On Wed, 14 Feb 2007 23:13:45 EST, Dave Jones said: > One argument in its favour is aparently Red Hat isn't the only vendor > with something like this. I've not investigated it, but I hear rumours > that suse has something similar. Having everyone using the same code > would be a win for obvious reasons. Another argument in its favor is that it actually allows the kernel to implement *real* checking of module licenses and trumps all the proposals to deal with MODULE_LICENSE("GPL\0Haha!"). A vendor (or user) that wants to be *sure* that only *really really* GPL modules are loaded can simply refuse to load unsigned modules - and then refuse to sign a module until after they had themselves visited the source's website, verified that the source code was available under GPL, and so on. Remember - the GPL is about the availability of the source. And at modprobe time, the source isn't available. So you're left with two options: 1) Trust the binary to not lie to you about its license. 2) Ask a trusted 3rd party (usually, the person/distro that built the kernel) whether they've verified the claim that it's really GPL.
Attachment:
pgplGa03AvJVy.pgp
Description: PGP signature