“Tivoization” and Your Right to Install Under Copyleft(sfconservancy.org)
sfconservancy.org
“Tivoization” and Your Right to Install Under Copyleft
https://sfconservancy.org/blog/2021/jul/23/tivoization-and-the-gpl-right-to-install/
99 comments
Commercial users still take copyright issues pretty seriously because of the remedies available to copyright holders under title 17.
Even if an author doesn't register the copyright until they want to begin the suit (you lose statutory damages and attorneys fees this way), they can get an injunction against further distribution and disgorgement of profits from the infringing work, so if you get caught, your product is dead and has made (you) no money. This is also why the FSF/SFLC has like a 100% success rate when it comes to extracting highly favorable settlements.
Without a doubt people still infringe, but it's not a complete free for all.
Without a doubt people still infringe, but it's not a complete free for all.
Definitely not a 100% success rate and I question "highly favorable" when settlements almost never result in a complete end to infringement by even the one entity settling and are so slow and expensive to get that thousands more spring up in the meantime...
If you have access to legal databases like Westlaw/Lexis, you can look up the lawsuits the FSF and SFLC have been a party to. All of those suits were settled and the plaintiffs secure monetary compensation, disclosure of the source code, and in some cases the ability to pre-screen future releases to make sure they're complying with the GPL. The reason why many shops take copyright seriously or ban the use of GPL software (you can argue either way that the latter is or is not a victory for the GPL) is because this creates a deterrent effect.
BTW, SFLC (Software Freedom Law Centre) != SFC (Software Freedom Conservancy).
Conservancy recently got a grant for compliance work, and are working on an enforcement action in the IoT space:
https://sfconservancy.org/copyleft-compliance/firmware-liber...
The bigger problem is that outside of the FSF and Conservancy, large amounts of the Linux developer community and several ostensibly Free Software companies/organisations do not want the GPL to be enforced at all.
https://sfconservancy.org/copyleft-compliance/firmware-liber...
The bigger problem is that outside of the FSF and Conservancy, large amounts of the Linux developer community and several ostensibly Free Software companies/organisations do not want the GPL to be enforced at all.
There has been relatively high levels of support for normal / standard GPLv2 enforcement.
That said, the FSF and Conservancy like to pick more edge cases and go to absolute war on them. That doesn't generate as much support it is true and a lot of parts of the GPLv3 push also rubbed folks the wrong way.
"Linus says says GPL v3 violates everything that GPLv2 stood for"
https://www.youtube.com/watch?v=PaKIZ7gJlRU
is but one of many many examples here.
That said, the FSF and Conservancy like to pick more edge cases and go to absolute war on them. That doesn't generate as much support it is true and a lot of parts of the GPLv3 push also rubbed folks the wrong way.
"Linus says says GPL v3 violates everything that GPLv2 stood for"
https://www.youtube.com/watch?v=PaKIZ7gJlRU
is but one of many many examples here.
The focus of FSF and Conservancy is on freedoms; obtaining the code, reading the code, building the code, modifying the code, installing the modified code and running the modified code are essential freedoms and if they aren't possible for a person with the necessary skills and resources, then the license and the enforcement of the license are not achieving the goals of the Free Software and Open Source movements.
If anything, I would say that the amount of freedoms intended to be upheld by these licenses is not expansive enough, considering the SaaSS world that we live in now.
If anything, I would say that the amount of freedoms intended to be upheld by these licenses is not expansive enough, considering the SaaSS world that we live in now.
Linus isn't much qualified on any other topic that software development. For example what he describes as his "take" on GPL v2 and its purpose is at odds with what the people that actually wrote it have written and even a basic reading of the text.
What he is mistating is he liked the fact that you could for practical purposes ignore much of the idealogy that a) he has never cared for and b) has always clearly underpinned both v2 and v3 of the GPL license.
Pretending otherwise is only not a lie because charitably he doesn't know what he is talking about or isn't expressing himself very well.
If you want a useful opinion on law ask a lawyer not a programmer. Linus is not only unqualified he doesn't know he is unqualified.
What he is mistating is he liked the fact that you could for practical purposes ignore much of the idealogy that a) he has never cared for and b) has always clearly underpinned both v2 and v3 of the GPL license.
Pretending otherwise is only not a lie because charitably he doesn't know what he is talking about or isn't expressing himself very well.
If you want a useful opinion on law ask a lawyer not a programmer. Linus is not only unqualified he doesn't know he is unqualified.
Even relaxed "we only care about source release" GPLv2 enforcement is not desirable to Linus and other Linux developers.
And for good reason!
Linus and Greg KH's reasoning for avoiding lawsuits: https://lists.linuxfoundation.org/pipermail/ksummit-discuss/...
Linus and Greg KH's reasoning for avoiding lawsuits: https://lists.linuxfoundation.org/pipermail/ksummit-discuss/...
The principles used by FSF/Conservancy operate their copyleft compliance efforts under are eminently reasonable and make it clear that lawsuits are a last resort that are only used when the violator is being unreasonable and blatantly violating the licenses.
https://www.fsf.org/licensing/enforcement-principles https://sfconservancy.org/copyleft-compliance/principles.htm...
https://www.fsf.org/licensing/enforcement-principles https://sfconservancy.org/copyleft-compliance/principles.htm...
Yes it's incredibly difficult for someone to understand something if their salary depends on not understanding it. It's important to note that Linux would likely not exist if PC makers had used the same lockdown methods as used today.
Moreover when GKH and Linus talk about how GPL enforcement has done nothing good, they conveniently leave out the success of WRT enforcement, which caused one of the biggest Linux offshoots, largely based on volunteer work.
Finally, the audacity of saying "let's talk about legal things without lawyers present" is such a typical software engineer thing, just imagine the reaction someone was proposing to talk about kernel programming without any kernel programmers present
Moreover when GKH and Linus talk about how GPL enforcement has done nothing good, they conveniently leave out the success of WRT enforcement, which caused one of the biggest Linux offshoots, largely based on volunteer work.
Finally, the audacity of saying "let's talk about legal things without lawyers present" is such a typical software engineer thing, just imagine the reaction someone was proposing to talk about kernel programming without any kernel programmers present
BSD as in the software distribution almost didn't get to exist thanks to a lawsuit, but once that was cleared it was out. It Linux didn't exist, it would have taken over the niche.
Linux itself is not that special - it mostly is a case of right place and right time.
Linux itself is not that special - it mostly is a case of right place and right time.
And even tbe FSF hasn't really done any enforcement in years. And major copyright holders on large GPL codebases (coughLinux) oppose any and all enforcement actions.
> I don't believe that any organization ... is capable of enforcing
Big companies are very capable, and often happy, to sue each other for reasons including breach of patent, copyright, trademark and much more. This includes GPL breaches.
The point of GPL is to build an ecosystem and create "herd immunity" against bad actors.
Protecting the rights of a lone developer VS a large corporation can be expensive and difficult - not because of the GPL - but because of how the legal system works in most parts of the world.
But that is besides the point.
What matters is building an ecosystem where 99% of the important entities do not systematically violate the license, and this is already happening.
Big companies are very capable, and often happy, to sue each other for reasons including breach of patent, copyright, trademark and much more. This includes GPL breaches.
The point of GPL is to build an ecosystem and create "herd immunity" against bad actors.
Protecting the rights of a lone developer VS a large corporation can be expensive and difficult - not because of the GPL - but because of how the legal system works in most parts of the world.
But that is besides the point.
What matters is building an ecosystem where 99% of the important entities do not systematically violate the license, and this is already happening.
Can you name a major tech company not actively violating the GPL (not to mention untold MIT and BSD licenses on JavaScript...) I'm not sure I can
Oh, many don't violate GPL by avoiding it like the plague (esp. GPL 3) and complying with the terms when they cannot.
BSD tends to be easier to comply to by including a license note somewhere within the manual or software. MIT has even fewer terms.
BSD tends to be easier to comply to by including a license note somewhere within the manual or software. MIT has even fewer terms.
A minority of rich companies with lawyers to spare violate the GPL on some occasions without consequences. A fact you want to quantify by just making up a number and your conclusion is that based on your guess its not working and we ought to do what exactly? Reduce the barrier to nothing based on you not feeling actual enforcement would be too expensive or hard to obtain? You didn't really say.
To be fair, if you listen to Eben Moglen and some of the other big minds behind gpl(v3), it becomes readily apparent they have been working to build up strong methods to deal with this very problem by using a delaying tactic.
I think they might be onto something.
Regardless, Eben is such a mind you owe it to yourself to listen to some of his talks.
I think they might be onto something.
Regardless, Eben is such a mind you owe it to yourself to listen to some of his talks.
> as a software freedom die-hard myself.
> gpl is too difficult to enforce. throw hands up in the air
riiiigth.
> gpl is too difficult to enforce. throw hands up in the air
riiiigth.
The original Tivo land-line modem would die, making it impossible to dial out to get guide data.
Interesting though there was a card edge connector on the mother board. Some enterprising person made an adapter that allowed an ISA ethernet card to be plugged in, and then the Tivo would use the network instead of the modem.
Further Tivo not only allowed this, but tacitly encouraged it by including the network driver needed to make this happen on tivo firmware upgrades.
https://www.samba.org/~tridge/tivo-ethernet/
Interesting though there was a card edge connector on the mother board. Some enterprising person made an adapter that allowed an ISA ethernet card to be plugged in, and then the Tivo would use the network instead of the modem.
Further Tivo not only allowed this, but tacitly encouraged it by including the network driver needed to make this happen on tivo firmware upgrades.
https://www.samba.org/~tridge/tivo-ethernet/
I'm surprised to see that installation is a requirement of the GPLv2. Does this mean that Android phones with bootloaders that can't be unlocked violate the GPL?
Yes, but given that most of the copyright owners of Linux do not believe GPLv2 to have such a requirement (and explicitly abhor the idea that v3 adds one, even though it didn't add it) I doubt anyone with standing is interested in enforcing said requirement.
The software freedom conservancy (publishers if this article) have standing but not many resources and a policy to do things as slow and expensive as possible so as to avoid pissing anyone off.
You are missing the point. or the forrest for the trees as some say.
Yeah the installation requirement is silly. But android in general is plagued by GPL violations in that every single piece of it is linux based (or other GPL code based), and yet no user will ever get the source no matter how much they ask.
Yeah the installation requirement is silly. But android in general is plagued by GPL violations in that every single piece of it is linux based (or other GPL code based), and yet no user will ever get the source no matter how much they ask.
> Yeah the installation requirement is silly.
Is it? From my reading, much of the GPL v2/v3 divide comes from different expectations of what GPL is intended to achieve. One camp (e.g. Linus) believes that the goal is to ensure that the freely available product is the best product, that all improvements that are distributed can make their way back to the freely available repo. The other camp (e.g. Stallman) believes that the primary goal is to ensure that end users have control over their computers. That any software distributed to them can be modified to suit the end user's needs.
These are both valid viewpoints, and both camps thought the GPLv2 fit their needs, at the time of its writing. When TiVo found a loophole that satisfied one interpretation of the letter of GPLv2, but violated the its spirit as seen by the second camp, the GPLv3 was made to make explicit what was previously potentially ambiguous in the GPLv2.
That it all to say, I think it's premature to dismiss the viewpoint of Stallman's camp as "silly".
Is it? From my reading, much of the GPL v2/v3 divide comes from different expectations of what GPL is intended to achieve. One camp (e.g. Linus) believes that the goal is to ensure that the freely available product is the best product, that all improvements that are distributed can make their way back to the freely available repo. The other camp (e.g. Stallman) believes that the primary goal is to ensure that end users have control over their computers. That any software distributed to them can be modified to suit the end user's needs.
These are both valid viewpoints, and both camps thought the GPLv2 fit their needs, at the time of its writing. When TiVo found a loophole that satisfied one interpretation of the letter of GPLv2, but violated the its spirit as seen by the second camp, the GPLv3 was made to make explicit what was previously potentially ambiguous in the GPLv2.
That it all to say, I think it's premature to dismiss the viewpoint of Stallman's camp as "silly".
There is only GPL :)
GPLv3 only goal is exclusively to twart bad actors from using needlessly complex things with the sole goal of avoiding GPLv2 (and 3 since they are practicaly the same) goals, which is to provide source for code that was originally GPL'ed.
In Tivo specific case, that needlesly complex thing was a rubegoldberg build/install process. Also TIVO did not find a loophole. They provided the code as their shenanigans was exposed as such in the end.
Note that you are commenting under an article which main point was exactly to dismiss the misunderstanding in pop culture about the TIVO case! and here you are repeating it. sigh.
GPLv3 only goal is exclusively to twart bad actors from using needlessly complex things with the sole goal of avoiding GPLv2 (and 3 since they are practicaly the same) goals, which is to provide source for code that was originally GPL'ed.
In Tivo specific case, that needlesly complex thing was a rubegoldberg build/install process. Also TIVO did not find a loophole. They provided the code as their shenanigans was exposed as such in the end.
Note that you are commenting under an article which main point was exactly to dismiss the misunderstanding in pop culture about the TIVO case! and here you are repeating it. sigh.
Not necessarily. If the copyright owners of a license believe that the license is to be interpreted one particular way, to the point of making public statements about it, that can be construed by a court to have amended the license. At the very least you probably could argue estoppel if the owner changes their mind and decides to start suing.
In other words, if Linus says "GPLv2 doesn't require kernel installation on hardware it gets ported to and sold on", then GPLv2 doesn't for the Linux kernel, or at least the parts of it Linus owns. (In practice, a good chunk of the core kernel dev team believes this and has said so, so this also applies for them, too.)
That being said, you are correct that interpretation-related estoppels and/or implied license amendments probably wouldn't save most Android vendors, since their violations are not limited to just Installation Instructions. I know of nothing that Linus has said that would make statically linking all your drivers into a kernel with no source release OK. However, the post I was replying to was specifically talking about locked bootloaders; not that.
In other words, if Linus says "GPLv2 doesn't require kernel installation on hardware it gets ported to and sold on", then GPLv2 doesn't for the Linux kernel, or at least the parts of it Linus owns. (In practice, a good chunk of the core kernel dev team believes this and has said so, so this also applies for them, too.)
That being said, you are correct that interpretation-related estoppels and/or implied license amendments probably wouldn't save most Android vendors, since their violations are not limited to just Installation Instructions. I know of nothing that Linus has said that would make statically linking all your drivers into a kernel with no source release OK. However, the post I was replying to was specifically talking about locked bootloaders; not that.
the gpl install argument is a scary tatic that laywers tell their clients something like "if you use linux on your proprietary CD/CI build system that uses a GPLed zlib, now all your source code will have to be open"
it's utter nonsense and pure FUD.
the article everyone is talking about is about valid cases where the build is used a extra step to try to work around the GPL (akin to saying "the developer used gloves to make the code changes to the GPL'd code so it doesn't count as change", it's stupid). but as the author argee, even pointing that stupidity out is bad because it is used as fuel for the actual FUD where people using GPL correctly are mislead about what they must share
it's utter nonsense and pure FUD.
the article everyone is talking about is about valid cases where the build is used a extra step to try to work around the GPL (akin to saying "the developer used gloves to make the code changes to the GPL'd code so it doesn't count as change", it's stupid). but as the author argee, even pointing that stupidity out is bad because it is used as fuel for the actual FUD where people using GPL correctly are mislead about what they must share
Seriously, the idea that after losing this fight clearly with GPLv3 that they are going to force this down folks with a re-write of history / language / intent and practice is appalling.
Hopefully someone like Linus can make absolutely clear this is total garbage.
Hopefully someone like Linus can make absolutely clear this is total garbage.
What I think is total garbage is the fact that I have a drawer full of potentially useful computers (EDIT: by computers I mean mostly phones, routers, e-readers, etc) stuck running insecure OSes. Can you give me an argument for why installation should not be required? It seems pretty clear to me that if release of "the scripts used to control compilation and installation of the executable" is required by the GPLv2, then those scripts should have to be functional.
They are functional on hardware you build.
The source code is released.
No one disagrees there.
Buy unlocked hardware if you care about this. Most PC's can disable secure boot paths through BIOS settings unless you are in a corp environment and they lock that out.
The source code is released.
No one disagrees there.
Buy unlocked hardware if you care about this. Most PC's can disable secure boot paths through BIOS settings unless you are in a corp environment and they lock that out.
We are quickly headed to a future where it won't be possible to buy unlocked hardware. It may not be long before (very nearly) 100% of the hardware on the consumer market is locked and it will only be able to acquire unlocked hardware through NDA agreement, huge costs or by "illegally" unlocking it via an exploit.
Locked hardware is itself objectionable, anti-consumer and anti-freedom. "Free software works in a narrowing ecosystem of semi-free hardware" is not an acceptable position for advocates of free software.
It isn't always possible to build my own hardware, especially in the embedded world. I buy unlocked hardware now, but I learned that lesson the hard way from Verizon and Samsung.
You have this backwards. GPLv2 had a clear history and language, TiVo worked around it, and then the FSF rewrote history by saying v2 had no prohibitions on installation instructions (so they could convince people that v3 was necessary). It did have those prohibitions, they just were insufficient for what Stallman intended.
Hell, even v3 is insufficient for what Stallman wants; it only requires being able to install new versions of the covered code. It doesn't cover other proprietary programs that can see if you've modified the Free program and refuse to work. You can't actually prohibit that with a license unless you want to go full Ethical Source and start impinging on Freedom Zero.
Yes, this may not mesh with Linus's intent, but Linus already has a very specific idea of how the GPL works that applies to Linux and only Linux. The whole "you can load proprietary kernel modules as long as they don't touch internals" thing springs to mind.
Also, I'd like to point out that people haven't "lost the fight" with GPLv3. There's plenty of libraries out there that use it - they're just not particularly relevant to Linux, so nobody's really pushing for a relicensing effort.
Hell, even v3 is insufficient for what Stallman wants; it only requires being able to install new versions of the covered code. It doesn't cover other proprietary programs that can see if you've modified the Free program and refuse to work. You can't actually prohibit that with a license unless you want to go full Ethical Source and start impinging on Freedom Zero.
Yes, this may not mesh with Linus's intent, but Linus already has a very specific idea of how the GPL works that applies to Linux and only Linux. The whole "you can load proprietary kernel modules as long as they don't touch internals" thing springs to mind.
Also, I'd like to point out that people haven't "lost the fight" with GPLv3. There's plenty of libraries out there that use it - they're just not particularly relevant to Linux, so nobody's really pushing for a relicensing effort.
The article makes it clear that GPLv2 has always had the installation requirement throughout its entire history of use and enforcement.
According to the article, the main difference between GPLv2 and GPLv3 is that having the Secure Boot unlocking process wipe the disk, and therefore destroy the proprietary software installation is kosher under the GPLv2, while v3 requires the proprietary software needs to continue working.
I would argue v2 is even better, because it forces unlocked phones to use alternatives to Android (that is, the proprietary Google Servics), like Lineage, while avoiding turning billions of phones into bricks.
I would argue v2 is even better, because it forces unlocked phones to use alternatives to Android (that is, the proprietary Google Servics), like Lineage, while avoiding turning billions of phones into bricks.
Yes, but virtually every Android phone is a cornicopia of GPL violations anyway so this is just cherry on top
For those not interested in reading this long arguement the actual license simply says you must release the source code to your application
"Complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable."
This is relatively routine.
The major new claim here is that releasing source code requires folks to unlock secure boot / root of trust / DRM type implementation on HARDWARE they sell. So release a complete work no longer (as plain language would read) means releasing the source code - but now ALSO requires that developers add various features to HARDWARE to bypass root of trust security measures which may include things around power limits or management on equipment or for things like phones sold on installment plans with a vendor lock would let folks pick up the phone on plan, root it to avoid vendor lock and then stop paying on phone.
"Complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable."
This is relatively routine.
The major new claim here is that releasing source code requires folks to unlock secure boot / root of trust / DRM type implementation on HARDWARE they sell. So release a complete work no longer (as plain language would read) means releasing the source code - but now ALSO requires that developers add various features to HARDWARE to bypass root of trust security measures which may include things around power limits or management on equipment or for things like phones sold on installment plans with a vendor lock would let folks pick up the phone on plan, root it to avoid vendor lock and then stop paying on phone.
> phones sold on installment plans with a vendor lock would let folks pick up the phone on plan, root it to avoid vendor lock and then stop paying on phone.
To be fair, the fact that they signed a contract saying they would pay for the phone is what's supposed to be what keeps them paying for the phone. There's already laws around paying for things you buy, so the whole "well, people wouldn't pay for their phones" argument is completely invalid.
To be fair, the fact that they signed a contract saying they would pay for the phone is what's supposed to be what keeps them paying for the phone. There's already laws around paying for things you buy, so the whole "well, people wouldn't pay for their phones" argument is completely invalid.
Also what street level theif is rooting a phone? This is not a normal-person kind of operation
It is not completely invalid. This is a ridiculous statement.
The stats are actually pretty clear. T-mobile in particular got hit with plenty of fraud and others did too before they got better at locking things down.
Activation locks were also a control put in place to reduce what was for a while an epidemic of street crime where phones were stolen. The locks are critical and pretty popular, many DA's and cities demanded Apple put them in to try and reduce street crime - and they did.
So the idea that locks prevent theft / crime is not completely invalid. In fact, there are laws against stealing from houses and many people still lock their house. Their are laws against steeling cars and people still use keys for their cars.
The stats are actually pretty clear. T-mobile in particular got hit with plenty of fraud and others did too before they got better at locking things down.
Activation locks were also a control put in place to reduce what was for a while an epidemic of street crime where phones were stolen. The locks are critical and pretty popular, many DA's and cities demanded Apple put them in to try and reduce street crime - and they did.
So the idea that locks prevent theft / crime is not completely invalid. In fact, there are laws against stealing from houses and many people still lock their house. Their are laws against steeling cars and people still use keys for their cars.
> In fact, there are laws against stealing from houses and many people still lock their house. Their are laws against steeling cars and people still use keys for their cars.
It looks so unsecure. It will be much better if Apple will lock your house and car instead, so you will just ask Apple to unlock your house. If you violate Apple rules, e.g. by storing inappropriate content in your house, they will just ban you, so your city will be a much better place to live.
It looks so unsecure. It will be much better if Apple will lock your house and car instead, so you will just ask Apple to unlock your house. If you violate Apple rules, e.g. by storing inappropriate content in your house, they will just ban you, so your city will be a much better place to live.
From working at a att store for a while, I'll say that there is far more fraud than most would think. Perhaps it was because I worked in a little bit of a poorer area, but we actively turned away 25-40% of customers on any given day out of suspicion of fraud. If a customer stopped paying for their phone we would have that commission taken back next month. Even with that many people being turned down you still lost a lot of commission every month.
This is more an indication that the problem is being solved at the wrong level of abstraction. The problem is that phone companies are handing out loans with no way to enforce collateral and without tying to some real persons credit. Being able to install your own OS on a phone is orthogonal to being able to use it as a secure collateral.
Well, you can once the phone is paid for. We could give out codes to unlock it from our network after that. Noone wants to buy phones outright or put money down, though. I agree you should be able to install whatever os you want once it's paid for as well, but I was under the impression that's a manufacturer thing not a carrier thing.
> phones sold on installment plans with a vendor lock would let folks pick up the phone on plan, root it to avoid vendor lock and then stop paying on phone.
You realize that bootloader unlocking and carrier unlocking are totally separate, orthogonal things, right?
You realize that bootloader unlocking and carrier unlocking are totally separate, orthogonal things, right?
Do you understand the GPLv3? It made clear that any of this locking on hardware was prohibited. Vendors of products that had these locks have to provide the security / encryption keys to bypass them if they use GPLv3. As a result, they do not.
There's two separate sets of keys. One controls what OS the phone's CPU will boot, and the other controls what SIM cards the phone's baseband will use. Nothing would require releasing the second set of keys.
Have you talked about this with the FSF? I can sell a GPLv3 device that ships with unmodifiable locks?
If this is true (it is not) than we can do all sorts of dongle type locks on devices.
GPLv3 is not just about the bootloader. They are very clear actually that vendors must release anything that is needed to bypass locks or integrity checks.
" It will depend on how the hardware was designed—but no matter what information you need, you must be able to get it."
If this is true (it is not) than we can do all sorts of dongle type locks on devices.
GPLv3 is not just about the bootloader. They are very clear actually that vendors must release anything that is needed to bypass locks or integrity checks.
" It will depend on how the hardware was designed—but no matter what information you need, you must be able to get it."
Can you copy and paste the exact sentence(s) from the GPLv3 that support your position? Because that's not my reading of it at all.
EDIT: This?
> " It will depend on how the hardware was designed—but no matter what information you need, you must be able to get it."
The key word there is "need". You don't need the baseband unlock information to replace the stock kernel with a modified one.
EDIT: This?
> " It will depend on how the hardware was designed—but no matter what information you need, you must be able to get it."
The key word there is "need". You don't need the baseband unlock information to replace the stock kernel with a modified one.
The GPLv3 requires that if you distribute GPLv3 software as part of a consumer product, users must be able to install a modified version of the software in its place.
If the baseband has GPLv3 software on it, then that implies the user has the right to run custom software on the baseband (at least at the same privilege level as said software), which probably implies the ability to connect it to arbitrary networks.
If only the application processor has GPLv3 software, then there is no requirement with respect to the baseband. The GPL isn't that viral.
If the baseband has GPLv3 software on it, then that implies the user has the right to run custom software on the baseband (at least at the same privilege level as said software), which probably implies the ability to connect it to arbitrary networks.
If only the application processor has GPLv3 software, then there is no requirement with respect to the baseband. The GPL isn't that viral.
BTW, the PinePhone baseband runs Linux on the non-DSP part of the baseband. There are folks reverse-engineering the proprietary programs running under the Linux kernel on the baseband.
>The major new claim here
Per the article and its citation of decade+ old precedent, that is not a new claim. Whether these requirements of the license are reasonable or not is irrelevant. If OEM's don't like the license terms then they can buy/build something else.
Per the article and its citation of decade+ old precedent, that is not a new claim. Whether these requirements of the license are reasonable or not is irrelevant. If OEM's don't like the license terms then they can buy/build something else.
I mean it's right there:
"scripts used to control compilation and installation of the executable"
If the installer source code is missing the bit that enables installation of the GPL binaries on your device, then I guess it's not in compliance. The fact that the scope of these codes also include device keys seems somewhat irrelevant.
"scripts used to control compilation and installation of the executable"
If the installer source code is missing the bit that enables installation of the GPL binaries on your device, then I guess it's not in compliance. The fact that the scope of these codes also include device keys seems somewhat irrelevant.
> or for things like phones sold on installment plans with a vendor lock would let folks pick up the phone on plan, root it to avoid vendor lock and then stop paying on phone
The solution is simple: develop your own OS, make it bulletproof, then do whatever you want. Nobody will ask to open source code of Symbian device, because it's not a GPL'ed OS.
The solution is simple: develop your own OS, make it bulletproof, then do whatever you want. Nobody will ask to open source code of Symbian device, because it's not a GPL'ed OS.
[deleted]
Apple has explicitly chosen to stay away from anything GPLv3. It's the reason Bash and other tools bundled with macOS are so old (they're the last version that were still GPLv2), and why they chose to switch to Zsh as a default.
Apple has convinced me of the need for FOSS more than RMS ever could have.
That's shot them in the foot many times over the years. Especially when they tried to replace Samba with their own SMB implementation in I believe 10.7 Lion?
I think you underestimate how much traction Samba lost with GPLv3.
You used to have a system that was just wonderful across Linux / Mac / Windows. Seriously, you'd run Samba on server and Mac would work great with it because under the hood the Mac was running Samba. Windows would work fine too for what most folks cared about. That was lost when Samba went v3.
One thing - the hosting loophole is still there I think with GPLv3, so you can offer HOSTED services with Samba. I think some folks have done things there maybe.
You used to have a system that was just wonderful across Linux / Mac / Windows. Seriously, you'd run Samba on server and Mac would work great with it because under the hood the Mac was running Samba. Windows would work fine too for what most folks cared about. That was lost when Samba went v3.
One thing - the hosting loophole is still there I think with GPLv3, so you can offer HOSTED services with Samba. I think some folks have done things there maybe.
There's no clause in the GPLv3 that says "Apple may not use this software". Apple could use the new Samba if they wanted to, but they choose not to because they like being able to do the bad things that the GPLv3 prohibits doing.
My understanding is it is the patent licensing clause which prevents several companies (like Apple) from using GPLv3.
Companies may not distribute GPLv3 under an exclusive patent arrangement, but rather need to negotiate a patent arrangement for all derivatives of the software. This puts them in a bad situation if someone manages to get an injunction based on their inclusion of say Samba.
Companies may not distribute GPLv3 under an exclusive patent arrangement, but rather need to negotiate a patent arrangement for all derivatives of the software. This puts them in a bad situation if someone manages to get an injunction based on their inclusion of say Samba.
> Companies may not distribute GPLv3 under an exclusive patent arrangement
what is that even supposed to mean?
what is that even supposed to mean?
The goal of GPLv3 (and GPLv2 as intended by several of the authors, for that matter), is to ensure that end users have freedom to use the devices they have purchased as they see fit. Suppose a company has patented some algorithm, and has implemented that algorithm in a software project that also uses GPLv3 code. When distributing the software, they make the code available, but only license the patent on the condition that the code is run without user modifications. This infringes on user freedom, because there is no way for the end user to control the software they are running.
For GPLv3, it is important to remember that the primary goal is to protect user freedom. Everything else follows from that goal, specifically in closing several loopholes that were unintentionally present in GPLv2.
For GPLv3, it is important to remember that the primary goal is to protect user freedom. Everything else follows from that goal, specifically in closing several loopholes that were unintentionally present in GPLv2.
> is to ensure that end users have freedom to use the devices they have purchased as they see fit
not really. Nobody can or wish to dictate how someone sells a product.
GPL is about GPL'ed code. not products.
> Suppose a company has patented some algorithm ... that also uses GPLv3 code
you keep moving the goal post. Remove GPL from your example! If that "some algorithm" was built on top of someone else's proprietary (and patented) work, wouldn't they have to satisfy that entity desires on how it wishes to license their work?
The ONLY difference is that GPL only requires that you make your work available under GPL. Easy. Other entities might ask for money. Others, such as apple, would just tell you to F off and you'd never be able to sell the code or the product. Which one is more restrictive or worse?
compare apples to apples please.
not really. Nobody can or wish to dictate how someone sells a product.
GPL is about GPL'ed code. not products.
> Suppose a company has patented some algorithm ... that also uses GPLv3 code
you keep moving the goal post. Remove GPL from your example! If that "some algorithm" was built on top of someone else's proprietary (and patented) work, wouldn't they have to satisfy that entity desires on how it wishes to license their work?
The ONLY difference is that GPL only requires that you make your work available under GPL. Easy. Other entities might ask for money. Others, such as apple, would just tell you to F off and you'd never be able to sell the code or the product. Which one is more restrictive or worse?
compare apples to apples please.
What „bad things“?
sliping in divergencies in the protocol so that you can only connect to Apple-Active-directories or something.
Microsoft wrote the book in the 90s about this. https://en.wikipedia.org/wiki/Embrace,_extend,_and_extinguis...
Microsoft wrote the book in the 90s about this. https://en.wikipedia.org/wiki/Embrace,_extend,_and_extinguis...
Right. And implementing their own SMB server (smbd) allowed them to do these "bad things"? What is the evidence that they did anything like that?
Anyway, how about a much simpler explanation: Apple doesn't want to get stuck with a viral license that might open them to lawsuits and force them to open up their proprietary code they want to keep closed source? GPL doesn't work for everyone and there is nothing wrong about that. To suggest that anyone who rejects GPL plans something "bad" is naive and immature.
Anyway, how about a much simpler explanation: Apple doesn't want to get stuck with a viral license that might open them to lawsuits and force them to open up their proprietary code they want to keep closed source? GPL doesn't work for everyone and there is nothing wrong about that. To suggest that anyone who rejects GPL plans something "bad" is naive and immature.
> What is the evidence that they did anything like that?
LOL. you are joking right? Apple uses the textbook from microsoft the second they can. When they stuck gold on IOS the first thing they did was draw up a monopoly on music and ibooks licensing scheme. And those are just the ones they were found guild on courts with public records. The last one, also on courts public records, is about how they prevent their messaging applications to work on non-apple because it would "allow families to buy android devices to their children"
Oh, you trolls. I keep falling for your low efforts...
LOL. you are joking right? Apple uses the textbook from microsoft the second they can. When they stuck gold on IOS the first thing they did was draw up a monopoly on music and ibooks licensing scheme. And those are just the ones they were found guild on courts with public records. The last one, also on courts public records, is about how they prevent their messaging applications to work on non-apple because it would "allow families to buy android devices to their children"
Oh, you trolls. I keep falling for your low efforts...
Samba still works like a charm on my network, but only because I'm sharing between Linux/Android/Windows devices.
Yeah, I find it weird that considering that homebrew is what makes macs acceptable for software development, you'd think apple would want to support things like bash as first class citizens on their os.
The "tivoization" was not the only change in GPLv3. It also has patents related changes, which I think is what scared apple.
Aside from that stuff it is hard to use Mac seriously as a unix anymore after they started wiping out /etc/ changes every update (with insecure ssh defaults like password authentication).
[deleted]
This is another interesting take:
> As I was completing drafting on this article, the Linux Foundation sent me a rejection letter for my talk about this issue at their annual Open Source Summit (taking place this September 2021), and simultaneously announced McCoy will speak on this matter instead. I invite McCoy to not take the easy way out of presenting his work unquestioned to a friendly audience. I would be glad to come to the Open Source Summit in September and debate McCoy publicly on this issue during this session. I believe the audience would benefit from hearing more than just the anti-software-repair view of this issue.
> As I was completing drafting on this article, the Linux Foundation sent me a rejection letter for my talk about this issue at their annual Open Source Summit (taking place this September 2021), and simultaneously announced McCoy will speak on this matter instead. I invite McCoy to not take the easy way out of presenting his work unquestioned to a friendly audience. I would be glad to come to the Open Source Summit in September and debate McCoy publicly on this issue during this session. I believe the audience would benefit from hearing more than just the anti-software-repair view of this issue.
Bash and readline are both gpl-3. In theory, in some cases, you can force the company to give you the option to replace them with your version. Cleaning up gpl-3 is not fun.
“Free” software is never free. It’s extraction of payment by other and often endless means.
Just by reading the first paragraph I can see how unbiased this article will be.
The gplv3 has been an utter failure. Trying to rewrite history so the gplv2 works like the gplv3 is pathetic and will be the last nail in the coffin of the GPL.
The gplv3 has been an utter failure. Trying to rewrite history so the gplv2 works like the gplv3 is pathetic and will be the last nail in the coffin of the GPL.
I doubt it. There is no way I'm releasing valuable FOSS software as anything less restrictive than GPL. No feeding the corporate behemoths.
The article makes it clear that this is always how GPLv2 has worked and been enforced in entire history of its existence.
God - the GPLv3 folks basically totally lost the debate on tivoisation - and now are trying to retrofit this war into GPLv2.
Are they serious??
Many OSS developers always want to get a copy of the software and mods back, but are OK if others USE that software in diverse ways, including making locked down hardware that is rented, radios that are power limited and more. In this way the GPL preserves everyone's freedom to do what they want with the software. The GPLv2 has served a wide range of needs, from Linus and Linux to plenty of industry efforts.
Linus was asked about this in a talk and he said he a)gets value in terms of forcing vendors to release code even from players like Tivo and b) is not interested in setting lots of additional restrictions on how folks use the code.
The FSF / Conservancy keep on re-assuring folks that encryption keys don't have to be released. Ubuntu went through an analysis and basic result was that this is a lie, lots of things may force secure boot key disclosures, so they avoided that by avoiding GPLv3.
Can we just leave GPLv2 as it has been. If the FSF or whomever wants another bite at the GPLv3 apple create a GPLv4 and let folks adopt it if they want.
Are they serious??
Many OSS developers always want to get a copy of the software and mods back, but are OK if others USE that software in diverse ways, including making locked down hardware that is rented, radios that are power limited and more. In this way the GPL preserves everyone's freedom to do what they want with the software. The GPLv2 has served a wide range of needs, from Linus and Linux to plenty of industry efforts.
Linus was asked about this in a talk and he said he a)gets value in terms of forcing vendors to release code even from players like Tivo and b) is not interested in setting lots of additional restrictions on how folks use the code.
The FSF / Conservancy keep on re-assuring folks that encryption keys don't have to be released. Ubuntu went through an analysis and basic result was that this is a lie, lots of things may force secure boot key disclosures, so they avoided that by avoiding GPLv3.
Can we just leave GPLv2 as it has been. If the FSF or whomever wants another bite at the GPLv3 apple create a GPLv4 and let folks adopt it if they want.
> In this way the GPL preserves everyone's freedom to do what they want with the software.
Except the freedom of the people who bought a TiVo and want to modify Linux on it.
> Ubuntu went through an analysis and basic result was that this is a lie, lots of things may force secure boot key disclosures, so they avoided that by avoiding GPLv3.
Can you link to a source for this?
Except the freedom of the people who bought a TiVo and want to modify Linux on it.
> Ubuntu went through an analysis and basic result was that this is a lie, lots of things may force secure boot key disclosures, so they avoided that by avoiding GPLv3.
Can you link to a source for this?
Except the DEVELOPERS of linux - who are the ones that get to set license terms not users - have been clear - they want users / companies etc to have freedom to use software how they want to. This might be locked down devices -> yes, and Linux is used in plenty (medical equipment, vehicles etc). Plenty of folks ONLY use it in these cases because they can control a root of trust.
This is an old fight. The GPLv3 came out to allow developers who wanted anti-tivosation to get it. Practically it's really dead.
Sure on Ubuntu
Ubuntu Can't Trust FSF's Secure Boot Solution
https://linux.slashdot.org/story/12/07/06/1525240/ubuntu-can...
I followed this reasonably closely, and it was a total lie on FSF's part - Ubuntu looked at it and agreed. Sadly for those of us running Linux they had to adopt MICROSOFT's UEFI secure boot. Ugh.
This is an old fight. The GPLv3 came out to allow developers who wanted anti-tivosation to get it. Practically it's really dead.
Sure on Ubuntu
Ubuntu Can't Trust FSF's Secure Boot Solution
https://linux.slashdot.org/story/12/07/06/1525240/ubuntu-can...
I followed this reasonably closely, and it was a total lie on FSF's part - Ubuntu looked at it and agreed. Sadly for those of us running Linux they had to adopt MICROSOFT's UEFI secure boot. Ugh.
Your link says Ubuntu dropped GRUB 2 for being GPLv3, but Ubuntu includes GRUB 2 today despite it still being GPLv3, so presumably they realized the FSF was right after all at some point between 2012 and now.
My understanding is that they basically got FSF to provide them a statement that regardless of what GPLv3 might be read to require, the FSF indicates it could not be used to force key disclosure in the Ubuntu situation.
This worked, because FSF ALSO owned the copyright to Grub2 - so was allowed to modify (if needed) the copyright license or give up rights. So by having FSF as copyright owner provide them this statement - I think they (reasonably) felt covered in case FSF later changed their mind.
The FSF I think also had to do this with GCC - didn't they do a runtime license exception or something because there were lots of concerns about using GCC when license moved up (CLang benefited at the time).
I think FSF realized it was just a terrible look if the GPLv3 drove a group like Ubuntu onto a microsoft solution.
Illustrates a bit how tricky / scary the (relatively long) GPLv3 can be.
This worked, because FSF ALSO owned the copyright to Grub2 - so was allowed to modify (if needed) the copyright license or give up rights. So by having FSF as copyright owner provide them this statement - I think they (reasonably) felt covered in case FSF later changed their mind.
The FSF I think also had to do this with GCC - didn't they do a runtime license exception or something because there were lots of concerns about using GCC when license moved up (CLang benefited at the time).
I think FSF realized it was just a terrible look if the GPLv3 drove a group like Ubuntu onto a microsoft solution.
Illustrates a bit how tricky / scary the (relatively long) GPLv3 can be.
> This worked, because FSF ALSO owned the copyright to Grub2 - so was allowed to modify (if needed) the copyright license or give up rights.
Oh? Ubuntu's blog post at the time [1] doesn't characterize the discussion as involving a license exemption. Are you saying this happened behind the scenes?
> The FSF I think also had to do this with GCC - didn't they do a runtime license exception or something because there were lots of concerns about using GCC when license moved up (CLang benefited at the time).
The existence of a runtime exception, itself, dates to least 1997 [2], probably earlier. The original idea was to allow using GCC to compile proprietary software, even if the compilation process caused runtime bits to be statically linked into the output executable, which would otherwise force it to be GPLed.
Along with GCC's switch to GPLv3 around 2009, the runtime exception was updated to try to leverage it as a workaround to an unrelated problem: the possibility that someone would incorporate proprietary bits into GCC. Doing that the normal way, by modifying GCC and not releasing the source code to the modifications, would just be a GPL violation. But people observed that someone could hypothetically work around the license as follows: write a proprietary optimizer or code generator as a separate executable, then modify GCC to dump its intermediate representation to disk (this modification itself would be distributed under the GPL), and write a wrapper that combines GCC and the proprietary executable into one Frankenstein compilation process. To prevent this, the runtime exception gained an exception of its own, that it would not apply to a program compiled using such a process, so that the franken-compiler would be hobbled by having all of its output licensed under the GPL.
As far as I know, the runtime exception change itself never really caused any drama, because there were never any major compilers that attempted the "dump to disk" workaround (although some obscure examples allegedly existed prior to the license change [3]).
However, GCC also had a longstanding policy of trying to discourage GPL workarounds by technical means: by (a) forbidding functionality that would dump an intermediate representation to disk and (b) intentionally making it difficult to combine GCC with other code. In particular, the updated runtime exception was a prerequisite for GCC adding support for plugins [4], and even once plugin support was added, it wasn't very nice to use compared to LLVM/Clang (and still isn't). LLVM was designed from the start to be used as a library. Its clean-slate design would have already given it a leg up on GCC for that use case, but GCC's active reluctance to be used that way was the nail in the coffin.
Anyway, that situation has nothing to do with people being scared of the GPL – if anything the opposite, Richard Stallman being worried that the GPL was not scary enough.
On the other hand, LLVM and Clang being developed at Apple into a production-quality compiler was a direct result of Apple being scared of the GPLv3, but that's a different issue and not related to the runtime exception.
[1] https://ubuntu.com/blog/quetzal-is-taking-flight-update-on-u...
[2] https://github.com/gcc-mirror/gcc/blob/6599da043e22e96ac830f...
[3] https://www.fsf.org/news/2009-01-gcc-exception
[4] https://gcc.gnu.org/wiki/GCC_Plugins
Oh? Ubuntu's blog post at the time [1] doesn't characterize the discussion as involving a license exemption. Are you saying this happened behind the scenes?
> The FSF I think also had to do this with GCC - didn't they do a runtime license exception or something because there were lots of concerns about using GCC when license moved up (CLang benefited at the time).
The existence of a runtime exception, itself, dates to least 1997 [2], probably earlier. The original idea was to allow using GCC to compile proprietary software, even if the compilation process caused runtime bits to be statically linked into the output executable, which would otherwise force it to be GPLed.
Along with GCC's switch to GPLv3 around 2009, the runtime exception was updated to try to leverage it as a workaround to an unrelated problem: the possibility that someone would incorporate proprietary bits into GCC. Doing that the normal way, by modifying GCC and not releasing the source code to the modifications, would just be a GPL violation. But people observed that someone could hypothetically work around the license as follows: write a proprietary optimizer or code generator as a separate executable, then modify GCC to dump its intermediate representation to disk (this modification itself would be distributed under the GPL), and write a wrapper that combines GCC and the proprietary executable into one Frankenstein compilation process. To prevent this, the runtime exception gained an exception of its own, that it would not apply to a program compiled using such a process, so that the franken-compiler would be hobbled by having all of its output licensed under the GPL.
As far as I know, the runtime exception change itself never really caused any drama, because there were never any major compilers that attempted the "dump to disk" workaround (although some obscure examples allegedly existed prior to the license change [3]).
However, GCC also had a longstanding policy of trying to discourage GPL workarounds by technical means: by (a) forbidding functionality that would dump an intermediate representation to disk and (b) intentionally making it difficult to combine GCC with other code. In particular, the updated runtime exception was a prerequisite for GCC adding support for plugins [4], and even once plugin support was added, it wasn't very nice to use compared to LLVM/Clang (and still isn't). LLVM was designed from the start to be used as a library. Its clean-slate design would have already given it a leg up on GCC for that use case, but GCC's active reluctance to be used that way was the nail in the coffin.
Anyway, that situation has nothing to do with people being scared of the GPL – if anything the opposite, Richard Stallman being worried that the GPL was not scary enough.
On the other hand, LLVM and Clang being developed at Apple into a production-quality compiler was a direct result of Apple being scared of the GPLv3, but that's a different issue and not related to the runtime exception.
[1] https://ubuntu.com/blog/quetzal-is-taking-flight-update-on-u...
[2] https://github.com/gcc-mirror/gcc/blob/6599da043e22e96ac830f...
[3] https://www.fsf.org/news/2009-01-gcc-exception
[4] https://gcc.gnu.org/wiki/GCC_Plugins
Historical franken-compiler example:
https://en.wikipedia.org/wiki/Solaris_Studio#GCCFSS
https://en.wikipedia.org/wiki/Solaris_Studio#GCCFSS
Why have Linus and company not embraced some version of AGPL based on GPLv2? I really don't understand why such a license doesn't exists. It sounds like it'd be right up their alley.
Companies use and modify his code, building their businesses on them, and then are not distributing their changes back. Arguably the whole cloud revolution has been built on this. Better make a SaaS and freeload on other people's work than make client side software and be forced to share your work (and technical advantage)
Companies use and modify his code, building their businesses on them, and then are not distributing their changes back. Arguably the whole cloud revolution has been built on this. Better make a SaaS and freeload on other people's work than make client side software and be forced to share your work (and technical advantage)
It's a question of motivations.
Linus likely believes in the benefits of collaborative development, and that the GPLv2 creates a legal framework to allow for that development.
However he also likely cares more about the software aspects (getting contributions to make better kernel versions and have them be widely used) than the more philosophical aspects of software freedom.
The philosophy on binary drivers for example is one where the Linux kernel does not guarantee a stable binary interface - it isn't that you can't legally distribute a binary driver (with caveats), but he has stated he would like those developers to occasionally "wake up in a cold sweat" over their linux binary drivers breaking on minor releases.
Additionally - because of the velocity of the linux kernel, maintaining a substantial vendor fork is not simple. This creates an atmosphere where maintaining functionality outside the mainline kernel could be a technical/financial burden that justifies any IPR release needed for a L-K contribution.
The number of contributions also means that such forks are likely not a significant fractional contribution compared to the contributions which people are willing to make in the open. The success of the project no longer depends on enforcement of the publication clauses.
Finally, clauses in the GPLv3 and AGPLv3 do influence and even force technology choices. The community likely does not want to lose contributions by pushing people to other kernels, and the commercial interests contributing to Linux would have to account for lost customers.
AGPLv3 is often chosen by commercial entities to force distinct commercial licensing of a published-source code base, rather than an effort to protect a community of contributors. As none of the commercial interests in Linux have exclusive copyright assignment to do a non-AGPLv3 license, there is significantly less commercial benefit for them to support such a move.
Linus likely believes in the benefits of collaborative development, and that the GPLv2 creates a legal framework to allow for that development.
However he also likely cares more about the software aspects (getting contributions to make better kernel versions and have them be widely used) than the more philosophical aspects of software freedom.
The philosophy on binary drivers for example is one where the Linux kernel does not guarantee a stable binary interface - it isn't that you can't legally distribute a binary driver (with caveats), but he has stated he would like those developers to occasionally "wake up in a cold sweat" over their linux binary drivers breaking on minor releases.
Additionally - because of the velocity of the linux kernel, maintaining a substantial vendor fork is not simple. This creates an atmosphere where maintaining functionality outside the mainline kernel could be a technical/financial burden that justifies any IPR release needed for a L-K contribution.
The number of contributions also means that such forks are likely not a significant fractional contribution compared to the contributions which people are willing to make in the open. The success of the project no longer depends on enforcement of the publication clauses.
Finally, clauses in the GPLv3 and AGPLv3 do influence and even force technology choices. The community likely does not want to lose contributions by pushing people to other kernels, and the commercial interests contributing to Linux would have to account for lost customers.
AGPLv3 is often chosen by commercial entities to force distinct commercial licensing of a published-source code base, rather than an effort to protect a community of contributors. As none of the commercial interests in Linux have exclusive copyright assignment to do a non-AGPLv3 license, there is significantly less commercial benefit for them to support such a move.
Linux is only GPL because of a historical quirk. If the Lines of today had been deciding license back then it would be BSD-style
No, Torvalds is strongly in favour of the GPLv2. [0][1][2] He's not fond of the GPLv3 though, at least not in the context of kernels. [2][3]
[0] https://www.zdnet.com/article/linus-torvaldss-love-hate-rela...
[1] https://www.cio.com/article/3112582/linus-torvalds-says-gpl-...
[2] https://www.youtube.com/watch?v=PaKIZ7gJlRU
[3] https://www.zdnet.com/article/torvalds-battle-with-gplv3/
[0] https://www.zdnet.com/article/linus-torvaldss-love-hate-rela...
[1] https://www.cio.com/article/3112582/linus-torvalds-says-gpl-...
[2] https://www.youtube.com/watch?v=PaKIZ7gJlRU
[3] https://www.zdnet.com/article/torvalds-battle-with-gplv3/
What Linus wants is apparently to have people contribute back to Linux mainline, but the GPLv2 license he chose doesn't even have that requirement. So any sharing that does happen is down to culture, not to the license. PS: the requirement to share upstream wouldn't be Free Software, since it would exclude dissidents, people on a desert island etc.
https://en.wikipedia.org/wiki/Debian_Free_Software_Guideline...
https://en.wikipedia.org/wiki/Debian_Free_Software_Guideline...
> any sharing that does happen is down to culture, not to the license.
That's mistaken.
If you write Linux kernel code and release it, the GPLv2 obligates you to release your source. That is to say, you do not have the option of releasing only the binary. [0] You have the option of never releasing your work, and you can for instance run a cloud service powered by your modified Linux kernel without having to release your code. [0] (This is how the GPL licences differ from the AGPL licences. [1])
The Linux kernel has benefited enormously from this obligation to share. Torvalds certainly thinks so: [2]
> I really think the license has been one of the defining factors in the success of Linux because it enforced that you have to give back
It's true that you aren't obligated to contact the Linux kernel maintainers and suggest they merge your changes, but I don't see that this would be desirable. As you say, such a requirement would be problematic.
[0] https://www.gnu.org/licenses/old-licenses/gpl-2.0-faq.en.htm...
[1] https://www.gnu.org/licenses/gpl-faq.html#UnreleasedModsAGPL
[2] https://www.zdnet.com/article/linus-torvaldss-love-hate-rela...
That's mistaken.
If you write Linux kernel code and release it, the GPLv2 obligates you to release your source. That is to say, you do not have the option of releasing only the binary. [0] You have the option of never releasing your work, and you can for instance run a cloud service powered by your modified Linux kernel without having to release your code. [0] (This is how the GPL licences differ from the AGPL licences. [1])
The Linux kernel has benefited enormously from this obligation to share. Torvalds certainly thinks so: [2]
> I really think the license has been one of the defining factors in the success of Linux because it enforced that you have to give back
It's true that you aren't obligated to contact the Linux kernel maintainers and suggest they merge your changes, but I don't see that this would be desirable. As you say, such a requirement would be problematic.
[0] https://www.gnu.org/licenses/old-licenses/gpl-2.0-faq.en.htm...
[1] https://www.gnu.org/licenses/gpl-faq.html#UnreleasedModsAGPL
[2] https://www.zdnet.com/article/linus-torvaldss-love-hate-rela...
The GPL does not require to release the source publicly, only to the same people you distribute binaries to. This is not an obligation to share back to the project itself. Therefore the sharing back that does happen is down to culture not to the license.
> The GPL does not require to release the source publicly, only to the same people you distribute binaries to.
You're emphasising the distinction between making GPL'ed source-code available to your customers specifically, and making it available publicly online. In practice there is little difference. Few companies bother hoping no customer will post the source publicly (which the customers are permitted to do under the GPL).
In practical terms the decision is between not releasing, or releasing to the public including the source-code. In a world where the Internet didn't make distribution of software trivially easy, things might be different.
Of course, there are some notable exceptions, the most prominent being nVidia's probably-non-compliant proprietary graphics driver. A fair bit has been written about that.
> Therefore the sharing back that does happen is down to culture not to the license.
No, Torvalds has it right.
Proprietary freeware kernel modules are forbidden outright, as you are not permitted to publicly release the binary without also releasing the source. As I described, 'contained' distribution of source-code isn't a practical option.
The decision of what to merge into the mainline kernel is of course up to the kernel developers. There's no other way it could be.
You're emphasising the distinction between making GPL'ed source-code available to your customers specifically, and making it available publicly online. In practice there is little difference. Few companies bother hoping no customer will post the source publicly (which the customers are permitted to do under the GPL).
In practical terms the decision is between not releasing, or releasing to the public including the source-code. In a world where the Internet didn't make distribution of software trivially easy, things might be different.
Of course, there are some notable exceptions, the most prominent being nVidia's probably-non-compliant proprietary graphics driver. A fair bit has been written about that.
> Therefore the sharing back that does happen is down to culture not to the license.
No, Torvalds has it right.
Proprietary freeware kernel modules are forbidden outright, as you are not permitted to publicly release the binary without also releasing the source. As I described, 'contained' distribution of source-code isn't a practical option.
The decision of what to merge into the mainline kernel is of course up to the kernel developers. There's no other way it could be.
In theory, you can cook up any license terms you want, but in practice, you need money and resources and the will fight in court if you actually want to enforce it. If you can't or won't enforce it, your silly terms may as well not exist.
Unfortunately, the nature of how proprietary software is distributed makes discovery of a violation inordinately difficult, and even when you do discover a violation, challenges are rare, and victories in court even moreso.
I don't see the point of debating the minutia of what you think the GPLv2 requires in one very specific instance, when there are probably 2-5 orders of magnitude more violators than anybody's best estimate.
Who cares what you think the letter of the license requires when it takes you ten years to get one company to make a passive-aggressive change to a now obsolete product, when thousands of violators don't even follow the spirit of the license?
This feels like such a wasted effort. Get your priorities in order.