LWN.net Logo

Advertisement

Writers Wanted

Front, Kernel, Security, Distributions, Development. See your byline here on LWN.net.

Advertise here

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Highlights from the PostgreSQL 9.2 beta

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

GPLv3 and Security updates for embedded systems

GPLv3 and Security updates for embedded systems

Posted Sep 6, 2006 18:13 UTC (Wed) by landley (guest, #6789)
In reply to: GPLv3 and Security updates for embedded systems by atai
Parent article: Security updates for embedded systems

A) Never attribute to malice what can be adequately explained by
stupidity. With cheap embedded devices they're generally pretty happy if
you buy them and smash them for sculpture materials; it means you BOUGHT
them. Modding them violates the warantee, but that's just because they
don't want to support it. Support costs money. Updates are support.
Updates cost money.

B) The terms of GPLv3 will never be enforceable against BusyBox. We're
never dropping GPLv2 (although we might go GPLv2 only once GPLv3 ships and
we have something specific to reject).

C) Show me a way of phrasing GPLv3's "enforced upgradability" requirements
that does NOT require the World of Warcraft people to give me root access
to their servers if they're using BusyBox on it somewhere and I sign up
for a WoW account.

(Log in to post comments)

FUD

Posted Sep 7, 2006 0:32 UTC (Thu) by stevenj (guest, #421) [Link]

Show me a way of phrasing GPLv3's "enforced upgradability" requirements that does NOT require the World of Warcraft people to give me root access to their servers if they're using BusyBox on it somewhere and I sign up for a WoW account.

Please, spare us the ridiculous scare scenarios. GPLv3 would require no such thing.

Servers USE software

Posted Sep 8, 2006 21:58 UTC (Fri) by sepreece (subscriber, #19270) [Link]

If the WoW servers run BusyBox, that's considered use of the software, which GPLv3 explicitly acknowledges requires no license, even if they chose to modify the version they run on their software.

Now, IF they sold a hardware client - say a controller running Linux with the WoW client software running on it, then if you got one, GPLv3 would give you the right to replace the version of BusyBox running on it, with the resulting client functioning as it did before, other than any changes made by your changes.

That requirement would be an argument against their choosing Linux for the client box, since they presumably want to require fair clients and can only assure that if they control the client software. However, I don't think it's an issue, since I doubt they plan to build hardware clients, anyway...

Servers USE software

Posted Sep 14, 2006 7:48 UTC (Thu) by anandsr21 (guest, #28562) [Link]

So what you are saying is that if they sold their hardware, and if Linux sported GPLv3 then they will have to give the source to their server software. That is ridiculous.
They can do all they want with their proprietory server code. They don't need to make them open. Their code is not GPL and is not part of the kernel. If they don't want modded clients they can make use of the following scheme.
1) Let the client register the first time it connects to the server.
2) they provide the buying code, which should come with the box and should be different for each box.
3) Ask for a name, from the client. Use the code, the name, the IP subnet, and a random number to make a identifier. The name should not be changed on subsequent registrations.
4) Use this identifier to identify the client.
5) Whenever the user changes his IP subnet, they must register again. At this time remove the older identifier.

This would be mostly foolproof. Ofcourse people could share in the same subnet. But at least user will not be able to post it on the internet. Which is the biggest problem. And you can easily disallow one ID connecting twice. Since people who know each other like to play with each other. Sharing will not be a satisfying solution.

6) If somebody steals a users id, it should be easy re register.
The software should not keep the code or the name anywhere on the system. And should tell the user not to do so either. This will make guessing the code and name simultaneously nearly impossible.

Yes this is more difficult than making sure that the hardware is secure. But for the hardware that a company sells, they shouldn't get the right to keep it closed. For leased hardware there may be a case.

GPLv3 and Security updates for embedded systems

Posted Sep 7, 2006 3:32 UTC (Thu) by cventers (subscriber, #31465) [Link]

> Show me a way of phrasing GPLv3's "enforced upgradability" requirements
> that does NOT require the World of Warcraft people to give me root
> access to their servers if they're using BusyBox on it somewhere and I
> sign up for a WoW account.

If you feel that this is a legitimate concern, perhaps contacting the FSF
about it might be appropriate? They at least claim they are taking
community input, and appear to me to be doing so.

GPLv3 and Security updates for embedded systems

Posted Sep 7, 2006 11:55 UTC (Thu) by coriordan (guest, #7544) [Link]

Yes, this is an important comment which has to be made repeatedly this year. If people submit their complaint to gplv3.fsf.org, it can be acted on.

Here's the newsforge article which suggests the comments are being listened to.

And here's FSFE's GPLv3 page which has info and links to info such as eight presentation transcripts.

GPLv3 and Security updates for embedded systems

Posted Sep 7, 2006 18:56 UTC (Thu) by dwheeler (guest, #1216) [Link]

Poster said: "C) Show me a way of phrasing GPLv3's "enforced upgradability" requirements that does NOT require the World of Warcraft people to give me root access to their servers if they're using BusyBox on it somewhere and I sign up for a WoW account."

I've read all the major versions of the GPLv3, and NONE of them require any such thing. Where in the world did you get such an interpretation?!? If the WoW are sold a device with BusyBox, then under GPLv3 the WoW would have to be given the right to upgrade the BusyBox they were using. But that doesn't mean anyone ELSE gets to upgrade your software.

I think you've been misinformed. Please check your sources again, and if you still think there's a problem, send a comment to the GPLv3 process. But I think this is a gross misunderstanding of GPLv3.

GPLv3 and Security updates for embedded systems

Posted Sep 14, 2006 9:08 UTC (Thu) by forthy (guest, #1525) [Link]

Typical anti-GPLv3 soundbite. Why do people do this? IMHO, GPLv2 did already clearly express the intent of updateability, though not as precise as GPLv3. TiVo-izing GPLv2 software IMHO is a violation of the license, because the intent of the license is already clear, and the way TiVo-izing works hasn't been forseen by the licensor. Remember that copyright licenses require an additional license for unforseen usage. All you could do (e.g. as Linus Torvalds does) is state your opinion about it, but it's your opinion, and not the opinion of other developers of the system. So people can't take it as legal advice.

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds