On Sun, Sep 23, 2001 at 09:10:14PM -0700, Crispin Cowan wrote: > I think that code (especially security code) can be more secure if the > source is available. Further, open source code can grow better through > the ability of community developers to improve features and fix bugs. > But what this change does is impose a singular license on security > modules (GPL). No it does not. Please see the file module.h in the 2.4.10 kernel tree for a list of the acceptable licenses, like my wording stated. > The principle behind GPL'ing kernel contribs is that they are a derived > work of the kernel. The reason that loadable modules are not subject to > the GPL is that they are using an explicit interface, and thus (like > applications) are not derived from the kernel, but rather simply depend > on it. No, loadable modules are a loophole that Linus has granted (however I do not see anywhere in the kernel documentation that grant.) In order to compile a module, you need to include a kernel header file. Since you are including a GPL header file into your code, your binary _should_ fall under the GPL. Since this is a wonderfully grey area, and hasn't really been tested, all I am trying to do is spell it out explicitly what we want to do. > I see no reason why LSM should deviate from this path. It is nice to > encourage open sourcing of LSM modules, but it is not nice to enforce > one particular license. It is also not constructive to exclude > proprietary security modules, just as it is not constructive to exclude > closed source device drivers. We are not deviating from any path, if security.h were to have this wording, it would not be the only kernel interface in 2.5 that is like that. Arguing if things are constructive are not isn't going to get anywhere. I feel the main reason for Linux's success, over that of the BSD licensed operating systems, is due to the fact that the code could not be taken by a company, modified, and the modifications could be kept from the community (well that reason, plus a lot of others, but I don't want this to degenerate into a BSD/GPL flamewar.) Closed source security modules are much worse in my opinion than closed source device drivers. I feel that security code should be held to a higher standard than device driver, as it is much more important, and as you have stated above, it can be more secure only if it is opened. Since we are providing a framework for security modules to be able to be put into the Linux kernel, I think we should not lessen the required license for them from what is required today (you must publish your code if it modifies the kernel.) > So no, mandatory GPL for LSM modules is not even close to acceptable. Again, I'm not forcing a GPL only license on LSM modules. > Perhaps we should LGPL the security.h. Does that create problems? I would object to this. That would be granting the explicit right for it to be used in closed source binaries. I do not want to grant that explicit right. thanks, greg k-h _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Sun Sep 23 2001 - 22:23:52 PDT