Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3

Alan Cox wrote:
Secondly GPLv3 will cause companies like TIVO, router companies, security companies to not adopt Linux as an operating system, because they can't secure their system. Placing code in a ROM so they can't upgrade their own systems is

You've made an important mistake. You said "their system". Now its "our
code" and "whoever bought the units' hardware" so it isn't their anything.

Yes, the hardware belongs to the user, and the software belongs to the Linux community. However I think I wasn't 100% clear, I also mean keeping companies networks and content secured. Credit card companies insuring the software hasn't been modified to skim cards (not that it's the only way to skim a card), or Tivo making sure that their content providers are protected. Lets look at the credit card example. Sure the user could modify the system and boot their own kernel, but it doesn't have to play nice with Mastercard's network anymore. Or better yet, would actually report that a certain business's card reader had been tampered with.

You've made a second mistake I think by assuming that vendor held keys
"improve" security and must be vendor held and secret for it to work. In
fact vendor owned key systems that cannot be changed usually reduce

There are very very good reasons for having vendor owned secret keys.
There are also very very good reasons for being able to rekey or disable
the key on your box.

Ask people whose product vendor went bankrupt. With the ability to
override/replace the keys they could have maintained their system
securely instead they could make no updates and the boxes were left

I do see what you're saying here, and I can see how this is a problem. However what is the solution? Sure having the system open for users to replace software and tinker is great. It's how I got into engineering. I can also appreciate the ability for the end user to fix and continue to use a system long after a vendor goes out of business. However, I don't see how this would ever require a company like Tivo or Mastercard to have their networks play nice with a unit that has been modified by the end user, potentially opening up some serious security holes. From what I understand this would still violate GPLv3 because the system could no longer preform the task it was designed to do with modified code, but maybe I have misunderstood.

Andrew McKay

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at

Relevant Pages

  • Touch screen ET&T on Clevo tn120r
    ... vendor = 'Intel Corporation' ... CardVendor 0x1558 card 0x0122 ... STATUS 0x2090 COMMAND 0x0106 ...
  • Fwd: Evil trouble (Am1772/PQP-WP288P)
    ... The card itself is labelled,,NetVision 802.11b''. ... vendor = 'Intel Corporation' ... device = '82443MX USB Universal Host Controller' ...
  • Evil trouble (Am1772/PQP-WP288P)
    ... The card itself is labelled,,NetVision 802.11b''. ... vendor = 'Intel Corporation' ... device = '82443MX USB Universal Host Controller' ...
  • Re: Organizer
    ... making card payments in shops etc. ... usually waived if you've been normally careful and secure ... are making payments, your bank and/or card supplier will ...
  • RSA implementation, please comment.
    ... SYNOPSIS: Is Crypt::RSA secure acceptable in open source if the ... private key password is in a browser cookie? ... The client asked me to devise "a secure way to save credit card ...