Slashdot Mirror
Red Hat License Challenged
An anonymous reader writes: "David McNett has noticed an apparent discrepancy between the Red Hat Linux EULA and the GPL. He has written an open letter to the FSF asking for their opinion on the matter. Does Red Hat have the right to "audit your facilities and records" to ensure compliance with their license?" McNett misreads the Red Hat documents. Their contract is for the various services, not the software, and for the services they are entitled to demand whatever concessions they think the market will bear.
So now the /. editors are posting stories that they are going to immediately refute and say isn't a story at all? I love this place :).
More amazing is that this story will generate hundreds of comments.
Nosce te Ipsum
...commenting on this story, since the editors have already done it for us? Must be a slow day ;-)
When I am king, you will be first against the wall.
At least things are getting more efficient around here. The editors are posting bogus news stories, then retracting them themselves before someone points it out. I call that progress!
... they are entitled to demand whatever concessions they think the market will bear.
Gee, when Microsoft (and other "bad" companies) does that kind of thing, everyone here gets upset. I wonder why that is.
The problem with Services contracts for Linux boxes is that you're allowed to install as many machines as you want (obviously - its GPL software). When clients only take out a service contract for some of their machines, then they have to have a certain amount of cover in their contracts to deal with the fact that you can pretty much guarantee that, out of the 5 servers you have, its always the one with the Service Contract that has the problem.
Creative server registering of this type has been catching them out for a while, so they are trying to minimise it with that change.
"I Know You Are But What Am I?"
At first when I read this headline, it scared me, especially with all the SCO stuff going on, its getting harder for me to explain to my bosses how the Linux licensing works and what is going on.
- tom -
McNett misreads the Red Hat documents. Their contract is for the various services, not the software, and for the services they are entitled to demand whatever concessions they think the market will bear.
Then why is it news?
End why is it that all the legal stuf seems to have become so important in the Open-Source/Unix® world. Can't we just go on and write interesting programs and good code?
Move along people, there's nothing to see here...
Why should the FSF be able to interpret Red Hat's inconsistent licensing terms? Wouldn't it be more natural to natural to ask Red Hat for a clarification first?
So, by charging for their services they're able to use a license that relates to their clients' use of the software? How is that different from licensing the actual software?
From the EULA: .. I didn't think you could add elements to the GPL and still call it a GPL license .. ?
"If Customer wishes to increase the number of Installed Servers, then Customer will purchase from Red Hat additional Services for each additional Installed Server."
Clearly, they are talking about the services, but I agree with the above posters, why post this as news if the letter itself is bogus ?
He also says:
Along these lines, simply installing GNU/Linux binds me to the following "extensions" to the GPL
But
Actually, I see his point.
RH is saying that if you signup one of your servers to participate in their support services, that they have a right to audit your site (which may be ok), but they seem to imply that if you have 5 other RH servers (that arent participating in their services), they have a right to backbill you (with penalty) as if those servers were participating.
Now, maybe its legally ok for them to ask you to agree to this - but it does seem at quesition wether its 'ethical', and how they can reconcile that with the GPL.
I would definately be interested to read the FSF's response when they publish it.
His relevant quandry seems to be:
And like the editor says, that's for the support services. If you want support, you pay for each server. If you're signed up for support for 3 boxes, RedHat has the right to come in and make sure you're running 3 boxes, not 6. Otherwise, they're going to charge you a support fee for 6.
Way to go Michael, for publicly spanking that boy.
/. where we all can ridicule him for his mistake.
This could have easily been relegated to "not news" since it's apparent that McNett simply misunderstood. But I'm all for public humiliation, especially here on
If this is your opinion, why are you reading? Why are you posting? You're acting like the religious nuts that listen to Howard Stern all day just so they can find something to complain about. If you don't like it, change the fucking channel.
-- Minds are like parachutes... they work best when open.
Well, assuming I read his letter correctly, Red Hat states that the set up of their system, which is based on Linux, is copywrited. Sort of like the difference between a Ford pickup truck and a Dodge pickup truck. We all know what a pickup truck is, so the styling between the two is apparently what is covered. Perhaps this is the concept Red Hat is drawing on.
But I guess the question is, when adding a second server to the system, does this count as violation of the license? When I buy a pickup truck, I can modify it in any way I feel like -- but I will void the warranty on the truck. This means that I can't get free work done should something fail, because that failure could be caused by one of the modifications I made.
The GPL pretty well allows users to modify whatever they want, so long as they share what they did with the public. But if you created an application that can be run in a GPLed environment, but is not actually part of it, I would assume that this application is to be considered your intellectual property and therefore you can place your own licensing on it.
So- Does Red Hat have any proprietary code in there? I guess in such an event, they could demand that you purchase more licenses for the extra servers you want to add. But if not, then I guess all they could do is claim you voided the warranty, and declare you inelligable for any tech support or warrantied upgrades.
But, that's just my opinion. I think I'll leave this for the legally-experienced to hack out.
Whew! This water sure is cold!
There are some reasonable limtiations for the audits. If you buy a product including services, the burdon on RH would increase with every deployement, so it seems reasonable to charge per server. But how can you free the software and not the service ?
The point remains to be checked, is there a conflict with the GPL ?
I always found it strange. Basically an audit would be the equivalence of searching ones house/person/car/other property. The only ones usually allowed to do so is the police and they need a warrent and/or at least a suspicion of some sort of crime (this may depend on country of course). This is something ONLY the police are allowed to do, that is, no one else can demand to do it for any reason, so that means you can't put into a contract that someone should be allowed to search you, your house, whatever as a condition in the contract. So what makes people and software companies thing it is OK to do it for computers? And is this something that vary a lot between different countries? I happen to live in Sweden by the way.
RedHat doesnt have anywhere close to a monopoly on any market that it produces products for.
Microsoft has monopolies (ones that have been found guilt of illegally maintaining, even) in several markets.
What's wrong with saying-
/. is your can post your own reply AND other people actually READ them! Try that at your favorite newspaper site
"Okay, here's a story that you will prob see all over your favorite Free Software Slanted News Sites today. Here's what's wrong with it..."
The title says it all really: They are EDITORS. Not gatekeepers that post stories only, they have a staggering ability to actually add there own text. *yawn*
I see them taken to task often (and rightfully so) for posting dupes, unchecked links, etc...and they deserve the hassles on that stuff
Don't agree with his editorializing? Cool thing about
---"What did I say that sounded like 'Tell me about your day?'"---
Pardon? I can't install the product without purchasing additional services from RedHat...?
OK - so Red Hat can come in and check I'm not claiming their services for more installations than they authorised their services for. Entirely reasonable. However, "terms and conditions of this Agreement" include the contentious point above, which is certainly not agreeable to.
Not being a RedHat Enterprise customer, I don't have a copy of the license to hand. To any that do: is the term 'Installed Server' defined anywhere? If so, what is the definition please? If it's just a server with an installation of the code on it, then there would appear to be a problem. If the definition is along the lines of 'a server with an installation for which services are also being claimed', then there would appear to be no problem.
Anyone able to clarify that?
Cheers,
Ian
It's more a focus on how to make money without making any effort. Essentially, people patenting concepts and ideas without any intention of actually trying to develop these things. Instead, they are waiting for someone else to put the money, resources and hard work into developing something, and then they come out of nowhere with a massive lawsuit to steal the profit from the company that truly developed the technology.
To me, this is a lot like cyber-squatting: buy up a whole bunch of likely-sounding domain names, and just wait until someone wants to register it and then charge them an arm and a leg for the name. In the meantime, the domain name sits totally useless and unused. (Of course, we all know what happened to that business model!)
There are other companies who try to figure out what their competition is doing, and then file frivolous patents to block their competitor's development projects from seeing the light of day. Of course, we all lose when this happens. And then there are the true leaches, those who have no knowledge or resources to develop a given technology, but purchase the IP and then sue the s**t out of everyone for using it, even though the original patent holders allowed that use. Yet they still have no intention of putting those resources into furthering the technology for the future.
All this anti-patent work does nothing more than stifle innovation and development. And we all know the wonderful things that environment does for the economy and jobs. Putting these legal battles into the press essentially allows the leach to put the "fear of God" into the little people so it makes it easier to cause them to cave in when presented with an "infringement" lawsuit.
Of course, there could be a benefit to all this. If SCO should lose this case, it could create a devastatingly powerful legal precedent showing that just buying IP doesn't necessarily give you free license to bully others with it. But in case the opposite should happen, the only way we're going to change things back to the way they should be is to band together and get our respective legislatures to change the laws.
Whew! This water sure is cold!
This is more like buying 2 pickup trucks, one with an extended warrenty, and one with out, and trying to use the *single* warrenty on both vehicles.
There's one thing about any legal document: if it's impossible to enforce, it shouldn't exist. A services contract like the one Red Hat uses is guaranteed to create more trouble than it's worth. Why not make a contract valid for a certain amount of services, such as solving a number of problems? A good Linux contract, IMHO, would contain a list of the types of problems they would solve, and a number of calls allowed, one call per problem solved.
It would seem to me that Red Hat, in the time it's been offering its Advanced Server product, hasn't audited anyone who's been sufficiently upset by it to complain publicly.
Contrast with the BSA/Microsoft--their "audits" are more akin to "raids", with all the hostility implied.
I'm with Michael on this one. Red Hat offers support per-server-installation. If you want the support, you have to buy it for all servers, because otherwise you can buy one contract and just sorta fudge which server it's actually attached to at any given time.
Coupled with reasonable restrictions on these audits, I see no reason to be worried about this. As has been said, if you don't want Red Hat's service contract, you can copy the GPLed bits of RHAS to your heart's content.
"America has done some terrible things. But I know that Americans don't cheer when innocents die." -Dave Barry
Here's a suggestion: read the story and the sources before commenting ? Even try reading the story posted at the top.
If you did, you would realise that this is to stop customer's abusing their service contract with RH. Shock, horror, customer's abusing a contract, surely not!
Here's how it works. I install 50 copies of RH on my servers. I take out a service contract for just one of them with RH. Guess which is the server that always seems to have the problems....
RH's licence change for it's *services* stops that abuse.
Bad analogies are like waxing a monkey with a rainbow.
That is exactly what it is. If you want support for ten servers then you have to buy support for ten servers. If they didn't license there support that way companies would buy one support contract and use it for all there servers. Don't want the support contract? Don't buy it. You can still install Red Hat on all your servers for free.
Disclaimer. I own Red Hat stock
People complain about Slashdot staff being stilly for posting an article which they immediately retract. Those people don't get it.
Not to say that Slashdot is necessarily good journalism, but a good journalist cares about presenting the truth to the reader. (I guess there aren't many good journalists in the world.) In this case, we have someone with an open letter who is passing misinformation. Slashdot editors take this opportunity to publically point out the error in the article in an equally (if not moreso) open manner. This helps everyone.
Slashdot did a good thing.
They don't have to offer anything for download. All they have to do is provide the source, in whatever way they see fit. They can chage you $50 mil for the full source inscribed on gold bricks if they want. The GPL does not say you must provide a no charge download. And they don't have to provide the source to anyone who didn't buy the binaries (and the GPL clearly states they can charge whatever arbitrary ammount they want for the binaries). They don't even have to provide the source with the binaries. They only have to provide it if you ask.
It seems to me that RH is acting fully within the bounds of the GPL. Why is everyone getting their panties in a bunch over a non-issue?
First, unlike the slashdot editors, ;) IANAL. That said, I'm fairly sure a lot of people aren't reading this, and haven't looked at the RHEL license. As if they ever do. ;) (The letter mentioned in the article is only concerned with RH Enterprise Linux versions by the way, and the clauses do not appear in the other versions as far as I could see.) Really though there are some serious points here. I'd suggest that everyone who is really interested in this should go look at the license agreements online on Red Hat's site. Some other people have already quoted some of it, but I'll give a brief summary here of the questionable parts.
Read that carefully. (just like it says! heh) It says that if you do not agree to the Subscription Agreement then you must not use RHEL. It doesn't say you can't use RHEN or Red Hat Support Services, it says you can not use Red Hat Enterprise Linux.
Here it says clearly, if you want to install RHEL on additional systems, you must purchase support for each system from Red Hat. Notice that it uses the term "Installed System" which it has already defined as "the hardware on which the Software is installed" and the Software was defined in the first part to mean RHEL in general. It does not mention RHEN or support services. It is strictly defined as hardware that has RHEL installed on it.
The Agreement also goes on to talk about various auditing and fines for not buying support for all your systems, but it looks like we've pretty much already gotten to the primary problems I think. If you use RHEL (which is licensed under the Gnu GPL) and you haven't purchased support, you are in violation of the Agreement. Then again, I don't see how the Agreement can be valid, since it places additional restrictions on the use of the software, which is prohibited by the Gnu GPL.
This is SO educational! -- Kintaro Oe
Software (quote): 'This Subscription Agreement (the "Agreement") is between Red Hat, Inc. ("Red Hat") and any purchaser or user ("Customer") of Red Hat Enterprise Linux AS (or Red Hat Linux Advanced Server), Red Hat Enterprise Linux ES or Red Hat Enterprise Linux WS (collectively, "Red Hat Enterprise Linux" or "the Software").'
Installed Services (quote): 'The term "Installed Systems" means the number of Systems on which Customer installs the Software.'
So Installed Systems applies only to the systems that have "the Software" which they explicitly define as specific ENTERPRISE packages. These packages include "services". If a person does not want "services" they can get a non entreprise version and install it whereever to their heart's content.
Hmmm... I don't think that's what RedHat wants, but it seems to be the end result. I would think that they would come up with some scheme to label "THIS" box as the one that's suppored rather than sending their customers elsewhere.
Sleep is just a poor substitute for caffeine, anyway. -Bob Lehmann
If I remember correctly, RHEL has a 5 year lifetime. RedHat will be support it for 5 years. I think the wording must be changed. I do not think the wording they use is legal. I think it should be noted that RedHat will not support RHEL if you do not get support. (bug fixes, and the other services that make RHEL critical app ready. (an enterprise size oracle database etc) I believe you should be able to install it as many times as you like, but you just won't get the license agreement that RedHat stamps on that version of RH Linux. (the whole 5 year deal) Why should RedHat guaranteed an enterprise level OS if no one wants to pay for it.
My point is, they need to reword their EULA and then everyone can move on.
and to other BSD operating systems. The major players in the Linux community (RH and SuSE) seem to be moving away from the free software model (where they only get paid for the "bundle" of utilities and applications plus the installation sequence). RH has moved to a model in which they've bundled "services" but then have created a pricing structure in which the services cannot be separated from the software.
I don't see how they can justify this pricing under the GPL but the next question is, "who is going to sue Red Hat?" The most likely outcome if RH doesn't change their licensing is that they will try to sue a customer and the court will then decide if they have the grounds under the GPL to do that.
Maybe the EFF should buy one license and then install it on a dozen machines and let RH know what they've done. That should be interesting.
It also seems to me that both RH and SuSE have been making their inexpensive distros less and less suitable for use in a server environment (focusing on the desktop). We do a lot of server installs and with the advent of the workstation focus in Linux last year I began changing to FreeBSD where I'll stay until the SCO thing is over and/or I need to do something that only Linux will do.
No one ever had to evacuate a city because the solar panels broke!
Obviously the moderator didn't even read the article this post was attached to.
NOW THIS IS A REAL TROLL!!!
SPAM solution made easy: 1 spammer, 5 cords of rope, 5 hourses, and fireworks. Be creative.
Redhat seems to be saying that if I buy a copy of Redhat AS with a support contract, I lose my right to install AS on a second server (without paying Redhat more). How can that not be a GPL violation?
Well, notwithstanding the differences between Red Hat and their licenses versus Microsoft and their licenses, there is a point hidden in that comment.
:)
Frankly I think the concept of "whatever concessions they think the market will bear" is one that ultimately damages consumers and capitalism. Within that concept is the implication that the concessions are a -burden- that the consumer must carry if they want to use the product. "What the market will bear" implies finding that point at which the burden is just shy of actually driving your customers away. In other words, "they are entitled to abuse the customer as much as they want until the customer can't take anymore". While they are entitled to do that, it doesn't sound like a healthy philosophy to me. For one thing, by believing that companies are entitled to abuse them, consumers naturally expand the amount of abuse they are willing to take.
Take Microsoft for instance. They kept taking more and more concessions until the point where they were basically saying you are now only renting your software and it could be disabled at any time and in order to have the privilege of renting software you have to let them examine and change the contents of your own computer at will. Only then did large amounts of people start to say "hey, I was okay with how much you screwed us before, but now this is too much!"
The upside is that in a healthier market with more competition and choices, companies are unable to demand quite so much. The downside is that since everyone expects to have to bear as much as they can bear, all the companies in the market still end up putting some kind of burden on the customers.
Perhaps I'm just keying off the word "entitled", which sounds too much like something owed them instead of something that is merely legal to do. Maybe if the next phrase was "and the market is entitled to tell them to fuck off".
The enemies of Democracy are
I am not a laywer. Nor am I embarassed by having been confused by these documents. They *are* confusing, as is evidenced by the spectrum of commentary we're now seeing here on slashdot.
Neither is michael a lawyer, which is why I sent my email requesting clarification to the FSF and not Slashdot, but that's neither here nor there. I welcome the additional exposure of my confusion to other people who may be able to provide a meaningful analysis.
I do not agree that the EULA and additional license cover only the services side of Red Hat's offering. In fact, to my eye the read exactly the opposite -- expressly disallowing the installation of the Red Hat product in the absence of a matching service agreement. These documents would appear to me to be specifically denying me the ability to install the software without buying services. I do not believe that the GPL permits such subversion and I am unconvinced that Red Hat has found a loophole that allows this sort of restriction on usage.
Even if they have found a loophole in the GPL, I think that most would agree that such restrictions on usage are not in keeping with the spirit of the GPL and I am very interested in hearing the FSF's opinion on the matter.
Thanks for all the feedback, those who provided reasoned commentary.
You cannot impose any restrictions on the redistribution of GPL software. "Redistribution" can be defined as to another entity, or to yourself. Just as you cannot force royalties on top of GPL software, you cannot force contract agreements on it either. If you try to do this, the GPL still holds effect, basically invalidating any use of the software altogether.
It really seems that RHAT is violating the GPL here. This is a serious issue, one that RHAT should clarify and correct immediately.
The GPL doesn't give you lots of rights you may think you have. It does give you lots of rights to be able to recreate the program and fix bugs in it and then distribute thouse changes but thats where it ends.
For example, DMCA may restrict your ability to reverse engineer a GPLed program. Its an odd situation since you have source but if the license says you can't reverse engineer it, then you can't and you can get fined (via being sued DMCA style) if you do.
There are other rights as well that may or may not exist. For example, if you send in a patch to a common program. Do you own the copyright on that or does someone else? If you find your code got used illegally, can you do anything about it or must you go back to the main copyright holder to file an action?
GPL gives you additional rights but only in the context of copyright law as it was a decade ago. The license does have conflicts with the DMCA and other newer laws that have not been tested in a court.
GNU is working on a new version of the license but the work will take a long time and be quite expensive.
This only applies if you have purchased support services from Red Hat. If you download the software and install it, without any support services from Red Hat, then none of this applies. So it is not a general restriction on the software itself, but on the service. If you purchase support services from Red Hat, then you must purchase support services for every server you have (to avoid people purchasing it for one server and then always claiming the problem is on that 1 server, not the 30 others they have installed). If you do not purchase support services from Red Hat, then the EULA doesn't apply at all (and I believe you never even encounter it in the downloaded version). The GPL still applies, but if you want support services, you have to agree to purchase support services for ever installation.
"Information wants to be expensive" - Stewart Brand, the same guy who said "Information wants to be free"
But the problem is that update support is considered to be part of the service contract. To ge updates you need a service contract, and once you have a service contract you lose some of the core rights the GPL gives you (namly distribution.) If this is legal then the GPL simply has no teeth. Let me give you an example.
Let's say I touch up openoffice and combine it with a replacement for MS Access. All of the software I've used is GPL, so I'll have to leave my product under the GPL license. Let's say I put up a click-though license on my download server that requires a $100 credit card payment and states that by downloading this software you are agreeing to a $100 support contract. The terms of that contract state that any additional installations must be covered by their own $100 support contract and that distributing the software to anyone who is not covered by a support contract is a violation of the terms of the contract. Violating the terms of the contract will carry a nice $1 million US penalty.
Is this software still GPL in anything other than name? Of course not.
The saddest part of this story is that so many people feel they need to be apologists for RedHat. This is a terrible scheme that, if allowed to stand, will simply encourage other companies to release more proprietary software masquerading as GPL software. If you want to use proprietary software, that's your own business...just don't muddy the waters about what the GPL does and doesn't allow.
Is the Redhat license in conflict with the GPL? I don't know and don't have the time, or legal credentials, to tell you.
What I see is a "free software" advocate raising a ruckus because he has found a clause that may require that he buy one copy of RedHat's Advanced Server (now called Red Hat Enterprise Linux AS) Linux for each PC on which he installs it.
Now this isn't a run-of-the-mill version of Linux designed for use on desktop PCs. It's described by RedHat as the "ultimate solution for large departmental and datacenter servers." Heaven forbid that a corporation which operates large departmental and datacenter servers has to pay for a version of Linux tailored to those applications!
A large segment of the Linux community seems hell-bent on using GPL to insure that no Linux vendor ever be able to devise a sustainable, viable business model. It's at times like these that I really appreciate the BSD license.