Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3

From: Ingo Molnar
Date: Fri Jun 15 2007 - 04:03:31 EST

* Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote:

> On Thu, 14 Jun 2007, Michael Poole wrote:
> >
> > If the DRM signature and program executable are coupled such that
> > they are not useful when separated, the implication to me is that
> > they form one work that is based on the original Program. This is
> > beyond the GPL's permission for "mere aggregation".
> So you want to make things like a 160-bit SHA1 hash of a binary be a
> "derived work" of that software?
> Trust me, you *really* don't want to go there. It's an insane legal
> standpoint, and if you were right, we'd be in a *world* of trouble.
> Think about something as simple as security software that creates
> filesystem checksums for verifying the integrity of the filesystem,
> and protects against tampering.
> Do you *really* want to claim that the SHA1 checksum of your "oracle"
> binary is owned by Oracle, and you need to have a special license to
> copy that checksum around and verify it?

not only that, but it would instantly turn everyone who owns a hard
drive or a CD-ROM into a copyright violator: the disks checksums the
content of the disk _in a reversible way_. Same for RAID5 and RAID6
techniques. By installing Quake3 on a Windows box one sure does not have
permission to create a derived work of Windows and Quake3, right? =B-)

a checksum, a one-way hash, or even reversible parity bit(s) that
'mixes' the copies of multiple works together clearly cannot be new work
that falls under copyright protection.

Firstly, it is not a new work, because a 'work' has to be created by a
human - and here the new content was created by a machine. Copyright
protection only applies to sufficiently original works created by

Secondly, it is _at most_ a new, partial copy of existing works and
hence you need the permission to copy all the works in question. (but
you needed that permission to create the harddisk anyway)

Thirdly, it could be argued that the sha1 is not even a copy, because it
is irreversible and hence not even a single bit of the original work can
be reconstructed from it hence it cannot even be a 'partial copy of the

that's at least 3 robust levels of argument against the insane and
absurd notion that the SHA1 key is somehow a derived work of the copy it

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at