website Changeset - 01b0b090a399 · Conservancy Kallithea

Changeset - 01b0b090a399

Parent rev.

Child rev.

[Not reviewed]

0 1 0

Denver Gingerich - 9 years ago 2015-06-01 03:53:01
denver@ossguy.com

List previously analyzed versions in lawsuit FAQ.

1 file changed with 2 insertions and 1 deletions:

www/conservancy/static/linux-compliance/vmware-lawsuit-faq.html

0 comments (0 inline, 0 general)

www/conservancy/static/linux-compliance/vmware-lawsuit-faq.html

➞

Show inline comments

@@ ... / @@ -412,49 +412,50 @@ static struct pci_driver tg3_driver = { @@
         objects together form a single running binary (likely along with many
         other binary objects as well).</li>
       <li>That single running binary contains code licensed under the GPLv2
        &mdash; namely the code derived from <code>tg3.c</code>
        and <code>pci.h</code>.  Thus, the single running binary may be
        distributed in binary form only under permissions provided under GPLv2
        &mdash; in
        particular <a href="https://gnu.org/licenses/gpl-2.0.html#section2">GPLv2&sect;2</a>
        and <a href="https://gnu.org/licenses/gpl-2.0.html#section3">GPLv2&sect;3</a>.</li>
       <li>GPLv2&sect;3(a&ndash;b) requires that <q>complete corresponding
           machine-readable source code</q> must accompany binary
           distributions such as these.  GPLv2&sect;3 further states
           that <q>for an executable work, complete source code means all the
           source code for all modules it contains</q>.</li>
       <li>The binary work in question contains modules from <code>k.b00</code>,
         <code>vmlinux_9</code> and <code>tg3</code>.</li>
       <li>VMware did not provide source code for any modules found in
         <code>k.b00</code>.</li>
       <li>Therefore, VMware failed to comply with the GPLv2, as such
       compliance requires source code (or an offer therefor) for the material
         in <code>k.b00</code>.</li>
     </ul>
 <p>The above is but one piece of evidence among many, but hopefully it helps
   to explain some of the &ldquo;combined work&rdquo; violations found in
   VMware's ESXi product.</p>
   VMware's ESXi product.  Conservancy did a similar analysis for ESXi 5.0
   as well as ESXi 5.5 Update 2 and found nearly identical results.</p>
 <dt id="verify">How can I verify Conservancy's technical findings above?</dt>
 <dd><p>The binary and source packages mentioned above are available
 on VMware's website.  These packages contain the
 previously-mentioned <code>linux_pci.c</code>,
 <code>vmkapi_pci_incompat.h</code>, and <code>k.b00</code> files, as well as
     <code>vmklinux_9</code> and the source code that builds the latter.</p>
   <p>To obtain the source components, follow these steps (no login is required):</p>
 <ol>
 <li>Visit <a href="https://my.vmware.com/web/vmware/details?downloadGroup=ESXI600_OSS&productId=491">https://my.vmware.com/web/vmware/details?downloadGroup=ESXI600_OSS&productId=491</a>.</li>
 <li>Click the &ldquo;Download&rdquo; button beside the text that reads
 &ldquo;Open source software accompanying ESXi&rdquo;.</li>
 <li>Confirm that the SHA-1 hash matches the published one
   (35811b981470abe8b606d8a7a97c9795ce570597), found under &ldquo;Read
   More&rdquo; on that web page.</li>
 <li>Mount (or otherwise open) the
   downloaded <code>VMware-ESXI-600-ODP.iso</code>.</li>

0 comments (0 inline, 0 general)