Greg KH wrote:
>On Sun, Sep 23, 2001 at 08:17:19PM -0700, Crispin Cowan wrote:
>
>>Actually yes, I vehemently object to this change.
>>
>Why? Don't you think that security modules that are loaded by your
>kernel should be open source?
>
I think that code (especially security code) can be more secure if the
source is available. Further, open source code can grow better through
the ability of community developers to improve features and fix bugs.
But what this change does is impose a singular license on security
modules (GPL).
The principle behind GPL'ing kernel contribs is that they are a derived
work of the kernel. The reason that loadable modules are not subject to
the GPL is that they are using an explicit interface, and thus (like
applications) are not derived from the kernel, but rather simply depend
on it.
I see no reason why LSM should deviate from this path. It is nice to
encourage open sourcing of LSM modules, but it is not nice to enforce
one particular license. It is also not constructive to exclude
proprietary security modules, just as it is not constructive to exclude
closed source device drivers.
So no, mandatory GPL for LSM modules is not even close to acceptable.
Perhaps we should LGPL the security.h. Does that create problems?
* It keeps security.h compatible with the kernel.
* It prevents outright hijacking of security.h
* It permits arbitrary licensing of applications (modules) that use
LSM. I think :-)
Crispin
--
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc. http://wirex.com
Security Hardened Linux Distribution: http://immunix.org
Available for purchase: http://wirex.com/Products/Immunix/purchase.html
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Sun Sep 23 2001 - 21:13:53 PDT