* [dm-crypt] verity for GRUB? @ 2012-10-09 4:36 Geoffrey Thomas 2012-10-09 6:27 ` ffrizzy 2012-10-10 13:00 ` [dm-crypt] verity for GRUB? Mikulas Patocka 0 siblings, 2 replies; 15+ messages in thread From: Geoffrey Thomas @ 2012-10-09 4:36 UTC (permalink / raw) To: mpatocka@redhat.com Cc: dm-crypt@saout.de, msb@chromium.org, ellyjones@chromium.org, wad@chromium.org, agk@redhat.com Hi Mikulas et al., I'm planning on porting verity to GRUB for validation of a disk image before loading further GRUB configuration / a kernel from it (specifically as part of Secure Boot support for my company's product, MokaFive BareMetal). Before doing this, though, I wanted to check if you knew of any existing effort along these lines. If not, are you willing to relicense dm-verity.c and/or libverity as GPLv2+ instead of just GPLv2, so that I can just use that code with GRUB (GPLv3+) instead of reimplementing it? Thanks, -- Geoffrey Thomas gthomas@mokafive.com ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [dm-crypt] verity for GRUB? 2012-10-09 4:36 [dm-crypt] verity for GRUB? Geoffrey Thomas @ 2012-10-09 6:27 ` ffrizzy 2012-10-09 8:16 ` [dm-crypt] Unsubscribe requests Arno Wagner 2012-10-10 13:00 ` [dm-crypt] verity for GRUB? Mikulas Patocka 1 sibling, 1 reply; 15+ messages in thread From: ffrizzy @ 2012-10-09 6:27 UTC (permalink / raw) To: Geoffrey Thomas Cc: wad@chromium.org, dm-crypt@saout.de, msb@chromium.org, ellyjones@chromium.org, mpatocka@redhat.com, agk@redhat.com [-- Attachment #1: Type: text/plain, Size: 914 bytes --] GET MEOUT FRONM YOUR LISTS !! STOP SENDUNG E YOUR MAILS I HAVE NEVER SUBSCRIBE TO YOUR CORESPONDENCE UNSUBSCRIBE ME 2012/10/9 Geoffrey Thomas <gthomas@mokafive.com> > Hi Mikulas et al., > > I'm planning on porting verity to GRUB for validation of a disk image > before loading further GRUB configuration / a kernel from it (specifically > as part of Secure Boot support for my company's product, MokaFive > BareMetal). Before doing this, though, I wanted to check if you knew of any > existing effort along these lines. > > If not, are you willing to relicense dm-verity.c and/or libverity as > GPLv2+ instead of just GPLv2, so that I can just use that code with GRUB > (GPLv3+) instead of reimplementing it? > > Thanks, > -- > Geoffrey Thomas > gthomas@mokafive.com > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt > [-- Attachment #2: Type: text/html, Size: 1447 bytes --] ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [dm-crypt] Unsubscribe requests 2012-10-09 6:27 ` ffrizzy @ 2012-10-09 8:16 ` Arno Wagner 2012-10-09 8:45 ` ffrizzy 0 siblings, 1 reply; 15+ messages in thread From: Arno Wagner @ 2012-10-09 8:16 UTC (permalink / raw) To: dm-crypt Why are you so impolite? CC'ing all those people is just plain rude. This is a quiet and friendly list. Now, if you are subscribed to the list, you or somebody with access to your email account confirmed that you wanted to be subscribed after an email asking you was sent to you (unless somebody has hacked the listserver, rather unlikely). We cannot take you off the list. That requires access to your email account, and hence you have to do that yourself, using the same mechanism used to subscribe. Instructions were in the email you got upon subscribing. You can also get help from the listserver, as described in Section 1.6 of the cryptsetup FAQ here: http://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions In addition, if you are sure you did not subscribe by accident, you should make sure your machine and email account have not been hacked. It sounds like they have been. Arno On Tue, Oct 09, 2012 at 08:27:28AM +0200, ffrizzy wrote: > GET MEOUT FRONM YOUR LISTS !! > STOP SENDUNG E YOUR MAILS > I HAVE NEVER SUBSCRIBE TO YOUR CORESPONDENCE > UNSUBSCRIBE ME > > > 2012/10/9 Geoffrey Thomas <gthomas@mokafive.com> > > > Hi Mikulas et al., > > > > I'm planning on porting verity to GRUB for validation of a disk image > > before loading further GRUB configuration / a kernel from it (specifically > > as part of Secure Boot support for my company's product, MokaFive > > BareMetal). Before doing this, though, I wanted to check if you knew of any > > existing effort along these lines. > > > > If not, are you willing to relicense dm-verity.c and/or libverity as > > GPLv2+ instead of just GPLv2, so that I can just use that code with GRUB > > (GPLv3+) instead of reimplementing it? > > > > Thanks, > > -- > > Geoffrey Thomas > > gthomas@mokafive.com > > _______________________________________________ > > dm-crypt mailing list > > dm-crypt@saout.de > > http://www.saout.de/mailman/listinfo/dm-crypt > > > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- One of the painful things about our time is that those who feel certainty are stupid, and those with any imagination and understanding are filled with doubt and indecision. -- Bertrand Russell ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [dm-crypt] Unsubscribe requests 2012-10-09 8:16 ` [dm-crypt] Unsubscribe requests Arno Wagner @ 2012-10-09 8:45 ` ffrizzy 2012-10-09 8:49 ` Ralf Ramsauer 0 siblings, 1 reply; 15+ messages in thread From: ffrizzy @ 2012-10-09 8:45 UTC (permalink / raw) To: dm-crypt [-- Attachment #1: Type: text/plain, Size: 3071 bytes --] I am sorry - but I never suibscribed the same way that I *have no acces to unsubscribe and you FAQ is too complicated for me and I cant understand it or work with it Thats not the lever of an person who simplre send mails and dont have proffesional backround in computers SO: Pleasee delite me from you system Thanks * 2012/10/9 Arno Wagner <arno@wagner.name> > Why are you so impolite? CC'ing all those people is just > plain rude. This is a quiet and friendly list. > > Now, if you are subscribed to the list, you or somebody with > access to your email account confirmed that you wanted to be > subscribed after an email asking you was sent to you (unless > somebody has hacked the listserver, rather unlikely). > > We cannot take you off the list. That requires access to your > email account, and hence you have to do that yourself, using > the same mechanism used to subscribe. Instructions were in > the email you got upon subscribing. You can also get help from > the listserver, as described in Section 1.6 of the cryptsetup > FAQ here: > > http://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions > > In addition, if you are sure you did not subscribe by > accident, you should make sure your machine and email > account have not been hacked. It sounds like they have > been. > > Arno > > > > On Tue, Oct 09, 2012 at 08:27:28AM +0200, ffrizzy wrote: > > GET MEOUT FRONM YOUR LISTS !! > > STOP SENDUNG E YOUR MAILS > > I HAVE NEVER SUBSCRIBE TO YOUR CORESPONDENCE > > UNSUBSCRIBE ME > > > > > > 2012/10/9 Geoffrey Thomas <gthomas@mokafive.com> > > > > > Hi Mikulas et al., > > > > > > I'm planning on porting verity to GRUB for validation of a disk image > > > before loading further GRUB configuration / a kernel from it > (specifically > > > as part of Secure Boot support for my company's product, MokaFive > > > BareMetal). Before doing this, though, I wanted to check if you knew > of any > > > existing effort along these lines. > > > > > > If not, are you willing to relicense dm-verity.c and/or libverity as > > > GPLv2+ instead of just GPLv2, so that I can just use that code with > GRUB > > > (GPLv3+) instead of reimplementing it? > > > > > > Thanks, > > > -- > > > Geoffrey Thomas > > > gthomas@mokafive.com > > > _______________________________________________ > > > dm-crypt mailing list > > > dm-crypt@saout.de > > > http://www.saout.de/mailman/listinfo/dm-crypt > > > > > > _______________________________________________ > > dm-crypt mailing list > > dm-crypt@saout.de > > http://www.saout.de/mailman/listinfo/dm-crypt > > > -- > Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name > GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 > 338F > ---- > One of the painful things about our time is that those who feel certainty > are stupid, and those with any imagination and understanding are filled > with doubt and indecision. -- Bertrand Russell > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt > [-- Attachment #2: Type: text/html, Size: 4384 bytes --] ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [dm-crypt] Unsubscribe requests 2012-10-09 8:45 ` ffrizzy @ 2012-10-09 8:49 ` Ralf Ramsauer 0 siblings, 0 replies; 15+ messages in thread From: Ralf Ramsauer @ 2012-10-09 8:49 UTC (permalink / raw) To: dm-crypt [-- Attachment #1: Type: text/plain, Size: 3848 bytes --] Write an empty Mail to dm-crypt-unsubscribe@saout.de Best Regards, Ralf On 10/09/12 10:45, ffrizzy wrote: > I am sorry - but I never suibscribed > the same way that I /have no acces to unsubscribe > and you FAQ is too complicated for me and I cant understand it or work > with it > Thats not the lever of an person who simplre send mails and dont have > proffesional backround in computers > SO: > Pleasee delite me from you system > Thanks > > / > 2012/10/9 Arno Wagner <arno@wagner.name <mailto:arno@wagner.name>> > > Why are you so impolite? CC'ing all those people is just > plain rude. This is a quiet and friendly list. > > Now, if you are subscribed to the list, you or somebody with > access to your email account confirmed that you wanted to be > subscribed after an email asking you was sent to you (unless > somebody has hacked the listserver, rather unlikely). > > We cannot take you off the list. That requires access to your > email account, and hence you have to do that yourself, using > the same mechanism used to subscribe. Instructions were in > the email you got upon subscribing. You can also get help from > the listserver, as described in Section 1.6 of the cryptsetup > FAQ here: > > http://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions > > In addition, if you are sure you did not subscribe by > accident, you should make sure your machine and email > account have not been hacked. It sounds like they have > been. > > Arno > > > > On Tue, Oct 09, 2012 at 08:27:28AM +0200, ffrizzy wrote: > > GET MEOUT FRONM YOUR LISTS !! > > STOP SENDUNG E YOUR MAILS > > I HAVE NEVER SUBSCRIBE TO YOUR CORESPONDENCE > > UNSUBSCRIBE ME > > > > > > 2012/10/9 Geoffrey Thomas <gthomas@mokafive.com > <mailto:gthomas@mokafive.com>> > > > > > Hi Mikulas et al., > > > > > > I'm planning on porting verity to GRUB for validation of a > disk image > > > before loading further GRUB configuration / a kernel from it > (specifically > > > as part of Secure Boot support for my company's product, MokaFive > > > BareMetal). Before doing this, though, I wanted to check if > you knew of any > > > existing effort along these lines. > > > > > > If not, are you willing to relicense dm-verity.c and/or > libverity as > > > GPLv2+ instead of just GPLv2, so that I can just use that code > with GRUB > > > (GPLv3+) instead of reimplementing it? > > > > > > Thanks, > > > -- > > > Geoffrey Thomas > > > gthomas@mokafive.com <mailto:gthomas@mokafive.com> > > > _______________________________________________ > > > dm-crypt mailing list > > > dm-crypt@saout.de <mailto:dm-crypt@saout.de> > > > http://www.saout.de/mailman/listinfo/dm-crypt > > > > > > _______________________________________________ > > dm-crypt mailing list > > dm-crypt@saout.de <mailto:dm-crypt@saout.de> > > http://www.saout.de/mailman/listinfo/dm-crypt > > > -- > Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: > arno@wagner.name <mailto:arno@wagner.name> > GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 > 1E25 338F > ---- > One of the painful things about our time is that those who feel > certainty > are stupid, and those with any imagination and understanding are > filled > with doubt and indecision. -- Bertrand Russell > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de <mailto:dm-crypt@saout.de> > http://www.saout.de/mailman/listinfo/dm-crypt > > > > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt [-- Attachment #2: Type: text/html, Size: 7100 bytes --] ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [dm-crypt] verity for GRUB? 2012-10-09 4:36 [dm-crypt] verity for GRUB? Geoffrey Thomas 2012-10-09 6:27 ` ffrizzy @ 2012-10-10 13:00 ` Mikulas Patocka 2012-10-10 20:51 ` Geoffrey Thomas 1 sibling, 1 reply; 15+ messages in thread From: Mikulas Patocka @ 2012-10-10 13:00 UTC (permalink / raw) To: Geoffrey Thomas Cc: dm-crypt@saout.de, msb@chromium.org, ellyjones@chromium.org, wad@chromium.org, agk@redhat.com On Mon, 8 Oct 2012, Geoffrey Thomas wrote: > Hi Mikulas et al., > > I'm planning on porting verity to GRUB for validation of a disk image > before loading further GRUB configuration / a kernel from it > (specifically as part of Secure Boot support for my company's product, > MokaFive BareMetal). Before doing this, though, I wanted to check if you > knew of any existing effort along these lines. > > If not, are you willing to relicense dm-verity.c and/or libverity as > GPLv2+ instead of just GPLv2, so that I can just use that code with GRUB > (GPLv3+) instead of reimplementing it? Ask Red Hat and Google if they want to relicense it. Mikulas > Thanks, > -- > Geoffrey Thomas > gthomas@mokafive.com ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [dm-crypt] verity for GRUB? 2012-10-10 13:00 ` [dm-crypt] verity for GRUB? Mikulas Patocka @ 2012-10-10 20:51 ` Geoffrey Thomas 2012-10-10 21:20 ` Milan Broz 0 siblings, 1 reply; 15+ messages in thread From: Geoffrey Thomas @ 2012-10-10 20:51 UTC (permalink / raw) To: Mikulas Patocka Cc: dm-crypt@saout.de, msb@chromium.org, ellyjones@chromium.org, wad@chromium.org, agk@redhat.com On Wed, 10 Oct 2012, Mikulas Patocka wrote: >> If not, are you willing to relicense dm-verity.c and/or libverity as >> GPLv2+ instead of just GPLv2, so that I can just use that code with GRUB >> (GPLv3+) instead of reimplementing it? > > Ask Red Hat and Google if they want to relicense it. Thanks. Do you know who the appropriate contacts at Red Hat would be? -- Geoffrey Thomas gthomas@mokafive.com ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [dm-crypt] verity for GRUB? 2012-10-10 20:51 ` Geoffrey Thomas @ 2012-10-10 21:20 ` Milan Broz 2012-10-10 21:23 ` Milan Broz 2012-10-10 21:43 ` Geoffrey Thomas 0 siblings, 2 replies; 15+ messages in thread From: Milan Broz @ 2012-10-10 21:20 UTC (permalink / raw) To: Geoffrey Thomas Cc: wad@chromium.org, dm-crypt@saout.de, msb@chromium.org, ellyjones@chromium.org, Mikulas Patocka, agk@redhat.com On 10/10/2012 10:51 PM, Geoffrey Thomas wrote: > On Wed, 10 Oct 2012, Mikulas Patocka wrote: > >>> If not, are you willing to relicense dm-verity.c and/or libverity as >>> GPLv2+ instead of just GPLv2, so that I can just use that code with GRUB >>> (GPLv3+) instead of reimplementing it? >> >> Ask Red Hat and Google if they want to relicense it. Is there anything from libcryptsetup you want to use or it is just about kernel code? If you want to use code from cryptsetup (cryptsetup/lib/verity/*), what exactly you need and which licence is ok for you (GPL2+ or LGPL?) (GPL3 will be incompatible with other cryptsetup code.) Milan ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [dm-crypt] verity for GRUB? 2012-10-10 21:20 ` Milan Broz @ 2012-10-10 21:23 ` Milan Broz 2012-10-10 21:43 ` Geoffrey Thomas 1 sibling, 0 replies; 15+ messages in thread From: Milan Broz @ 2012-10-10 21:23 UTC (permalink / raw) To: Geoffrey Thomas Cc: wad@chromium.org, dm-crypt@saout.de, msb@chromium.org, ellyjones@chromium.org, Mikulas Patocka, agk@redhat.com Sigh. Obviously I wanted to send this from RH email, sorry :) On 10/10/2012 11:20 PM, Milan Broz wrote: > On 10/10/2012 10:51 PM, Geoffrey Thomas wrote: >> On Wed, 10 Oct 2012, Mikulas Patocka wrote: >> >>>> If not, are you willing to relicense dm-verity.c and/or libverity as >>>> GPLv2+ instead of just GPLv2, so that I can just use that code with GRUB >>>> (GPLv3+) instead of reimplementing it? >>> >>> Ask Red Hat and Google if they want to relicense it. > > Is there anything from libcryptsetup you want to use or it is just about > kernel code? > > If you want to use code from cryptsetup (cryptsetup/lib/verity/*), what exactly > you need and which licence is ok for you (GPL2+ or LGPL?) > (GPL3 will be incompatible with other cryptsetup code.) > > Milan > ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [dm-crypt] verity for GRUB? 2012-10-10 21:20 ` Milan Broz 2012-10-10 21:23 ` Milan Broz @ 2012-10-10 21:43 ` Geoffrey Thomas 2012-10-10 21:55 ` Milan Broz 1 sibling, 1 reply; 15+ messages in thread From: Geoffrey Thomas @ 2012-10-10 21:43 UTC (permalink / raw) To: Milan Broz Cc: wad@chromium.org, dm-crypt@saout.de, msb@chromium.org, ellyjones@chromium.org, Mikulas Patocka, agk@redhat.com On Wed, 10 Oct 2012, Milan Broz wrote: > Is there anything from libcryptsetup you want to use or it is just about > kernel code? > > If you want to use code from cryptsetup (cryptsetup/lib/verity/*), what exactly > you need and which licence is ok for you (GPL2+ or LGPL?) > (GPL3 will be incompatible with other cryptsetup code.) Hm. I _thought_ I could adapt lib/verity/verity_hash.c for what I need, but it appears to only support a whole-disk verification, not verification of individual blocks. That said, if you're willing to take patches to extend libverity's API, I can add the functionality I need. I believe that GPLv2+ should work fine for GRUB. I'm talking with Mikulas about whether the kernel code can be relicensed, since that is closer to what I'm trying to do. -- Geoffrey Thomas gthomas@mokafive.com ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [dm-crypt] verity for GRUB? 2012-10-10 21:43 ` Geoffrey Thomas @ 2012-10-10 21:55 ` Milan Broz 2012-10-10 22:04 ` Geoffrey Thomas 0 siblings, 1 reply; 15+ messages in thread From: Milan Broz @ 2012-10-10 21:55 UTC (permalink / raw) To: Geoffrey Thomas Cc: wad@chromium.org, dm-crypt@saout.de, msb@chromium.org, ellyjones@chromium.org, Mikulas Patocka, agk@redhat.com On 10/10/2012 11:43 PM, Geoffrey Thomas wrote: > On Wed, 10 Oct 2012, Milan Broz wrote: > >> Is there anything from libcryptsetup you want to use or it is just about >> kernel code? >> >> If you want to use code from cryptsetup (cryptsetup/lib/verity/*), what exactly >> you need and which licence is ok for you (GPL2+ or LGPL?) >> (GPL3 will be incompatible with other cryptsetup code.) > > Hm. I _thought_ I could adapt lib/verity/verity_hash.c for what I need, > but it appears to only support a whole-disk verification, not verification > of individual blocks. Well, yes, because cryptsetup does not need that. Also it uses crypto backend wrappers, so I am afraid you cannot just take this library without a lot of changes.... > That said, if you're willing to take patches to > extend libverity's API, I can add the functionality I need. I believe that > GPLv2+ should work fine for GRUB. I see no major problem with relicensing (but need to check properly). If it helps to use it more broadly, it would be nice (with available source code for everyone). If you have any patches, just send them (to list or create new issue on project page). What is not clear here (not related to problems above) is where you want to store root hash and how grub2 will securely obtain it... Thanks, Milan ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [dm-crypt] verity for GRUB? 2012-10-10 21:55 ` Milan Broz @ 2012-10-10 22:04 ` Geoffrey Thomas 2012-10-11 5:10 ` Arno Wagner 0 siblings, 1 reply; 15+ messages in thread From: Geoffrey Thomas @ 2012-10-10 22:04 UTC (permalink / raw) To: Milan Broz; +Cc: dm-crypt@saout.de [trimmed Ccs] On Wed, 10 Oct 2012, Milan Broz wrote: > I see no major problem with relicensing (but need to check properly). > If it helps to use it more broadly, it would be nice (with available > source code for everyone). Yeah, if you're planning on looking into relicensing, I'd encourage you to make as much of cryptsetup as you can GPLv2+ instead of GPLv2, so that the code is more reusable in other projects, even if it ends up not being relevant for my specific use case. > What is not clear here (not related to problems above) is where > you want to store root hash and how grub2 will securely obtain it... I've raised this on the GRUB list: http://thread.gmane.org/gmane.comp.boot-loaders.grub.devel/19404 Basically my plan is to add another GRUB command to verify a signed file and load configuration or variables from it (or parse it with the Lua grub-extra, which we're already using), and then build a top-level grub.efi with our certificate embedded. So our build server would do something like `veritysetup format image.iso image.iso.verity | sed ... | gpg --clearsign > image.iso.root-hash` after creating the ISO, and ship all three files when doing an update. Which reminds me to thank you for the "veritysetup support for files" patch -- in some testing by hand, it works pretty well. -- Geoffrey Thomas gthomas@mokafive.com ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [dm-crypt] verity for GRUB? 2012-10-10 22:04 ` Geoffrey Thomas @ 2012-10-11 5:10 ` Arno Wagner 2012-10-11 7:23 ` [dm-crypt] license of libcryptsetup (was: verity for GRUB?) Milan Broz 0 siblings, 1 reply; 15+ messages in thread From: Arno Wagner @ 2012-10-11 5:10 UTC (permalink / raw) To: dm-crypt On Wed, Oct 10, 2012 at 03:04:49PM -0700, Geoffrey Thomas wrote: > Yeah, if you're planning on looking into relicensing, I'd encourage > you to make as much of cryptsetup as you can GPLv2+ instead of > GPLv2, so that the code is more reusable in other projects, even if > it ends up not being relevant for my specific use case. Quick qestion: What is the GPLv2+? I am unable to find any formal references or comparisons, just GPLv2. Pointers appreciated. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- One of the painful things about our time is that those who feel certainty are stupid, and those with any imagination and understanding are filled with doubt and indecision. -- Bertrand Russell ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [dm-crypt] license of libcryptsetup (was: verity for GRUB?) 2012-10-11 5:10 ` Arno Wagner @ 2012-10-11 7:23 ` Milan Broz 2012-10-11 9:21 ` Arno Wagner 0 siblings, 1 reply; 15+ messages in thread From: Milan Broz @ 2012-10-11 7:23 UTC (permalink / raw) To: dm-crypt On 10/11/2012 07:10 AM, Arno Wagner wrote: > On Wed, Oct 10, 2012 at 03:04:49PM -0700, Geoffrey Thomas wrote: >> Yeah, if you're planning on looking into relicensing, I'd encourage >> you to make as much of cryptsetup as you can GPLv2+ instead of >> GPLv2, so that the code is more reusable in other projects, even if >> it ends up not being relevant for my specific use case. > > Quick qestion: What is the GPLv2+? I am unable to find any formal > references or comparisons, just GPLv2. Pointers appreciated. Nice list is here http://en.wikipedia.org/wiki/List_of_FSF_approved_software_licenses http://www.gnu.org/licenses/gpl-faq.html Basically, it is shortcut: GPLvX means GPL version X only, GPLvX+ "... or any later". And why there is resistance to GPLvX+? Well, "or any later" means any later. Who knows what is in not yet written GPLv(X+y)? :-) (And v3 has own problems as well.) The basic problem is in compatibility matrix, mainly with GPLv3 vs GPLv2 which are not compatible, see http://gplv3.fsf.org/dd3-faq Because of repeating questions an problems, I would really like to switch libcryptsetup (IOW cryptsetup library, not binary itself) to something less restricted (currently most of the code is GPLv2 only). Perhaps LGPLv2+. But it requires approval from all authors. (I will perhaps try to get these, otherwise I switch just verity part...) (TBH, I would myself prefer any new crypto code under even less restricted licenses like BSD or MIT licence. But cryptsetup already depends on other GPL libraries, so not sure if it makes sense. Anyway, if anyone has better idea or any notes here, please let me know. Now is the best time to complain ;-) Thanks, Milan ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [dm-crypt] license of libcryptsetup (was: verity for GRUB?) 2012-10-11 7:23 ` [dm-crypt] license of libcryptsetup (was: verity for GRUB?) Milan Broz @ 2012-10-11 9:21 ` Arno Wagner 0 siblings, 0 replies; 15+ messages in thread From: Arno Wagner @ 2012-10-11 9:21 UTC (permalink / raw) To: dm-crypt On Thu, Oct 11, 2012 at 09:23:03AM +0200, Milan Broz wrote: > On 10/11/2012 07:10 AM, Arno Wagner wrote: > > On Wed, Oct 10, 2012 at 03:04:49PM -0700, Geoffrey Thomas wrote: > >> Yeah, if you're planning on looking into relicensing, I'd encourage > >> you to make as much of cryptsetup as you can GPLv2+ instead of > >> GPLv2, so that the code is more reusable in other projects, even if > >> it ends up not being relevant for my specific use case. > > > > Quick qestion: What is the GPLv2+? I am unable to find any formal > > references or comparisons, just GPLv2. Pointers appreciated. > > Nice list is here > http://en.wikipedia.org/wiki/List_of_FSF_approved_software_licenses > http://www.gnu.org/licenses/gpl-faq.html > > Basically, it is shortcut: > GPLvX means GPL version X only, GPLvX+ "... or any later". I see. Logical. Must be the cold I have at the moment clogging up my synapses ;-) Thanks! > And why there is resistance to GPLvX+? Well, "or any later" means > any later. Who knows what is in not yet written GPLv(X+y)? :-) > (And v3 has own problems as well.) It does indeed. > The basic problem is in compatibility matrix, mainly with GPLv3 vs GPLv2 > which are not compatible, see http://gplv3.fsf.org/dd3-faq > > Because of repeating questions an problems, I would really like to switch > libcryptsetup (IOW cryptsetup library, not binary itself) > to something less restricted (currently most of the code is GPLv2 only). > Perhaps LGPLv2+. But it requires approval from all authors. > (I will perhaps try to get these, otherwise I switch just verity part...) > > (TBH, I would myself prefer any new crypto code under even less restricted > licenses like BSD or MIT licence. But cryptsetup already depends on other > GPL libraries, so not sure if it makes sense. I don't want my stuff under modified BSD or MIT by default. While it does cause problems, I think the GPL-idea still serves a purpose. I can live with LGPLv2.1+ (seems to be the most compatible one) for any code I contribute. For documentation, completely free for small things and CC "Attribution-Share Alike 3.0 Unported" (as I use in the FAQ) for larger things would be my choice, but anything reasonably similar is fine. I am willing to do a "modified BSD" code-fork for a specific purpose (if somebody asks and has a good reason). I have done that in the past for some research code, i.e. public GPL code and special BSD release for an industry partner. There, I put a note in the BSD license statement that a GPL version was also available and a pointer to it (in these cases my long-term email). As BSD requires the license statement to be left intact, that at least makes hiding the original code difficult and allows people to find it if they are interested. I know that legally this is a minefield if many people contribute, but maybe it could work? > Anyway, if anyone has better idea or any notes here, please let me know. > Now is the best time to complain ;-) ;-) Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- One of the painful things about our time is that those who feel certainty are stupid, and those with any imagination and understanding are filled with doubt and indecision. -- Bertrand Russell ^ permalink raw reply [flat|nested] 15+ messages in thread
end of thread, other threads:[~2012-10-11 9:21 UTC | newest] Thread overview: 15+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2012-10-09 4:36 [dm-crypt] verity for GRUB? Geoffrey Thomas 2012-10-09 6:27 ` ffrizzy 2012-10-09 8:16 ` [dm-crypt] Unsubscribe requests Arno Wagner 2012-10-09 8:45 ` ffrizzy 2012-10-09 8:49 ` Ralf Ramsauer 2012-10-10 13:00 ` [dm-crypt] verity for GRUB? Mikulas Patocka 2012-10-10 20:51 ` Geoffrey Thomas 2012-10-10 21:20 ` Milan Broz 2012-10-10 21:23 ` Milan Broz 2012-10-10 21:43 ` Geoffrey Thomas 2012-10-10 21:55 ` Milan Broz 2012-10-10 22:04 ` Geoffrey Thomas 2012-10-11 5:10 ` Arno Wagner 2012-10-11 7:23 ` [dm-crypt] license of libcryptsetup (was: verity for GRUB?) Milan Broz 2012-10-11 9:21 ` Arno Wagner
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.