[hsflinux] [PATCH] Blacklist binary-only modules lying about their license

Giuliano Colla copeca at copeca.dsnet.it
Fri Apr 30 22:27:09 EDT 2004 

Carl-Daniel Hailfinger ha scritto:

>Giuliano Colla wrote:
>  
>
>>Linus Torvalds ha scritto:
>>
>>    
>>
>>>On Thu, 29 Apr 2004, Giuliano Colla wrote:
>>> 
>>>      
>>>
>>>>Let's try not to be ridiculous, please.
>>>>        
>>>>
>>>It's not abotu being ridiculous. It's about honoring peoples copyrights.
>>>      
>>>
>>On that ground you're correct.
>>[...]
>>But please do consider a different perspective.
>>
>>I'm an end user.
>>I download a damn Linuxant driver because the manufacturer of the laptop
>>I own has seen fit to use a Conexant chipset.
>>In order to do that I must:
>>a) Pay a (small) sum.
>>b) Accept a Microsoft-like license agreement.
>>If at that point I haven't realized that I'm not getting a fully GPL'd
>>software I'm really terminally stupid as you kindly suggest.
>>    
>>
>
>If you look at the price of a cardbus real modem on ebay, you might be
>surprised that these things are really cheap. Sometimes buying software to
>support the winmodems is actually more expensive than buying a real modem.
>
>
>  
>
You're right, but in a laptop using the integrated modem is more 
practical, with less stuff to carry, and less power involved. Provided 
of course I do it at my own risk, and don't try to rebutt the troubles I 
may get into to kernel people, which has more useful things to do, than 
following my personal whims.
BTW on my previous laptop I had a Lucent winmodem, whose driver doesn't 
fake the GPL license, but which was definitely inferior to the Linuxant 
driver, except for the hardware probing stupid implementation.
I'm looking forward for a time when being "Designed for Linux" will be 
more rewarding for a manufacturer than being "Designed for Windows" but 
till then I must get along with what is available.

>>However, if I'm not terminally stupid, I will never think of addressing
>>to kernel people in order to fix problems arising from or after loading
>>the driver, and associated utilities, even if lsmod doesn't show
>>"tainted" modules. Kernel people shouldn't even consider supporting the
>>resulting mess.
>>    
>>
>
>How would you know NOT to complain to linux-kernel if there is no sign you
>shouldn't?
>
>
>  
>
There's no *run-time* sign. But I was made aware of that when I 
downloaded it from a different source, and I had to agree to a non GPL 
license. It didn't originate from kernel group and I'm using it at my 
own risk.

<snip>

>>That said, I'd like to explain what made me react to the announcement
>>posted.
>>
>>Linuxant have figured a Microsoft-like brute force hardware detection
>>mechanism: they attempt to load *all* drivers, and only the one which
>>[...]
>>But I didn't appreciate that the reaction to that mess has been also on
>>Microsoft style.
>>The reaction has been:
>>
>>a) a workaround of the workaround (if you put a \0, I'll detect the
>>Linuxant string)
>>    
>>
>
>Was there anything else that could have been done for the existing fake
>GPL modules?
>
>
>  
>
Maybe I fail to grasp the full picture, but I'd just have ignored it. 
Please remember that they "fake" GPL only at run-time, not when you get 
them.

>>b) a lie (the /GPL directory is empty).
>>    
>>
>
>I have this FUCKING Linuxant .rpm with an empty GPL directory right on my
>hard disk. And this .rpm is signed by Linuxant. So either Linuxant has
>been hacked (someone stole the key, signed a bogus rpm and broke into thir
>site uploading it) or they are careless (forgetting to fill the GPL
>directory for some packages). In both cases I would not trust them.
>
>
>  
>
If you download the "generic package with source" either rpm or tar.gz, 
you'll find the GPL directory populated. I've checked again right now, 
just to be sure. At least, this holds true for hsf modem, which is the 
one I'm actually using.

If you're interested, and have time, you may also estimate if they've 
implemented in the GPL part all of the critical kernel code (as I had 
assumed, maybe naively, from a cursory look to the code), leaving in the 
proprietary binaries only the "proprietary" compression/decompression 
algorithms, or if they've just provided a minimal wrapper, with all 
"real" code proprietary.

It may make sense not to have anything left in the GPL directory in a 
binary only .rpm package, because once linked GPL parts cannot be told 
apart from non-GPL ones.

-- 
Ing. Giuliano Colla
Direttore Tecnico
Copeca srl
Bologna Italy

More information about the hsflinux mailing list