracle >>> were to ship a Oracle Linux live CD that contained the Oracle Database >>> in the filesystem image, ready to run. then the GPL would be able to >>> control the Oracle Database code. >> >> By copyright law, it could. By its language, it does not. > > many people (including many lawyers will disagree that it could by > copyright law On what grounds would Oracle have a license to ship that part of Linux? Unless you are the sole copyright owner, you have no right to copy a given piece of software _at all_ without a license. The GPL is a remarkably giving license in terms of how little it requires. (This potentially wide scope is one of the major reasons that the GPL mentions "mere aggregation" and that the Debian Free Software Guidelines' include guideline #9.) >>> if the GPL can't do this then it can't control the checksum either. >>> >>> again, it's not just the kernel that's part of the checksum on a tivo, >>> the checksum is over the kernel + initial filesystem, much of which >>> contains code not covered by the gPL) >> >> Again, did you miss where I pointed out that this makes it *worse* for >> Tivo, because they are tying together -- and making inseparable -- a >> combination that would otherwise be "mere aggregation"? > > and it makes most distro CD's illegal since they contain code under > different incompatible licenses and they make a checksum across the > entire CD image. When distributions generate checksums (as opposed to signatures) over images, they do provide all of the inputs. When most distributions provide signatures, the signatures do not function as statements or instructions to computers -- they function as statements to users. Tivo's digital signatures differ in both of these respects. Michael Poole - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 20, 2007, [EMAIL PROTECTED] wrote: > but the signature isn't part of the kernel, and the code that checks > the signature is completely independant. Well, then remove or otherwise mangle the signature in the disk of your TiVo DVR and see at what point the boot-up process halts. -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Wed, 20 Jun 2007, Michael Poole wrote: [EMAIL PROTECTED] writes: if the GPL can excercise control over compilations, then if Oracle were to ship a Oracle Linux live CD that contained the Oracle Database in the filesystem image, ready to run. then the GPL would be able to control the Oracle Database code. By copyright law, it could. By its language, it does not. many people (including many lawyers will disagree that it could by copyright law if the GPL can't do this then it can't control the checksum either. again, it's not just the kernel that's part of the checksum on a tivo, the checksum is over the kernel + initial filesystem, much of which contains code not covered by the gPL) Again, did you miss where I pointed out that this makes it *worse* for Tivo, because they are tying together -- and making inseparable -- a combination that would otherwise be "mere aggregation"? and it makes most distro CD's illegal since they contain code under different incompatible licenses and they make a checksum across the entire CD image. David Lang - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Jun 20, 2007, Linus Torvalds <[EMAIL PROTECTED]> wrote: > And anybody who thinks others don't have the "right to choice", and then > tries to talk about "freedoms" is a damn hypocritical moron. Yeah, it is indeed possible to twist it such that it sounds bad. The important point is that one's freedom ends where another's starts. Unlimited freedom would be freedom to trample over others' freedoms too, and that's not right. That's why freedom of choice has to be used with care. Even fundamental human rights sometimes clash with each other. We don't fight for the freedoms as goals in themselves. We fight for them because we understand they're essential for the common good. -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ FSF Latin America Board Member http://www.fsfla.org/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
[EMAIL PROTECTED] writes: > if the GPL can excercise control over compilations, then if Oracle > were to ship a Oracle Linux live CD that contained the Oracle Database > in the filesystem image, ready to run. then the GPL would be able to > control the Oracle Database code. By copyright law, it could. By its language, it does not. > if the GPL can't do this then it can't control the checksum either. > > again, it's not just the kernel that's part of the checksum on a tivo, > the checksum is over the kernel + initial filesystem, much of which > contains code not covered by the gPL) Again, did you miss where I pointed out that this makes it *worse* for Tivo, because they are tying together -- and making inseparable -- a combination that would otherwise be "mere aggregation"? Michael Poole - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On Wed, 20 Jun 2007, Michael Poole wrote: David Schwartz writes: However, compilations (even to the extent they are creative combinations) are not necessarily derivative works of their elements. For more details, see http://www.copyright.gov/circs/circ14.html#compilations Because compilation copyrights don't really affect the Tivo and GPLv2/GPLv3 issue, I tend to ignore them when discussing that subject. If you think I'm wrong and there is some relationship between them, please let me know. I admit I may not have given that possibility enough thought. I believe compilation copyrights do bear on GPL-licensed software, by virtue of the GPL's sentence "[...] rather, the intent is to exercise the right to control the distribution of derivative _or collective_ works based on the Program." (emphasis added). There is a lot of grey and/or arguable area about what constitutes a GPL-encumbered collective work versus mere aggregation. Although I disagree, I understand and respect that some believe that the kernel plus a digital signature over it is "mere aggregation". I would like to focus the discussion on that question, though, rather than whether the GPL is worded to control the rights to compilations-in-general that include GPLed works. if the GPL can excercise control over compilations, then if Oracle were to ship a Oracle Linux live CD that contained the Oracle Database in the filesystem image, ready to run. then the GPL would be able to control the Oracle Database code. if the GPL can't do this then it can't control the checksum either. again, it's not just the kernel that's part of the checksum on a tivo, the checksum is over the kernel + initial filesystem, much of which contains code not covered by the gPL) David Lang - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
David Schwartz writes: >> There is a lot of grey and/or arguable area about what constitutes a >> GPL-encumbered collective work versus mere aggregation. > > I think it's technically/legally clear what the standards are, but certainly > arguable whether particular works meet that standard. If the choice of works > to combine is sufficiently creative (above and beyond any choices dictated > by functional considerations), it's a GPL-encumbered collective work. > > I don't think it's arguable that a signature shipped along with a binary is > a collective work. In any event, if that were true, I think we should be > able to agree that Linus would be required to release his kernel signing > keys. The distinction between GPL-covered works and "mere aggregation" is not a function only of legal classifications. If it were, the GPL would be worded differently than it is -- and have different effects than most people believe it does. Michael Poole - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
RE: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
> I believe compilation copyrights do bear on GPL-licensed software, by > virtue of the GPL's sentence "[...] rather, the intent is to exercise > the right to control the distribution of derivative _or collective_ > works based on the Program." (emphasis added). Ahh, good. So there's no problem with the GPL. I already thought it the most sensible reading that it included collective works (and it's clear that it can legally do so), but that makes it clear. I didn't mean that compilation copyrights have no relevance to GPL issues in general, just none to the issue of GPLv2 versus GPLv3 and Tivoization. Are you going to argue that there's a compilation copyright justified by combining a kernel binary with a signature for that binary? That seems untenable to me. > There is a lot of grey and/or arguable area about what constitutes a > GPL-encumbered collective work versus mere aggregation. I think it's technically/legally clear what the standards are, but certainly arguable whether particular works meet that standard. If the choice of works to combine is sufficiently creative (above and beyond any choices dictated by functional considerations), it's a GPL-encumbered collective work. I don't think it's arguable that a signature shipped along with a binary is a collective work. In any event, if that were true, I think we should be able to agree that Linus would be required to release his kernel signing keys. > Although I > disagree, I understand and respect that some believe that the kernel > plus a digital signature over it is "mere aggregation". It clearly is. What else could it be? The digital signature is a separate item, a pure number for which there is no copyright interest, that is simply appended to the kernel. It does not contain significant protected elements of the kernel. No creative process is used to generate it or attach it. The decision to append is dictated by purely functional considerations (nobody creatively picks which signature to bundle with which kernel). > I would like > to focus the discussion on that question, though, rather than whether > the GPL is worded to control the rights to compilations-in-general > that include GPLed works. If the kernel plus a digital signature over it is not mere aggregation, then Linus is violating the GPL by shipping kernel plus digital signatures but not including the "source code" to produce the signatures. If the ridiculousness of that is not sufficiently obvious, I'm not sure what else to say. Where is the outcry that Linus is keeping his signing key secret, failing to include the source code that he used to build the Linux kernel distibution? The past few times this has come up, every possible irrelevent side issue was raised. For example, that the signature in the case of Linux is not functional. These considerations do not have anything to do with whether the combination is mere aggregation or not. Ironically, this case is even clearer than linking. The two works are quite literally stapled together. There is no intermingling at all. DS - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
David Schwartz writes: >> However, compilations (even to the extent they are creative >> combinations) are not necessarily derivative works of their elements. >> For more details, see >> http://www.copyright.gov/circs/circ14.html#compilations > > Because compilation copyrights don't really affect the Tivo and GPLv2/GPLv3 > issue, I tend to ignore them when discussing that subject. If you think I'm > wrong and there is some relationship between them, please let me know. I > admit I may not have given that possibility enough thought. I believe compilation copyrights do bear on GPL-licensed software, by virtue of the GPL's sentence "[...] rather, the intent is to exercise the right to control the distribution of derivative _or collective_ works based on the Program." (emphasis added). There is a lot of grey and/or arguable area about what constitutes a GPL-encumbered collective work versus mere aggregation. Although I disagree, I understand and respect that some believe that the kernel plus a digital signature over it is "mere aggregation". I would like to focus the discussion on that question, though, rather than whether the GPL is worded to control the rights to compilations-in-general that include GPLed works. Michael Poole - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
RE: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
> By "creative combination" do you mean what US copyright law refers to > as compilations (or their subset collective works)? Not only. By "creative combination" I mean either a compilation or a derivative work. I was a bit unclear about that because I wasn't really addressing compilation rights at the time. For example, if you adapt a FreeBSD driver to work on Linux, you may be creatively combining aspects of the driver with code from the kernel. The result is one that you have copyright interest in because it is a derivative work but probably not a compilation copyright. The choice of one driver and one OS, where the goal is to make the driver work on the OS, probably is not sufficiently creative to justify a compilation copyright. However, this is clearly not mere aggregation if significant changes are needed to make the driver work with Linux. > Compilations can be creative combinations while still being mere > aggregation under the GPL. For example, if applications are selected > to run with a Linux kernel, and they are distributed together, the > collection is a creative selection -- and this seems to be one of the > cases evoked by the GPL's reference to "mere aggregation". See also > practically every Linux distribution on the planet. You are quite correct. In this case, the GPL may not require you to license the compilation copyright. I believe this is so even if all the works are covered by the GPL. Arguably, that's a defect in the GPL because it means there might be situations in which you might receive a CD that contains only GPL'd software and not be able to redistribute it due to a compilation copyright. I honestly have no position on whether "mere aggregation" should include aggregating works where there is sufficient creative input to justify a compilation copyright on the result. I think either position can be argued. I think the intent of the GPL was probably that mere aggregation not include compilation rights because that leads to strange results. I don't know of any evidence that compilation rights were considered when the GPL was written. If so, the deliberate lack of mention might weigh in the balance. > Compilations also can be creative combinations and *more* than mere > aggregation: for example, Linux with respect to its subsystems, or any > case where a larger work is derivative of one of its components. Of course. If I write a Linux kernel module, it might be a derivative work because it contains significant portions of the Linux kernel source code. This is true before anyone compiles it or links it. When I say linking cannot create a derivative work, I mean assuming the work was not derivative in the first place. I am also further assuming there is insufficient creativity in the choice of which works to link to justify a compilation copyright. > However, compilations (even to the extent they are creative > combinations) are not necessarily derivative works of their elements. > For more details, see > http://www.copyright.gov/circs/circ14.html#compilations Because compilation copyrights don't really affect the Tivo and GPLv2/GPLv3 issue, I tend to ignore them when discussing that subject. If you think I'm wrong and there is some relationship between them, please let me know. I admit I may not have given that possibility enough thought. DS - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
David Schwartz writes: >> Most of this list has >> already dismissed your rather unique -- I would even say frivolous -- >> idea of how far "mere aggregation" goes: I, for one, have better >> things to do than explain why a C file is not a "mere aggregation" of >> the functions it contains.) >> >> Michael Poole > > Of course it's not mere aggregation. The functions in a C file are > creatively combined. How many times do I have to say that the opposite of > "mere aggregation" is creative combination? > > It is not unique, it is part of the definition of a "derivative work". By "creative combination" do you mean what US copyright law refers to as compilations (or their subset collective works)? Compilations can be creative combinations while still being mere aggregation under the GPL. For example, if applications are selected to run with a Linux kernel, and they are distributed together, the collection is a creative selection -- and this seems to be one of the cases evoked by the GPL's reference to "mere aggregation". See also practically every Linux distribution on the planet. Compilations also can be creative combinations and *more* than mere aggregation: for example, Linux with respect to its subsystems, or any case where a larger work is derivative of one of its components. However, compilations (even to the extent they are creative combinations) are not necessarily derivative works of their elements. For more details, see http://www.copyright.gov/circs/circ14.html#compilations Michael Poole - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On 6/20/07, Dave Neuer <[EMAIL PROTECTED]> wrote: On 6/20/07, Tomas Neme <[EMAIL PROTECTED]> wrote: > > I'm about this far to Linus'izing my wording and calling you stupid, > hypocrite, or bullshitter Knock yourself out, it will no doubt lend much moral and logic weight to your rhetoric. I might not have the best rhetoric, but I still hold my point about the credit card. Ask yourself: are you going to complain about Firefox (GPL'ed) not passing information unencrypted because it stops potential users (crackers ARE users) from doing what they want to with it? What's a security issue and what's not is a matter of legality and it's each part's duty to enforce legality in every way they can (I'm not saying that I agree, I'm an anarchist, but it's just how it goes). The content providers do it by not allowing DVRs to work if they're not secure, and DVRs are secure by doing whatever is legally possible to avoid crackers from bypassing security measures. On the other hand is legal for you to bypass those security measures as long as you don't make illegal use of those bypasses. The kernel TiVo distributes works on TiVo boxes, The kernel modified by you, is no longer the kernel TiVo distributes, and therefore the key that the original kernel had no longer applies to it. Try running your TiVo kernel on a PC, I think you won't be able to without a lot of modification.. and then again, once you do the proper modifying, you will be able to use it on your multimedia computer, and use all of the wonderful things you DIE to be able to modify the TiVo kernel for.. If you modify your TiVo kernel and say make it so it doesn't have an IDE controller module anymore, you won't be able to run it on your TiVo either.. at least not in any useful way, and would you be complaining? And someone said this already, if the signature is created via a known algorithm, and only the key isn't provided, saying that that's not GPLv2 compliant is like saying that I can't publish investigation work that was produced sharing via a secured network unless I also publish the SSH key I used through investigation, or the original value of the srand() if the investigation relied on random number generation, because the exact same results won't be reproducible. T -- |_|0|_| |_|_|0| |0|0|0| - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On 6/20/07, David Schwartz <[EMAIL PROTECTED]> wrote: > This argument is the obvious nonsense. "Runs on TiVO" is a property of > the software that TiVO distributes -- such an important property that > it would be nonsensical for them to distribute it with their hardware. > But they do distribute it, and only the GPL allows them to. Why does the importance of the property matter to the validity of the argument? From a legal standpoint, perhaps you're right, it doesn't matter what the function is. From a moral standpoint it should be obvious to you that "runs on TiVO" is TiVO's sole motivation to distribute the software at all, it is "the software" and arguing that they have an equivalent obligation WRT it as to some incidental thing like Linus' signing key is just preposterous. > > Tivo's choice is an authorization decision. It is similar to > > you not having > > root access to a Linux box. Sorry, you can't run a modified > > kernel on that > > machine, but you can still modify the kernel and run it on any hardware > > where authorization decisions don't stop you from doing so. The GPL was > > never about such authorization decisions. > Says judge Schwartz. Oops. That's right, you're not a judge in any > legal jurisdiction, nor an author of the GPL. Nice argument. I'm wrong because people can disagree with me. No, in this case you are wrong because absent authority to decide the meaning from a dispositive legal standpoint (the law says the license means this) or knowledge of the intent of the author of the GPL (I the author intended it to mean this), your statement that the GPL was "never about" "such decisions" is meaningless, AFAICT. DS Dave - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On 6/20/07, Tomas Neme <[EMAIL PROTECTED]> wrote: I'm about this far to Linus'izing my wording and calling you stupid, hypocrite, or bullshitter Knock yourself out, it will no doubt lend much moral and logic weight to your rhetoric. Dave - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
RE: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
> Most of this list has > already dismissed your rather unique -- I would even say frivolous -- > idea of how far "mere aggregation" goes: I, for one, have better > things to do than explain why a C file is not a "mere aggregation" of > the functions it contains.) > > Michael Poole Of course it's not mere aggregation. The functions in a C file are creatively combined. How many times do I have to say that the opposite of "mere aggregation" is creative combination? It is not unique, it is part of the definition of a "derivative work". DS - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
RE: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
> This argument is the obvious nonsense. "Runs on TiVO" is a property of > the software that TiVO distributes -- such an important property that > it would be nonsensical for them to distribute it with their hardware. > But they do distribute it, and only the GPL allows them to. Why does the importance of the property matter to the validity of the argument? > Linus' key is not required to use the software Linus distributes under > the GPL, by contrast. Why does whether or not the key is required to use the software matter? It may be impossible to use a Linux kernel on a particular piece of hardware without the BIOS, that doesn't mean the BIOS source code is part of the kernel source code even if the kernel is shipped for that hardware. > > Tivo's choice is an authorization decision. It is similar to > > you not having > > root access to a Linux box. Sorry, you can't run a modified > > kernel on that > > machine, but you can still modify the kernel and run it on any hardware > > where authorization decisions don't stop you from doing so. The GPL was > > never about such authorization decisions. > Says judge Schwartz. Oops. That's right, you're not a judge in any > legal jurisdiction, nor an author of the GPL. Nice argument. I'm wrong because people can disagree with me. DS - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
David Schwartz writes: >> I do not say that the BIOS is doing anything (legally) wrong. The >> wrong act is distributing the binary kernel image without distributing >> complete source code for it. > > Why are you not complaining that Linus does not distribute the keys he uses > to sign kernel source distributions? If a digital signature is part of the > distribution, why is the key used to produce that signature not part of the > distribution? > > If you can cite some legal reason there is a difference, I would be quite > impressed. > > In any event, the argument is obvious nonsense. The signature is merely > aggregated with the kernel. Cooperation, dependent function, and convergent > design can't break mere aggregation or you get ridiculous results. (For > example, a device shipped with the Linux kernel and some applications would > have to GPL all the applications.) Do you make it a habit to pose ranty questions to people while neither attributing their text nor cc'ing them? Especially when you claim the person's argument is "obvious nonsense", it seems quite rude. (Since you have dismissed my argument as nonsense before hearing my response, I will not bother answering your question. Since you are acting like a troll, I will dismiss you as one. Most of this list has already dismissed your rather unique -- I would even say frivolous -- idea of how far "mere aggregation" goes: I, for one, have better things to do than explain why a C file is not a "mere aggregation" of the functions it contains.) Michael Poole - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On 6/20/07, David Schwartz <[EMAIL PROTECTED]> wrote: > Tomas Neme writes: > > I have been following this discussion for the last week or so, and > > what I haven't been able to figure out is what the hell is the big > > deal with TiVO doing whatever they want to with their stupid design. > > They made a design, they build a machine, they sell it as is, and > > provide source code for GPL'ed software... what's your problem? > It's simple: they don't provide _complete_ source code. They keep the > source code for the part of their Linux kernel images that provides > the functionality "runs on Tivo DVRs". The GPL requires that > distributors of binary versions provide complete source code, not just > the parts of source code that are convenient. > > Michael Poole That leads to lots of obvious nonsense unless you fix it with all kinds of made up ad-hoc changes just to get the result you want. Why doesn't Linus have to release the keys he uses to sign the Linux kernel source distributions? That provides the functionality "can be proven to be authorized by Linus". What you call "runs on Tivo DVRs", I call "can be proven to be authorized by Tivo to run on Tivo DVRs". This argument is the obvious nonsense. "Runs on TiVO" is a property of the software that TiVO distributes -- such an important property that it would be nonsensical for them to distribute it with their hardware. But they do distribute it, and only the GPL allows them to. Linus' key is not required to use the software Linus distributes under the GPL, by contrast. Tivo's choice is an authorization decision. It is similar to you not having root access to a Linux box. Sorry, you can't run a modified kernel on that machine, but you can still modify the kernel and run it on any hardware where authorization decisions don't stop you from doing so. The GPL was never about such authorization decisions. Says judge Schwartz. Oops. That's right, you're not a judge in any legal jurisdiction, nor an author of the GPL. Dave - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
RE: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
> I do not say that the BIOS is doing anything (legally) wrong. The > wrong act is distributing the binary kernel image without distributing > complete source code for it. Why are you not complaining that Linus does not distribute the keys he uses to sign kernel source distributions? If a digital signature is part of the distribution, why is the key used to produce that signature not part of the distribution? If you can cite some legal reason there is a difference, I would be quite impressed. In any event, the argument is obvious nonsense. The signature is merely aggregated with the kernel. Cooperation, dependent function, and convergent design can't break mere aggregation or you get ridiculous results. (For example, a device shipped with the Linux kernel and some applications would have to GPL all the applications.) DS - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
[EMAIL PROTECTED] wrote: On Wed, 20 Jun 2007, Alexandre Oliva wrote: Subject: Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3 On Jun 20, 2007, Andrew McKay <[EMAIL PROTECTED]> wrote: However, I don't see how this would ever require a company like Tivo or Mastercard to have their networks play nice with a unit that has been modified by the end user, potentially opening up some serious security holes. Which is why the GPLv3 doesn't make the requirement that you stated. so if the BIOS checked the checksum of the boot image and if it found it wasn't correct would disable the video input hardware but let you boot the system otherwise it would be acceptable to you and the GPLv3? somehow I doubt it, but that's what it would take to prevent modified software from interacting with their networks (remembering that these networks are the cable and satellite networks in some cases) it also seems that if this was the case it would be a trivial work-around for the GPLv3 if it was acceptable. That is exactly where I was going with that. A trivial work around in the Tivo case. I guess GPLv4 will have to close up that hole? Andrew McKay - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Alexandre Oliva wrote: On Jun 20, 2007, Andrew McKay <[EMAIL PROTECTED]> wrote: However, I don't see how this would ever require a company like Tivo or Mastercard to have their networks play nice with a unit that has been modified by the end user, potentially opening up some serious security holes. Which is why the GPLv3 doesn't make the requirement that you stated. So if it's not a requirement of the GPLv3, then Tivo could deny content based signing the binary image of the Linux kernel and using that signature as authentication on their network (or their content providers network). A modified Tivo box would not be able to preform it's original task of being a PVR at that point, at least with the content provider's signal. Seems pretty pointless to me. Seems like almost the same thing as not allowing an unsigned Linux kernel to boot on the system. Though it would still be possible to get the Tivo box to play tetris or something like that. Andrew McKay - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
On 6/20/07, Tomas Neme <[EMAIL PROTECTED]> wrote: Why, if you let user-compiled kernels to run in a TiVo, it might be modified so the TiVo can be used to pirate-copy protected content, 1) It may be far more likely that in the majority of cases it will be modified with the intent to allow functionality which has no bearing on copyrighted entertainment copyright or which is permitted under the Fair Use doctrine. Neither you, nor I, nor anyone else on the list knows whether that is the case. 2) There are far easier ways to pirate copyrighted entertainment content (like buy the discs, professional duplicating hardware, and just dup them) which I would wager is what actual pirates do 99% of the time which is a serious security hole. If you are a content company it's a security hole, if you are a TiVO owner, it's a feature. Dave - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/