Slashdot Mirror
Debian Team Discusses GPLv3
nanday writes to tell us that Newsforge (Owned by VA Software, just like Slashdot) is running an interesting look at the, recently reported on, GPLv3 by the Debian team. From the article: "Initially, Branden Robinson says, he was worried about GPL3. 'The amount of secrecy around the initial draft process had me very nervous,' he says. In addition, after the Debian consensus rejected the GNU Free Documentation License, he was concerned that GPL3 might become equally contentious in Debian. 'I'm glad to say that my fears are assuaged,' Robinson says. 'I was impressed with both the large and small changes. In a nutshell, I like it.'"
Nice to see that Debian is down with GPL3 -- I know that I personally am all for the new license. If Debian's cool with it, that should help a lot of people to accept it since Debian's well known as one of the most politically strict of all linux communities.
Looking at the changes, from what I understand, I don't think it should be much of a problem for the -real- free software people. We'll have to wait and see for the other guys -- but honestly, they can stick with GPL2 and thats ok too. Everyone points to the "or later version at your option", but that part can actually be removed from the GPL2 license IIRC.
From COPYING: "Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation."
Thats form the current GPL2 that ships with the Linux kernel. So the user can specify strictly GPL2 if they choose too, or do not fully comply with GPL3.
Easy as pie.
"Computers will never truly be free until the last windows user is strangled with the entrails of the last mac user."
Go Debian! One of the last strongholds of The True Linux(tm).
do() || do_not();
Will be interesting to see how the fight of freedoms vs. DRM goes.
I'm also against the DRM restrictions because I know the purpose of DRM extends well beyond music and videos. Corporations (and even some individuals) need strict control of their private data. I'm concerned that restricting DRM implmentations means entering grey area with respect to controlling data on corporate and shared computers.
Finally, restricting DRM in the GPL is as pointless as restricting "illegal" things. No media company would implement their DRM under the GPL anyway. If a DRM implementation were GPL'd, someone could modify it so the decrypted data flows elsewhere. The GPL just doesn't offer a means to control information flow in software against the user's wishes.
P.S. What's so "extreme" about a consistent view on civil liberties?
Is this a good thing considering that the Debian Project is many times much more zealous about their definition of "Free" than the FSF? Just wondering about everyone's input.
Full disclosure. Everyone knows, of course. But this is just the sort of things the "grown up" sites do, so slashdot should too.
The definition of "illegal" in reference to spyware is potentially messy.
1. Illegal usage will change over time, and vary quite widely across different jurisdictions. For example something as mundane as a web proxy log may be illegal depending on the context and jurisdiction.
2. Restrictions on use in that it can not be an effective copy control mechanism.
the freedom to run the program for any purpose (called "freedom 0")
I understand the intent, however such a restriction IMAO violates a fundamental principal of free software.
It's all the content producers need to make it official that they will not be supporting Linux. No music, no movies, and what most Slashdotters will notice most, no games. My opinion is that GPL3 is a step back for those that would like to advance the adoption of Open Source by commercial producers and users. Philosophically, it's a step forward, but in practical terms, it's going to create roadblocks.
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
Hell, yeah. You know capitalism's the better bet when your country's education system is so rooted there are people arguing whether they can force the teaching of creationism in biology classes, the President's advocating the suspension of the Geneva Convention, refused to sign up to the War Crimes Court and advocates torture, and your nation is trillions of dollars in debt and only being held up by force of military action against any major trading partner who suggests switching to Euros ;-).
where do you think it is illegal, in Germany ? France ? China ? Phillipine ? Korea ? US law is the law for a small minority (fortunately), i think it is important for the GPL to be accurate on this.
Lol..
;)
Nice comeback
Scully: Should we arrest David Copperfield?
Mulder: Yes we should, but not for this.
Stan: It's every man's right to have babies if he wants them.
Reg: But you can't have babies.
Stan: Don't you oppress me.
Reg: I'm not oppressing you, Stan -- you haven't got a womb. Where's the fetus going to gestate? You going to keep it in a box?
[Stan starts crying.]
Judith: Here! I've got an idea. Suppose you agree that he can't actually have babies, not having a womb, which is nobody's fault, not even the Romans', but that he can have the *right* to have babies.
Francis: Good idea, Judith. We shall fight the oppressors for your right to have babies, brother. Sister, sorry.
What did Debian find wrong with the Free Documentation License?
Who do you get to be an expert to tell you something's not obvious? The least insightful person you can find? -J Roberts
The major part of the DRM clause that seems iffy is this one:
to distribute covered works that illegally invade users' privacy,
The important remaining parts:
Regardless of any other provision of this License, no permission is given [...] for modes of distribution that deny users that run covered works the full exercise of the legal rights granted by this License.
I believe this bit is redundant, because this right is already guaranteed by the definition of "complete corresponding source": The "Complete Corresponding Source Code" for a work in object code form means all the source code needed to understand, adapt, modify, compile, link, install, and run the work, excluding general-purpose tools used in performing those activities but which are not part of the work. [...] Complete Corresponding Source Code also includes any encryption or authorization codes necessary to install and/or execute the source code of the work, perhaps modified by you, in the recommended or principal context of use, such that its functioning in all circumstances is identical to that of the work, except as altered by your modifications.
And:
distribution of a covered work as part of a system to generate or access certain data constitutes general permission at least for development, distribution and use, under this License, of other software capable of accessing the same data
This bit is interesting, and while it is complementary to the corresponding part of the definition of Complete Corresponding Source, it does not actually prevent the use of GPLed software in DRM applications: Complete Corresponding Source Code [...] also includes any decryption codes necessary to access or unseal the work's output. Notwithstanding this, a code need not be included in cases where use of the work normally implies the user already has it.
The definition of Complete Corresponding Source means that the recipient has to have access to the keys. It doesn't mean that the keys need to be included with the software, if they are available in a repository on the user's computer. It *does* however mean:
* First, if the user modifies the DRM software to save the protected material in an unencryted form, they're allowed to do so.
* Second, that the user can't be prosecuted under the DMCA for reading the DRM software to find out how to save the protected material in an unencrypted form, or otherwise bypassing it.
So for "honor system" quality DRM equivalent to (say) the DRM in iTunes, which explicitly provides for saving the material in an unencrypted format, you could actually use GPLed software in the DRM component. You could also prosecute people for distributing any material they had saved in unencrypted format in ways that went beyond "fair use" exceptions.
Given the rest of this section, I don't think there's any point to to distribute covered works that illegally invade users' privacy, since I believe anyone who was actually doing that effectively using GPLed software would be violating other aspects of the GPL already.
First, a quick point about GPL v2: You can't make effective DRM software with it. How could you? Since GPL grants users the rights to gain the source code and to modify it, then as soon as you distribute your DRM app you have given the user the right to modify that app so that, after decrypting whatever it is that the program is designed to decrypt it writes it to disk in a non-protected format. They could modify it so that whatever keys it uses to decrypt the media are also written to disk.
The only way you could prevent this is if your country has a law that would trump the permission-to-modify-and-use-for-any-purpose provisions of the GPL v2. Specifically we're talking the DMCA. Since your DRM software is a "protection measure", bypassing it is illegal, and thus modifying the software to write out un-restricted files would be illegal even though the license you got the software under gave you explicit permission to do this and more. This is where GPL v3 comes in:
From http://gplv3.fsf.org/draft: "No covered work constitutes part of an effective technological protection measure: that is to say, distribution of a covered work as part of a system to generate or access certain data constitutes general permission at least for development, distribution and use, under this License, of other software capable of accessing the same data."
I understand that the term "effective technological protection measure" is to specifically address the DMCA, which makes it illegal to bypass said measures. It's basically stating that no GPL v3 software can ever invoke those clauses of the DMCA.
Which is moot for several reasons. First, there will never be DRM software released under any GPL license at all since they'd have to be nuts to give out the source code and rely on DMCA enforcement to protect the content, especially since the DMCA is U.S.-only. Second, because the DMCA is U.S.-only, this clause is only effective in the U.S. to begin with.
The other clause in the same section, which references spyware as "works that illegally invade users' privacy" is similarly useless because "illegal" varies from country to country and if it was illegal then you could get them for that illegal act and don't need to resort to copyright infringement to stop them.
I think the entire Section 3 of the draft license could be removed and not change the resulting impact of the license one iota.
The enemies of Democracy are
A really good point!
I don't agree. The way those restrictions are worded they shouldn't affect legitimate uses of the technology. They just prohibit pulling a Tivo - and Tivo, by the way, is proof this is necessary. They've done exactly what this will prohibit - they've stayed within the boundaries of GPL v.2 technically, while violating the intent completely. Their users can get the source, but they are prevented from using it in any meaningful way. The DRM section of v.3a, as I read it, is rather narrowly aimed at preventing that.
What does bother me in the drafts I've seen so far is the forgiveness clause, however. It looks like it could easily be abused by chronic violators, and I certainly hope that's given some more thought before the final version.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
(n/t)
455fe10422ca29c4933f95052b792ab2
Knowing the Open Source Initiative, and how they accuse the FSF leaders of drinking cook aid and state that they "like free software because it doesn't cost anything", I bet they hate the new GPL. (the guy who posted that was the then-current president of the OSI. Perhaps if MSFT or Sun would sponsor it, they'd buy in, though.
There are times when DRM is actually a good thing. For example, when restricting distribution of personal information, confidential documents, etc. Also when used sensibly to prevent blatant abuse of reasonably priced copyrighted content, thereby keeping media available and affordable for those of us doing the RightThing[tm]. And then there's non-free software for which there is not (yet) any competitive free equivalent - if it's protected then it's also more likely to be affordable.
Given that there are situations where it can be useful, why should a free software license restrict my freedom to use this technology? So long as we're going to be force fed it anyway, why not *encourage* free software implementations?
On the other hand, the DMCA is pure evil. 'Effective technical prevention measures' I can deal with as I am confident that freedom will prevail. Criminalising the bypassing of 'ineffective technical prevention mechanisms' is insane. However this is something to be solved by lobbying and educating users, not by adding short-lived, jurisdiction-specific terms to a long-lived, globally significant license.
What is most amusing about these clauses is that I'm not convinced they have teeth - who in their right mind is going to write an open source 'technical prevention measure' anyway. In fact they're more likely to bite us - consider issues like the implementation of the broadcast flag in open source software for example. Plus existing software that matters is unlikely to be relicensed anyway (eg Linux).
Anyway, the last version has served us well for 15 years. The new version references specific laws that may very well be repealed in the next few years, and more than likely will end up being a small sample of a large arsenal of consumer-hostile legislation.
I'll be interested to see how the feedback received shapes the license, that's for sure.
So for "honor system" quality DRM equivalent to (say) the DRM in iTunes, which explicitly provides for saving the material in an unencrypted format, you could actually use GPLed software in the DRM component.
Is the data on the CD the same as that in the original DRMed file? No, it is not... so no, you couldn't get out of it that way.
Yes, let us not go down this slippery slope, which will only end when no one is allowed to make any money in any fashion from software. Let us not mistake protecting freedom with communism.
I was at the GPLv3 launch conference, and I think people are misunderstanding what was intended, and what was written (since it's pretty clear).
The DRM restriction is not intended to forbid, e.g. RedHat from signing their packages with a secret key. It's to prevent them from making a system that refuses to use packages that are unsigned or signed by somebody else.
For example, say I made a modified version of that little applet that times when your tea is ready, and put it into a special device for this purpose, and called it "Tea-vo". I then set up the OS on this Tea-vo so that it checks to see if the copy of the program that it run is signed by my company, and refuse to run any other. This means that if someone else (say, Richard) buys my device, I must give them the source code, of course, but if they compile it, my Tea-vo will refuse to run their compiled code. This reduces Richard's freedom. He's free to use the software on other hardware, but not in the intended way (i.e. on my Tea-vo device).
This is my understanding of the purpose of the DRM clause.
I don't know about everyone else, but one of the things I do when I expose people to the idea ofr free software is encourage them to read a copy of GPL version 2. It is a very readable and understandable license. It makes a very good learning tool.
The GPL 3 draft is clearly inferior in this respect. There's no way I would push that forward as an example to a free software newbie.
I'm really disappointed.
I wish the Debian team would discuss getting http://packages.debian.org/ working!
I'd hate to see a lawyer attempt to make any of the large GPL licensed software teams, find each and every contributor to the current code line, what each contributor did, how to contact the contributor, and let the lawyer depose each and every one of them.
A few 'proof of concept' legal actions would then scare small companies away from anything GPL licensed (maybe even to a BSD licensed code base).
This is not a troll but a real consequence of taking a loosely worded computer software political statement license and treating it as a well tested legal contractual agreement.
For instance, how many of the GPL project contributors are too young to sign a legal contract (i.e., 17 years or younger) and therefore not able to legally contribute code to a GPL project?
Likewise, how does a GPL project deal with contributors that have passed away if the GPL project needs an extra 'i release this code' document from those deceased contributors?
I don't know why I should care whether one linux distribution likes GPLv3 or not. The people who work on GPLv3 know the issues far better than any distribution can. So, it's not interesting at all what some random guy thinks (especially this guy).
--exa--
I believe the GPL should protect user rights.
I believe every user should have access to the code source of the application he uses.
I believe the GPLv3 draft does not enforce it (*)
I think an oline application built on GPL2'd code is an application that does not enforce Freedom.
I think the GPLv3 should deal with online applications (webapps).
(*) the GPLv2 doesn't enforce freedom too for webapps but it was written long before webapps exist.
Million Dollar Screenshot
Gpl v3 makes one thing clear: it's all about ideology. If you don't subscribe to the ideology (e.g. because you run a for profit business instead of a commune) you should use a different license.
Actually the v3 is a bit confusing. Licenses don't need upgrades but clarifications if there is a legal error in them. v3 is different from v2 and not necessarily an improvement depending on your point of view. The GPL is generally understood to be v2 (and controversial enough in that version). v3 suggests it is the same thing with some minor clarifications. Clearly that is not the case, the changes are not minor and v3 might turn out be quite a bit more controversial than v2.
Jilles
"Making it easier" is relative. Sneaking something under the users chair he cannot legally change or fix errors in, or may not even use in specific situations for some temporary benefit can be disputed to be "easier"...
On the contrary, GPLv3 is a bad license- because it allows this non-free crap.
Such restrictions are either ineffective (because you can circumvent the force to not remove code to download the source with a working firewall or filter application) and thus non-free because they add extremly annoying and inconvenient restrictions without any gain,
or they restrict your right to run the software with a working firewall or filter, violating the 0. freedom of every user and the basic baseline most guidelines do not even name because it is so basic for anything claiming to be free: The right to run the software and to use it. With such a restriction, it has no right any more to call it free at all, it takes more rights it did not
give, making it worse than if there was no licence at all.
As GPLv3 allows everyone extending it to make your program non-free by applying 7d), GPLv3 is a bad licence, and it it still is in the final version, I will stop using "or any later version".
Don't you get it? Capitalism! The US landed on the moon, beat the Russians, now has movies, tv, games for everyone -- THE CAT STOLE THE CHEESE -- America wins the capitalism! Hey ho hey ho! 50 trillion in debt hurricanes 9/11. USA!
I think they have to accept the good with the bad. All should mean "all". Freedom should mean "freedom".
Then I would recommend BSD-license for you. Nobody is forcing you to use either GPL v2, GPL v3 or BSD. You have the choice.
Here's a longer explanation: GPL is about freedom of the software. It is a response to the copyright-laws which seeks to divide users from the sourcecode of the programs they run. That is why GPL is popularly called CopyLeft.
GPL is seeking to guaranteeing a user to modify the sourcecode to any GPLed-program as they see fit, and be able to run the modified program without restrictions.
DRM is about restrictions, and can not ultimately be modifiable by the user. Thus locking the user out of her own computer-system! Hence, GPL and DRM already doesn't fit together. So the GPL needs to address the loophole where the software may sign binaries and prevent modified programs from running, with no recourse for the user.
If the GPL does not close this loophole, users of proprietary OSes might not get the benefit of the GPL, since the OS might require signatures in the future. It is also a response to the rising threat of DRM at the hardware-level (TCPA) and other places.
There's nothing wrong with using a different license, or the GPL v2, if you do not agree with this. The Linux-kernel will probably never go beyond v2 for instance.
More info: http://www.againsttcpa.com
http://www.debunkingskeptics.com/
One good thing in the GPL v3 is that it states explicitly that the user has the right to bypass the DRM in software covered by the GPL. I don't know that there is actualy an avenue of attack whereby the DMCA could be used to bypass the GPL, but it's amazing what lawyers can read into contracts so it's a good thing to head it off at the pass.
The rest of the DRM section is redundant, or worrisome, but this is a useful clause.
I think the GPLv3 should deal with online applications (webapps).
This has already been brought up, and there was a possibility that GPLv3 would include this. I think it would have been a stake in the heart of the GPL.
GPLv2 predated the modern Internet, but it didn't predate online services, and it did deal with similar situations.
First, back in the '70s and even most of the '80s, remote access to someone else's computer was a very common way of using software. The GPL didn't require service bureaux or bulletin board systems to release their source.
Second, if I compile an application with GCC, or print a document with groff, edit an image with the Gimp, or use a GPL-ed application to write a document, compose or play music, I can use that of the GPL-ed application in a way that does not enforce Freedom.
This is not a new issue, you shouldn't act surprised that this hasn't been added to the GPL in this version.
So if I put Linux on a Media Player and publish the source and comply with GPLv2, but then use DRM so that my media player only talks to my server encrypted and only takes my own firmware upgrades I wonder how exactly you want to "modify it so the decrypted data flows elsewhere". Get it?
Holland, MI - Friends report that slashdot janitor Zonk has markedly similar advice on both relationships and deer hunting. "You have to dress either to blend in with the scenery or to stand out from it, depending on the situation, but either way, you want to disguise your scent," said Pulver to friends at a local tavern. "You have to find out where they eat, where they sleep, where they pee, and when they're most likely to be off guard. Then, when you've got a clear look at their rack and you're sure they're legal, bam! You take 'em." Zonk's associates noted that he has never bagged a deer or a woman.
I'm happy to hear this from Robinson.
But personally i was mostly sure that GPLv3 would become a success.
>In addition, after the Debian consensus rejected the GNU Free Documentation License, he was concerned that GPL3 might become equally contentious in Debian.
I think this concern were mostly unnecessary.
The "GFDL-Problem" is not a problem that FSF and Debian has a different opinion about Free Software. The problem was/is that Debian says "everything on our distribution is software" and the FSF differs between software (== computer programs) and documentation.
Support Free Software! Join FSFE's Fellowship: http://fellowship.fsfe.org