Re: GPL V3 and Linux - Dead Copyright Holders

From: Simon Oosthoek
Date: Sat Jan 28 2006 - 15:51:22 EST


On Sat, January 28, 2006 5:39, Linus Torvalds said:
>
>
> On Fri, 27 Jan 2006, Simon Oosthoek wrote:
>>
>> I'm not sure this is the correct interpretation of the current draft. I
>> assume you're referring to this part:
>>
>> [ snipped ]
>
> Yes.
>
>> I'd interpret that as forcing people who try to hide their code or make
>> it difficult to get at the source code to not be able to do that.
>
> IF that is the legal interpretation, then yes, I'd agree with you. And no,
> I'm not a lawyer. However, the way I read it, it's not about just not
> being able to hide the object code - it's fundamentally about being able
> to replace and run the object code.

After some more reading and thinking, I agree with your interpretation.

> I may indeed be reading it wrong, but I don't think I am. It explicitly
> says "install and/or execute".
>
> So I think it says that if I have a private signing key that "enables" the
> kernel on some hardware of mine, GPLv3 requires that private key to be
> made available for that hardware. Note how that is tied to the _hardware_
> (or platform - usualyl the checking would be done by firmware, of course),
> not the actual source code of the program.
>
> And that's really what I don't like. I believe that a software license
> should cover the software it licenses, not how it is used or abused - even
> if you happen to disagree with certain types of abuse.
>
> I believe that hardware that limits what their users can do will die just
> becuase being user-unfriendly is not a way to do successful business. Yes,
> I'm a damned blue-eyed optimist, but I'd rather be blue-eyed than consider
> all uses of security technology to necessarily always be bad.
>

[snip: you don't like further restrictions on what people do with the
binaries]

I suppose this could be the achilles heel of the GPLv2, when a device
could be running perfectly free software, but the compiled work will only
run when signed with a private key of the manufacturer, this would create
a situation where the user/hacker cannot fix bugs on his own machine,
despite having full access to the source and in principle being able to
fix it. After installing the fixed software on the device it will stop
working.

Of course, a benevolent way of using this is to just check whether a
manufacturer supplied kernel is used for warranty reasons, but I suppose
some manufacturers will choose the simple option of not letting any other
software run on the device.

I suppose I'm not a blue eyed optimist (or brown eyed in my case), I can
see this being a real scenario :-(

Another way to fix this in GPLv3 would probably be to require the hardware
and firmware to allow the modified software to remain functional after
modification (barring newly introduced bugs).

Having said all this, GPLv2 is still a pretty good license, but it seems
there could be a real need for further reducing the likelyhood of (free)
software being locked up by DRM or (software) patents.

Cheers

Simon
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/