Slashdot Mirror

← Back to Stories (view on slashdot.org)

Torvalds Explains Dislike For GPLv3

Posted by Zonk on from the not-enough-penguins dept.

Joe Barr writes "Linus Torvalds explains in three recent posts why he doesn't care for the DRM restrictions in GPLv3, and he has never been one to hold back. From his commentary: 'I _literally_ feel that we do not - as software developers - have the moral right to enforce our rules on hardware manufacturers. We are not crusaders, trying to force people to bow to our superior God. We are trying to show others that co-operation and openness works better.' NewsForge has the complete text of all three posts available." We discussed his initial reaction to GPL3 at the end of last month. NewsForge is a sister site to Slashdot.

3 of 552 comments (clear)

  1. Re:The real question by Lussarn · · Score: 5, Interesting

    FSFs arguments aren't really bad either. They just want you to be able to change the code which is under GPL in products. By wrapping GPL code in DRM and use DMCA to protect it there is legaly a whatertight hole to not let users change the GPL code in the products. This was probably not the intent of the author of said GPL code and thats why DRM is added in GPL v3. And why it's probably welcomed by most developers.

  2. Re:The real question by plover · · Score: 5, Interesting
    If the code that you wrote under the GPL was digitally signed by a manufacturer and put in a "Trusted Platform" machine (let's say a router), the GPL (v2) clearly states that they must make your code available, along with any modifications to your code.

    That's it. The GPL grants you the further rights to take that modified code and change it any way you like. But it does not grant you the right to install that modified software back on that same machine.

    This is no different than if that manufacturer took your GPLed code and burned into a ROM or blew it onto an FPGA and then soldered it into the router. Just because you wrote it doesn't mean the manufacturer has to give you provisions to alter it on their machine.

    The answer is purely economic -- don't buy a trusted platform based machine. Don't buy an OS that supports trusted platforms (Vista.) Don't allow friends, families or your business to buy trusted platform machines. If you're in a position to purchase hardware, get "no hardware enforcement of digital signatures" written as a requirement into your RFQs.

    GPL v3 is not a business friendly license. It will restrict development unnecessarily, and drive manufacturers away from using GPLv3 code. Look at how well Linux has done in embedded devices (the slug as well as many other Linksys appliances.) These restrictions will likely drive those manufacturers to alternate sources of software, or limit them to only GPL v2 versions of the code.

    --
    John
  3. Re:DRM *can* be good by coofercat · · Score: 5, Interesting
    Someone more legally minded than me may shoot me down for this, but I understand that Linus' comments about Redhat are a misunderstanding of the GPL3. From TFA:

    Notice how the current GPLv3 draft pretty clearly says that Red Hat would have to distribute their private keys so that anybody sign their own versions of the modules they recompile, in order to re-create their own versions of the signed binaries that Red Hat creates. That's INSANE.

    This is not what the GPL3 says at all. It says you must distribute keys IF your code won't work without them. In the Redhat case, that's not true at all - you can download and install unsigned (or third party signed) code all you want. Redhat signs stuff so you can be sure it came from Redhat and not Fred in His Shed - that is ALL.

    From TFL:
    Complete Corresponding Source Code also includes any encryption or authorization codes necessary to install and/or execute the source code of the work, perhaps modified by you, in the recommended or principal context of use, such that its functioning in all circumstances is identical to that of the work, except as altered by your modifications. It also includes any decryption codes necessary to access or unseal the work's output.

    The GPL3 does not try to take code-signing capability away from anyone. It states that you must give away keys if it's impossible to make a working program without them. I'll give an example:

    Say there's a crypto program that uses modules, and is not open source. If you write modules, they have to be signed by one of a series of keys before the program will use the module.

    If you tried to release a GPL3 module for this product, you would have to also put your keys with it because without the keys, a third party cannot produce a working module.

    The GPL3 really says that if you're using DRM, you have to let other people use it too. There's a double-edged sword here: At the moment, you could release your (non-working) module as GPL2. Of course, it's useless, except for anyone else who has the keys. It's unlikely the owner of the crypto program would release keys for anyone to use (and so distribute) as that (as stated by Linus) makes the use of DRM pointless. In short, you're unlikely to be able to use the GPL3 for such situations.

    My personal view (as if it matters) is that the GPL3 will fail because (a) people don't understand it and (b) no commercial vendor is likely to use it if they have to give everything away to do it. Using GPL2 + secret keys means you get all the benefits of open source, without giving away your competitive edge.

    Of course, GPL3 might gain ground because version 3's got to be better than version 2, right?