Re: GPL only usage of security.h

From: Greg KH (gregat_private)
Date: Sun Sep 23 2001 - 22:18:40 PDT

  • Next message: Crispin Cowan: "Re: GPL only usage of security.h"

    On Sun, Sep 23, 2001 at 09:10:14PM -0700, Crispin Cowan wrote:
    > I think that code (especially security code) can be more secure if the 
    > source is available. Further, open source code can grow better through 
    > the ability of community developers to improve features and fix bugs. 
    > But what this change does is impose a singular license on security 
    > modules (GPL).
    No it does not.  Please see the file module.h in the 2.4.10 kernel tree
    for a list of the acceptable licenses, like my wording stated.
    > The principle behind GPL'ing kernel contribs is that they are a derived 
    > work of the kernel. The reason that loadable modules are not subject to 
    > the GPL is that they are using an explicit interface, and thus (like 
    > applications) are not derived from the kernel, but rather simply depend 
    > on it.
    No, loadable modules are a loophole that Linus has granted (however I do
    not see anywhere in the kernel documentation that grant.)  In order to
    compile a module, you need to include a kernel header file.  Since you
    are including a GPL header file into your code, your binary _should_
    fall under the GPL.  Since this is a wonderfully grey area, and hasn't
    really been tested, all I am trying to do is spell it out explicitly
    what we want to do.
    > I see no reason why LSM should deviate from this path. It is nice to 
    > encourage open sourcing of LSM modules, but it is not nice to enforce 
    > one particular license.  It is also not constructive to exclude 
    > proprietary security modules, just as it is not constructive to exclude 
    > closed source device drivers.
    We are not deviating from any path, if security.h were to have this
    wording, it would not be the only kernel interface in 2.5 that is like
    that.  Arguing if things are constructive are not isn't going to get
    anywhere.  I feel the main reason for Linux's success, over that of the
    BSD licensed operating systems, is due to the fact that the code could
    not be taken by a company, modified, and the modifications could be kept
    from the community (well that reason, plus a lot of others, but I don't
    want this to degenerate into a BSD/GPL flamewar.)
    Closed source security modules are much worse in my opinion than closed
    source device drivers.  I feel that security code should be held to a
    higher standard than device driver, as it is much more important, and as
    you have stated above, it can be more secure only if it is opened.
    Since we are providing a framework for security modules to be able to be
    put into the Linux kernel, I think we should not lessen the required
    license for them from what is required today (you must publish your code
    if it modifies the kernel.)
    > So no, mandatory GPL for LSM modules is not even close to acceptable.
    Again, I'm not forcing a GPL only license on LSM modules.
    > Perhaps we should LGPL the security.h.  Does that create problems?
    I would object to this.  That would be granting the explicit right for
    it to be used in closed source binaries.  I do not want to grant that
    explicit right.
    greg k-h
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Sun Sep 23 2001 - 22:23:52 PDT