Re: License go no go?

From: Crispin Cowan (crispinat_private)
Date: Sat Oct 26 2002 - 19:24:36 PDT

  • Next message: Stephen Smalley: "Re: License go no go?"

    Dragan Stancevic wrote:
    
    >On Friday 25 October 2002 23:38, Greg KH wrote:
    >  
    >
    >>There are also a number of Linux programmers, with copyrights on either
    >>the security.h file, or the code where the LSM hooks that have publicly
    >>stated that they would sue any makers of proprietary LSM modules.
    >>    
    >>
    >
    >Well what about the instance of writing your own headers? I've been working 
    >with driving hardware mostly so I am thinking of an example where a specific 
    >piece of hardware stores a specific structure in memory:
    >struct {
    >	u32 cmd;
    >	u32 status;
    >};
    >
    For the header issue:
    
        * For an LSM header file to work, it would have to describe a layout
          exactly compatible with the layout LSM uses. That would tend to
          make your header file a derivative of the GPL'd header file. Thus
          some people think your work would be a derived work, and thus be
          tainted.
        * Other people think that #include does not a derived work make
          (because it just describes an interface, not code) so you should
          just go use the stock LSM headers. Caveat: be sure to
          remove/reimplement any macros or inline functions in the header.
    
    These opinions directly conflict, hence the controversy
    
    On the GPL_EXPORT issue:
    
        * Some people think that the GPL_EXPORT symbol clearly indicates
          that any code that uses this hook is a derived work of the kernel.
        * Some other people think that GPL_EXPORT constitutes an illegal
          extension of the GPL rights you have in the Linux kernel (which
          the GPL itself prohibits). Consider a HW vendor who distributes
          ONLY module code and no Linux kernels at all; what are you going
          to do to them? Revoking their right to distribute Linux is hardly
          a threat.
    
    These opinions also conflict, hence the controversy.
    
    >Would that make l-k programmers liable because drivers for windows existed 
    >first? As it was explained to me by a lawyer things that can be done only one 
    >way are not considered derived or infringedupon. It falls under a separate 
    >category.
    >
    IMHO, a pre-existing driver certainly strengthens your case that your 
    code is not derived from Linux.
    
    But you are not out of the woods yet. As Greg pointed out, some of the 
    aforementioned people have publicly promised to sue anyone who they 
    think violates the GPL license on their code. So no matter how strong 
    you think your case is, you may end up having to defend it in court.
    
    Obligitory caveat: I am not a lawyer, get your own legal advice.
    
    Crispin
    
    -- 
    Crispin Cowan, Ph.D.
    Chief Scientist, WireX                      http://wirex.com/~crispin/
    Security Hardened Linux Distribution:       http://immunix.org
    Available for purchase: http://wirex.com/Products/Immunix/purchase.html
    
    
    
    

    _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module



    This archive was generated by hypermail 2b30 : Sat Oct 26 2002 - 21:16:24 PDT