Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3

From: david
Date: Fri Jun 15 2007 - 14:05:19 EST

Next message: Geert Uytterhoeven: "Re: [patch 4/6] ps3: Disk Storage Driver"
Previous message: Lennart Sorensen: "Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3"
In reply to: Linus Torvalds: "Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3"
Next in thread: David Greaves: "Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 15 Jun 2007, Linus Torvalds wrote:

Now, by your own logic, let's look at what that means for the license.
Should we write into our copyright license that you cannot try to find
security holes? Would that be a good addition to the GPLv2?

Now, I stated that in a way where the answer is obvious: that would be a
*horrible* addition to the GPLv2. I think everybody can agree on that. It
would be really stupid to say "you cannot look for security holes" just
because *some* people who do it are bad.

Now, think about that for a moment, and then go back to your question
about whether Tivo is bad for the community, and whether being bad for the
community should mean that the license should be written to say "go away
and don't use future improvements to our software".

See where I'm trying to take you?

I think that even people who *do* think that what Tivo did was "bad",
should think very deeply about the issue whether you should try to lock
out "bad uses" in your license. Yes, the answer may be "yes, you should".
But I'm arguing that the answer _may_ also be: "No, you shouldn't, becasue
it turns out that you might lock out _good_ people too".

So in my cracker/spammer example, by trying to lock out the bad people,
the obvious (and _stupid_ - don't get me wrong, I'm not at *all*
suggesting anything like that should ever be done) license addition of
"don't expose security problems" actually just causes more problems than
it solves (if it solves anything at all - really bad people don't actually
tend to even care about the license!).

It makes it harder for *valid* uses of security problem discovery. It
makes it potentially illegal to try to do security research. And don't
tell me stupid licenses and laws like that don't happen: people really
*do* make these kinds of shortsighted decisions, to "protect" themselves
from bad people.

in fact there was news in the last week or two about a law in Germany that does exactly this. it outlaws all programs that can be used for hacking systems.

David Lang

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Geert Uytterhoeven: "Re: [patch 4/6] ps3: Disk Storage Driver"
Previous message: Lennart Sorensen: "Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3"
In reply to: Linus Torvalds: "Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3"
Next in thread: David Greaves: "Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]