Debian Team Discusses GPLv3

nanday writes to tell us that Newsforge (Owned by VA Software, just like Slashdot) is running an interesting look at the, recently reported on, GPLv3 by the Debian team. From the article: "Initially, Branden Robinson says, he was worried about GPL3. 'The amount of secrecy around the initial draft process had me very nervous,' he says. In addition, after the Debian consensus rejected the GNU Free Documentation License, he was concerned that GPL3 might become equally contentious in Debian. 'I'm glad to say that my fears are assuaged,' Robinson says. 'I was impressed with both the large and small changes. In a nutshell, I like it.'"

Excellent

[devphaeton]

Go Debian! One of the last strongholds of The True Linux(tm).

DRM

[luvirini]

Indeed I expect that the DRM part will be the big "Real kicker" specially when Linux kernel and other key software go to GPL3.

Will be interesting to see how the fight of freedoms vs. DRM goes.

Re:DRM

GPL3 only will be a BAD thing. There is already a perception that that GPL restricts more than it frees.

Re:DRM

[plover]

What about patents? Think about a box like the NSLU2. Now, I don't know if Linksys holds any patents on it or not, but let's assume for the moment they held both software and hardware patents on it.

Would they be able to continue to run a linux kernel on it? Can you run the linux kernel on a patented platform? Can you run patented software on a linux platform?

If it turns out that you can still run patented software, what about kernel modules? Can you patent them or not?

What if it turns out that you can't? Then what do you do about VMWARE? VMWARE can be used to run a Windows XP virtual machine, which for all we know is encrusted with thousands of patents.

This whole "we enforce the following opinions about these uses of our software" thing is a bad idea, in general. Sure, they've made it plainly obvious that they don't want to be a party to building a TPM-based-machine. But what's next? No military uses? No "dual uses" (civilian and military)? "Sorry, can't write GPS software, it uses data that comes from a military owned satellite." "Can't put Word support in Open Office, it allows cross-platform usage of patented file formats." "Can't write an Asterisk plug-in, you might use that phone line to call Microsoft support."

"Preamble

The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users." [ emphasis mine ]

I think they have to accept the good with the bad. All should mean "all". Freedom should mean "freedom".

Re:DRM

[diegocgteleline.es]

Oh well - so you don't like GPL, be it v2 or v3. I happen to think that the GPL is one of the few licenses that REALLY helps me to have free/open software. Other licenses (say, BSD) allow companies to relicense a copy of the software with another license or even close the code.

There's nothing wrong with that. But I happen to think that in this world companies are already having too many ways of getting money - DRM and software patents, for one - and they don't need help from hippy university students.

I laught when companies say "we don't like the GPL, it doesn't allows to use thousand of lines of code without forcing us to get back the changes", like being able to close the source were the one way to keep the company up. Then at the following day you see the financial results of that quarter and the company happens to have a couple of thousand of millions of dollars in cash but hey, GPL is "not free, it doesn't allow us to do what we want, it doesn't adapt to our needs". And the following day the company hires some lobbies to get software patents and DRM in Europe.

Is not that I hate companies - I love capitalism - I just don't understand this "ooh poor of us those free software coders are releasing code under the GPL license which is too restrictive and viral". Those companies have enought money to write a new operative system from scratch without using code from anyone else (I've nothing against that, I'd even bought and pay for it if it's a good product), stop pretending that GPL is "too restrictive". So uh, maybe companies and some people like you thinks that GPL is "too restrictive". I happen to think that is great, and I've only heard good things from the GPL v3 version.

Re:DRM

[Schraegstrichpunkt]

In other words: the _default_ license strategy is always just the particular version of the GPL that accompanies a project. If you want to license a program under _any_ later version of the GPL, you have to state so explicitly. Linux never did.

No. You think "v2 or later" is the default. It's not. The _default_ is to not allow conversion.

Linus is wrong. Linux 2.0.40 does not state a particular version of the GPL, and GPLv2 section 9 (as shipped with that version of Linux) states:

9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.

Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation.

(Emphasis added.)

Is this a good thing?

[HulkProtector1]

Is this a good thing considering that the Debian Project is many times much more zealous about their definition of "Free" than the FSF? Just wondering about everyone's input.

Re:Is this a good thing?

[TheRaven64]

They tend to be fairly close. The real disagreements come on non-core issues. The Debian Project believes that something like the FSF's four freedoms should apply to everything in a program, while the FSF limits itself simply to code. This means that the Debian project does not accept the GNU Free Documentation License. Conversely, the FSF takes issue with the Debian project maintaining a repository of non-Free software, since this is seen as an endorsement of (what the FSF views as) antisocial behaviour.

Re:I don't like the GPL v3 draft

[kebes]

For example something as mundane as a web proxy log may be illegal depending on the context and jurisdiction.

Not to mention that in some places, bad people will use that as a justification to shut down things they don't like. In a country that is trying to enforce censorship, they may deem that open-source software is violating its own license by allowing citizens to circumvent blockages. They will argue that this software is giving them the ability to "illegally invade privacy" (of whatever), and hence is illegal by its own license. Imagine how awful it would be if such a regime had a way to prevent free/open-source software from being used! The censorship would become that much worse.

Sounds crazy perhaps, but twisting legal wordings to justify their actions is what some people do. That's why I'm always a little worried about the GPL being extended much beyond its original scope.

Re:I couldn't agree more

[davidstrauss]

So what if the license is still valid? The person still can't use it for that purpose if it's illegal. The visa example is a valid comparison, but do we really want isolated illegal acts to invalidate that person or organization's entire use of anything GPL? How far would it extend? Who really agrees to the GPL? If it's the organization, do we want to shut down Linux use at Microsoft and Apple? They do, after all, do some software development for DRM applications on GPL'd software. I don't support a viral clause for "illegal" use, especially when we aren't in the position of defining what's illegal.

Re:Good! If Debian likes it...

[Tony+Hoyle]

It's more complex than that.

You'll end up with two types of applications - GPLv2 and GPLv3. A certain number will allow you to use either. Others will be stuck at one or the other (GPLv3 code cannot be incorporated in GPLv2 code.. forced obsolescence!) - so you the two won't cross-pollinate.

Until I see a *final* version and lawyers have looked at it (slashdotters really don't count!!) all my GPL apps are GPLv2 only. Some are stuck like that forever due to the number of contributors.... it would be a breach of license to use GPLv3 code in those or for a GPLv3 project to use code from them. Which is messy.

It's DMCA, not DRM, that GPL v3 addresses

[Chris+Burke]

First, a quick point about GPL v2: You can't make effective DRM software with it. How could you? Since GPL grants users the rights to gain the source code and to modify it, then as soon as you distribute your DRM app you have given the user the right to modify that app so that, after decrypting whatever it is that the program is designed to decrypt it writes it to disk in a non-protected format. They could modify it so that whatever keys it uses to decrypt the media are also written to disk.

The only way you could prevent this is if your country has a law that would trump the permission-to-modify-and-use-for-any-purpose provisions of the GPL v2. Specifically we're talking the DMCA. Since your DRM software is a "protection measure", bypassing it is illegal, and thus modifying the software to write out un-restricted files would be illegal even though the license you got the software under gave you explicit permission to do this and more. This is where GPL v3 comes in:

From http://gplv3.fsf.org/draft: "No covered work constitutes part of an effective technological protection measure: that is to say, distribution of a covered work as part of a system to generate or access certain data constitutes general permission at least for development, distribution and use, under this License, of other software capable of accessing the same data."

I understand that the term "effective technological protection measure" is to specifically address the DMCA, which makes it illegal to bypass said measures. It's basically stating that no GPL v3 software can ever invoke those clauses of the DMCA.

Which is moot for several reasons. First, there will never be DRM software released under any GPL license at all since they'd have to be nuts to give out the source code and rely on DMCA enforcement to protect the content, especially since the DMCA is U.S.-only. Second, because the DMCA is U.S.-only, this clause is only effective in the U.S. to begin with.

The other clause in the same section, which references spyware as "works that illegally invade users' privacy" is similarly useless because "illegal" varies from country to country and if it was illegal then you could get them for that illegal act and don't need to resort to copyright infringement to stop them.

I think the entire Section 3 of the draft license could be removed and not change the resulting impact of the license one iota.

Re:I couldn't agree more

[Chris+Burke]

But with DRM, what's to prevent you digitally securing the binaries and having a system on which only "trusted" binaries are allowed to run. The source is all but useless now, as anyone compiling it will need to get their binaries signed to run on Vista++ or OSXII.

I bolded the real problem, which the GPL v3 does nothing to solve. All it does it say that the GPLed software cannot be an "effective technological protection measure", meaning it can't invoke the DMCA clauses that make circumventing such a thing illegal. That still won't let you get your modified binary signed by Microsoft to run on Vista++, so the source is still useless.

Re:I don't like the GPL v3 draft

[nuggz]

Considering the free software definition I will form my response.
http://www.gnu.org/philosophy/free-sw.html

1a. I don't think free software should force and/or encourage behaviours beyond that of ensuring the software is free.

1b. What is legal and illegal is inconsistent both over time and location. Let the laws in place deal with that. Using a software licence and copyright law to somehow back up "real law" is at best redundant and at worst subjective and confusing. For a second example a police keystroke logger can be both legal and illegal depending on the specifics of the case.

2. I agree that DRM is logically incompatible with the GPL, if you have all source to make a fully functional implementation you could easily hack around the DRM restrictions.

We not only disagree with you, we think you're stupid for even mentioning it.

Fortunately there are more open minded people than you involved in this debate.
I think the GPL should adhere as directly and as simply as possible to the free software definition.

Re:Good! If Debian likes it...

[NutscrapeSucks]

Actually, RedHat and a lot of their customers might want this as a feature. For support of critical servers, many users will not want the base OS tampered with and will be more than happy to hand the keys to RedHat et al.

However, none of that would prevent you from developing your own code, you would just have to disable the protections or create your own secure bootstrap policy.

Also, this would be using the chip as a security feature and really isn't "digital rights management".