Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3

From: Florin Malita
Date: Fri Jun 15 2007 - 17:17:47 EST

On 06/15/2007 02:30 PM, Michael Poole wrote:
Florin Malita writes:

On 06/15/2007 12:18 PM, Michael Poole wrote:
Yes. If I cut a book in half and store the halves separately, does
the second half become an independent work?
Except in this case you're not touching the book at all. If you write
a review for a book (much better analogy methinks), then your review
is obviously not an integral part of the book even though it's based
on its content.

Extremely poor analogy. I do not distribute my review with the book.

But you do (because I say so ; ), and guess what? It makes no difference: your review is not a derivative work anymore than it was before.

Someone buying the book is able to use the book just fine (for the
purpose for which it was sold) without my review. They need neither
my review nor other modifications before the book becomes readable.

Exactly. So what's your difficulty in downloading the Tivo code, reading it and re-using it in your own projects, on your other devices? How is the missing signing key preventing you from doing any of that?

Someone buying the book may be free to read it anywhere but if they insist on reading it at your table you may sensibly require they bring a copy of your review with them (to prove their genuine interest ; ). Failure to comply only means they have to read the book someplace else. Can they read the book? Sure. Can they read it at your table? Only if you choose to allow them.

As Ingo said, you need either the digital signature or other changes
before a Tivo kernel image will load.

GPLv2 guarantees that the book remains readable. It does not grant you (doesn't even try) the right to execute a modified copy on any particular piece of hardware. Your kernel is perfectly functional on any platform that supports it - it just so happens that the Tivo device does not support it.

Being an integral part (as in combined or derived work) has nothing to
do with usability. There are many other bits and pieces your
executable needs in order to function properly (or at all) but that
doesn't make your CPU microcode & electricity provider an integral
part of the program, does it?

No. Those are independent works.

So is a digital signature. Again, are you arguing the digital signature is a derivative work?

Luckily, it doesn't really matter what you or I think that
"integral-ness" means, all it matters is how copyright law defines a
"derivative work" and whether a cryptographic hash is such a
thing. Now are you seriously arguing that a hash is a derivative work?

No. I explained this before. Try reading the thread and the GPL. I
am not sure where people get the (wrong) idea that the GPL only
concerns itself with "derivative work[s]".

I guess you'll have to explain again because copyright law and its definition of derivative works are the things that make the GPL work:

"0.This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law".

What I can't find though is any reference to "integral parts" or your taken-for-granted right to run a modified copy of the program on the same device used for distribution (or any mention of functionality at all for that matter). Actually: "Activities other than copying, distribution and modification are not covered by this License; they are outside its scope".

On top of this, in the Tivo
case the two are distributed together, and even part of the same file.
It's mere aggregation, but it's totally irrelevant because they could
just as easily change their approach.

If and when they do, I'll consider the rules that might apply. Until
then, it is fairly stupid to try to defend Tivo by saying they *might*
do something they currently don't, and if they did, they *might* have
a defense that they currently don't.

But you're missing the whole point: the rules are the same, nothing changes! You are drawing an artificial distinction between the two cases and focusing on aggregation, which is totally irrelevant: either the digital signature is a derivative work or it isn't, and in either case its distribution method makes no difference in the world.

The reason I brought up the separate-signature example is to illustrate just how ridiculous is to think of the signature keys as source files: you can implement an equivalent DRM system without ever modifying the kernel blob. Only difference is the channel used for signature distribution, and I hope you won't argue that mere aggregation changes its nature.

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at