Slashdot Mirror
Could Linux Still Go GPL3?
turnitover writes "Even though Linus has said 'The Linux kernel has always been under the GPL v2. Nothing else has ever been valid,' LinuxWatch is reporting that Richard Stallman has said it's ultimately up to the developers. And those on the LKML (Linux Kernel Mailing List) are going back and forth about whether to move to GPL3. The sticking point, not surprisingly, is the issue of DRM." In response to the DRM issue Linus wrote: "I personally think that the anti-DRM clause is much more sensible in the context of the Creative Commons licenses, than in software licenses. If you create valuable and useful content that other people want to be able to use (catchy tunes, funny animation, good icons), I would suggest you protect that _content_ by saying that it cannot be used in any content-protection schemes."
Ah wait... he's saying: protect the content from being "protected" (in the DRM sense)?
It's what every software project does when there's fundamental differences of opinion on which direction to go. If Linus and the other Linux software devs don't like GPL3, just fork the thing and take out the parts you don't like and use that license. After all, the text of the GPL 3 license should be able to be modified just like source code, right? You wouldn't be able to call it GPL 3, as it's just confusing. But GPL 2.99 might work nicely as a name.
AccountKiller
Well, I guess they could GPL3 all the portions of the kernel that aren't derivative works of Linus' parts. Which would be what, exactly? The build scripts?
Of course it's up to the developers what license they will
release their code under.
It's still up to Linus what gets into the kernel.
I don't know about you, but I would resent DRM being ported to linux. I switched operating systems to escape the restriction-ridden operating systems that are macintosh and windows.
(Commence the modding down by mac fanboys who think their favorite operating system has no restrictions whatsoever on what it can do).
Slow Down, Cowboy! It's been 60 minutes since you last successfully posted a comment.
You can't just take code already under GPL2 and move it to GPL3 without the authors' permissions. That's CHANGING THE LICENSE, and that's exactly what Linus is getting so fired up about. Everyone that contributed something under GPL2 would have to be contacted and would have to give consent to have their code moved over to GPL3. You can't just make a broad sweeping change to the license. If you could, then you could easily fork and close-source your branch. If that were the case, we'd have IBM, Novell, Sun, and RedHat proprietary Linux. It would also be a management NIGHTMARE to have pieces of code under each license.
The main issue isn't DRM or not-DRM, it's YOU CAN'T CHANGE THE LICENSE!
Ever.*
The kernel is GPL2 without the "or a later version" wording. All the contributions are GPL2. In order to convert the kernel to GPL(!2), you need to get approval from every single contributor to the kernel whose code is in any way in the kernel. Now, let's say you manage to do this, including approval from the executors of the estates of contributors who have passed on, you still need approval from Linus himself. Linus has already stated that he has no intentions of converting to GPL(!2).
Now, you could of course pseudo-fork the kernel by managing to get approval for all contributors, living and dead, aside from Linus. You could then re-write any code worked on by Linus (which, still, is a very substantial amount) and have a Linux-like system under the GPL(!2). Now, you just have to get approval to use the Linux trademark. Somehow, I doubt that will happen.
*For finite values of 'ever.' Restricted to this universe.
Karma: SELECT `karma` FROM `users` WHERE `userid`=138474;
Stallman is repeating his behaviour with Ulrich Drepper and Glibc, here. Ergo, if the leader of a project refuses to go the way he wants them to, he will attempt to turn other people associated with the project against said project leader.
I have found myself wondering what it is going to take before people will acknowledge the type of man that Richard Stallman truly is. He is seeking division here, and he is doing so purely for the sake of his own ego; because he cannot stand to be in any position other than one of complete control. I keep reading of example after example of this...it's his way or no way. Is that honestly what freedom means?
People try and claim that the real threat to the future of F/OSS is on the other side of the ideological/economic divide...that Stallman is a hero. To people who would continue to maintain such a view of the man, I ask you to look at what he is doing here.
Take a long, hard look.
There is a good article on LWN.net, but it's subscriber-only until Feb 9th: http://lwn.net/Articles/169797/
Here's an excerpt:
==BEGIN EXCERPT===
Another thing to keep in mind is that Linus can change his mind, even after seemingly painting himself into a corner with an absolute statement. One of your editor's favorite Linus pronouncements was issued almost exactly seven years ago. In response to a query on how to set up an i386 box with 4GB of memory, Linus stated:
Oh, the answer is very simple: it's not going to happen.
EVER.
You need more that 32 bits of address space to handle that kind of memory. This is not something I'm going to discuss further... This is not negotiable.
Less than one year later, Ingo Molnar's high memory patch was merged for 2.3.23.
===END EXCERPT---
There are a few things to keep in mind about DRM that have not been explained in a lot of the articles.
This was debated on ILUG yesterday. Here's the mail that started it: http://www.linux.ie/lists/pipermail/ilug/2006-Febr uary/086087.html
So it's worth keeping in mind that what Linus calls the GPLv3 is actually only the first discussion draft - but also, due to point #2 above, while changes may be made, I'd be pretty sure there will be DRM-combatting provisions in GPLv3.
Please help publicise swpat.org - the software patents wiki
I am sure that Linux will be switched over to GPLv3 less then 6 months after GPLv3 is actually released in its final form. The issues that Linux and some others are bringing up are mostly their misunderstanding of what is acually said in GPLv3 and how it corelates with the DMCA and case law of USA and with laws in other countries.
NOTHING in GPLv3 disallows implementing DRM with GPLv3 code. However there are some extra provisions that insure that if such implementations are made, the right to change that code (which is one of the most protected rights in the context of the GPL) can not be taken away from the users by a means of a DMCA-based lawsuits.
Oh, and if you make hardware and sell it to the users, please do not restrict what code users can use on that hardware, or if you do, please do it without using our (GPLv3'd) code. That is the TiVo scenario - the TiVo has sold a person a computer, but it uses a technical provision to deny thoses people an ability to execude their programms on the hardware. They might not be able to give us some services if our software does not work like theirs does or they would surely not support software problems in our software, but it is not right to use our code and then lock it from us in a box that we paid for.
I think that once the GPLv3 is polished a bit more and once someone explains all the provision of the GPLv3 and corresponding laws to the LKML people in ways that they will understand, the move to GPLv3 will be unobstructed (maybe except for by a few people who wish they would be writing code for BSD anyway).
At that point opening a Linux 3.0 branch with GPLv3 clean code only would be most reasonable thing to do.
Yes, this distinction is important. The way the GPL 3 is worded, from what I can tell, it's trying to say: "you can't design GPL-ed software to run on a device that will not accept modified versions of the software. If you design such a device/software combo, you must release the keys so that anyone can run modified code on your device. On the other hand, if the modified software can run properly on the usual device without those private keys, then you don't have to release the keys."
... after all, he doesn't even know what the (final) GPL 3 will be like!
It's this last sentenct of my paraphrase (in bold) that is not adequately clear in the current version of the GPL 3. What I wrote above in quotes is what the GPL 3 is trying to say in legalese (I think), but the way it is currently worded, Linus is worried that it will mean that signed (trusted) binaries will not be allowed.
Of course, what everyone seems to be forgetting is that we are reading a DRAFT of the GPL 3. So if there's something that isn't quite right, now is the time to fix it! Get involved in the discussion and tell those who are working on the GPL 3 that the wording needs fixing to make sure that it acts as intended. Linus is saying publicly that he doesn't like the way it is currently worded... but I wish he would emphasize "I think it should be reworded before the final release of GPL 3" rather than saying "I won't use GPL 3"
To summarize: the GPL 3 is currently a draft only. Let's get it fixed to avoid any problems in the future. I agree with RMS that it should not be possible to create a device/software combo based on GPL-code where no one is able to modify the code (and the code only makes sense in the context of the device it was made for). On the other hand I agree with Linus that we should not have a GPL that forbids signed/trusted binaries. It is possible to write a license that clearly differentiates these two cases... so let's do it!
Linus is an engineer. RMS is an idealogue. Linus wants to make a kernel that the maximum number of people can use for whatever they want. He doesn't care what you use it for. RMS wants to restrict you to only using it for things that are "free".
Linus has openly stated that DRM is OK with linux. There's your (potential) beef.
Linus is down with open source. RMS is down with free software. There is a difference, and they don't always get along.
Linus said
"Notice how the current GPLv3 draft pretty clearly says that Red Hat would have to distribute their private keys so that anybody sign their own versions of the modules they recompile,"
when the (draft of the) GPLv3 says
"3. Digital Restrictions Management. [...] no permission is given [...] for modes of distribution that deny users that run covered works the full exercise of the legal rights granted by this License."
As far as I understand, what the GPLv3 says is that as long as RedHat gives you a way to recompile the OS with your own signing keys (or without authentication at all) then they are allowed to distribute GPL software with whatever signature they want.
Where did I miss something ?
--Go Debian!
RMS has no particular say in the Linux kernel (it's not just "Linus'" by the way). However, his opinion carries some weight in the community, and many of those who work on the kernel will indeed take what he has to say into account. Even Linus has obviously thought about it, as evidenced by his rebuttal to the GPL 3.
So while RMS has no particular control over the Linux kernel, he certainly has a well-considered (although admittedly extreme) opinion, and his opinion (and the resultant licenses) are things that the community cares about. Thus, they want to hear what he has to say.
Just because you don't like RMS doesn't mean all the kernel developers do too.
On the other hand, Linus does not have unique control over the kernel. He has copyright on alot of kernel code, so he can obviously block re-licensing to GPL 3 on those modules (as can many developers), but ultimately Linux cannot prevent new contributors from making modules or code using a GPL 3 license.
That's the great thing about FLOSS: no one specific person controls it.
RMS said this is up to Linux kernel developers. Where did he say this is up to him?
Can you explain your reasoning. How did you reach this understanding?
Free Software: the software by the people, of the people and for the people. Develop! Share! Enhance! Enjoy!
What if this happened?
A major network equipment manufacturer takes linux, adds some functionality and starts using it as their primary/only operating system for all of the equipment. They sell it as Linux-based to the masses. Because of the vendor's market position and the new "Linux Based" advertising campaign, most customers readily buy ths stuff up.
We soon find that the hardware will only work with firmware which has been digitally signed by the vendor. Also, although the source code is available (as required by GPL2) it is useless when run on hardware that doesn't have the right keys embeded in it.
The result is hardware that can't be updated except by the vendor and modifications to the software that are not usable by the very developers responsible for Linux in the first place.
So, is this a reason to be concerned about GPL2 vs GPL3? Is the vendor's actions compatible with the spirit/intent of GPL2? Perhaps more importantly, would the fact that something like this *could* happen cause developers who would have improved Linux to stay away?
Please use BSD for that.
Linux is GPL'd for a reason, even if Linus does not know it. There is allmost no comercial backing of the more commercial-frendly BSD licences. Why is it? Because more enforced freedom to all users is the most effective way in the long term and businesses know that.
1. Make a public announcement that the kernel is moving to GPL3. This announcement would undoubtedly be picked up by all the relevant news organizations, and be common knowledge among developers (heh - there's no way it could possibly be kept quiet).
2. Schedule a transition period for the conversion. Say, 1 year.
3. During the transition period. all files start off being GPL2. And the end, all files still included in the kernel are marked as GPL3 clean.
4. Make all reasonable attempts to contact the copyright holders.
5. Cut over those files where the copyright holder has agreed to the license change. Those files which still aren't "GPL 3 clean" can still be included in the kernel.
6. For any files which aren't GPL 3 clean, either toss them, or rewrite them. Odds are, if the owner still wants his or her work kept in the kernel, they will go along with the conversion. But there is no downside to including a GPL 2 file in with the GPL 3 code, as long as it is marked as such.
The legal risk here to a lawsuit is minimal. Any contested file could be reverted back to GPL 2, if someone objected. Damages are unlikely, because of the widespread publicity (where the copyright holder should have known about the change, and failed to act). Also, the damages would be restricted to the impact of going from GPL 2 to GPL 3. THAT would be very hard to establish, at best.
However, the legal risk of the kernel right now due to submarine patents is significant. I wouldn't be surprised if Microsoft were planning to fund a company to do this right now. It would be far cheaper than their current SCO-funded lawsuit, and a lot more effective. This risk, and potential downside, far outweighs that of going to GPL 3.
If someone adds a DRM to a product, it becomes illegal in the United States (DMCA) and many other countries to take it out. Because of this, by clause 7 of the GPL version 2, it seems that it's already illegal to implement a law-enforced DRM into existing GPL'd code in many countries, and distribute that program. Without that clause, for example, Microsoft could make a DRM'd Microsoft Linux that is legally protected from modification by anyone besides Microsoft. You wouldn't be sued for violating their license terms, because it'd still be under the GPL. Instead they'd sue your for breaking their DRM. Instead of them violating the GPL, the law would be violating the GPL on their behalf, and clause 7 of the GPL 2 protects against this by revoking their right to redistribute if this happens. The GPL3 just makes this more clear by saying that DRM is incompatible with the GPL.
It has nothing to do with users' freedoms, but rather with restrictions on competitors. Businesses support Linux because they know that if they add things (drivers, performance enhancements, et cetera) to Linux, their competitors WON'T be able to use it without also making their changes public. There is no incentive for a business to contribute to a BSD-style licenced project, since competitors can then use their code without restriction (except for the "advertisting" clause).
My other first post is car post.
Don't tell me you can't use Linux for DRM software if you can use Linux in a child porn video lab.
This is not a straw man. GNU has in the past rejected all moral embargos on the use of free software. See their condemnation of the Hacktivismo license, which prevents the software being used by authoritarian governments and spyware makers:
Because it restricts what jobs people can use the software for, and restricts in substantive ways what jobs modified versions of the program can do, it is not a free software license.
If we were ever going to make an exception to our principles of free software, here would be the place to do it.
As for restricting the use of the software by governments that violate human rights, this is likely to be ineffective. There are many other programs they can use. Also, at least under US law, a copyright-based source license can't restrict use of the program; such a restriction is not enforcible anyway. Meanwhile, they can simply decide they are exempt from the restrictions.
So why is DRM a greater crime than the rest of these? Is not DRM a "use of the program"? Won't companies that make DRM be unwilling to use open-source modules anyway - or at least not re-release the source?
I really think that here is an example of the GNU's political fight (DRM and software patents are evil) outweighing their moral fight (restrictions on software are evil).
The real problem, then, is that GPL3 as drafted needs a lot of work wrt the DRM language because there seems to be no clear consensus about what those sections actually mean. I mean, I personally dislike DRM and Treacherous Computing as much as any good Slashbot out there, but even still I'm not sure I like these DRM clauses in the GPL3 because they seem overly vague on a lot of points.
I do not have a signature
Thousands of people who have contributed to Linux have done so on the basis that it is released under the Linux licence (which btw is not GPL2, but a derrivative of GPL2). To **legally** change the licence you've have to track down all those contributors and get their permission. Same deal with selling the source or any other act of ownership of the source.
Engineering is the art of compromise.
I think Linus is absolutely right.
I don't like MS world but neither do I like RMS world either. Other wants world where everything is MS, other wants world something absolutely can't be. To be absolutely be and not absolutely be are just two sides of same coin. I don't see a diffrence there.
I think I should, and everybody else too, to be able use DRM technology if I want to. RMS or some stupid license shouldn't deny it from me. Or should I move to Windows if I want to defend my right to choose?
This shouldn't be where Linux is going to. Keep the system open, let the users and developers design what there can be,
Don't say what they can't do.
Nobody knows the trouble I've seen, nobody knows has the trouble seen me, even I sometimes wonder why I write these line
So GPLV3 effectively prevents digital signatures from being used to determine if a binary may be from a source the user trusts!
No it doesn't. You can provide a digital signature that verifies that binary is from 'Bluehat' without the signature being required to run the binary.
The key difference here is that the former informs the user who is then free to make a decision about whether they want to trust a non-'Bluehat' binary, and the latter tells the consumeruser he isn't allowed to run a binary that's not from 'Bluehat'.
1. it is my technical (as a paralegal) opinion that, if Linus don't change his mind, the kernel can NEVER be relicensed GPLv3. This is because I consider that the GPL restricts the distributions of derivative works under the terms of the GPL (as per section 0) or under more liberal terms (as per section 6) and the GPLv3, at least as currently drafted, is more restrictive than the GPLv2.
2. as a corollary -- and another justification -- to (1) above, it is my technical opinion that most (at least 80%, but probably more than 90%) of the "official Linus Penguin-pee blessed" kernel source lines are, as a matter of fact, a derivative work on the continuous works of Linus Torvalds, since 1991.
3. just as RMS, I think proprietary software is bad. I think proprietary software is bad because proprietary software -- especially the kind you normally buy in a box -- is basically a scam. What is the scam? When you buy some medicine, you are paying for (P) the cost of production [normally the dominant cost factor, but at least au pair with the other cfs] + (R) the cost of research + (F) the amortization of some future research + ($) some profit to pay for the invested money. In the case of proprietary software, we have P ~~ 0. MS invested ten million dollars on MSWord (insert some version number here) and was rewarded a billion dollars by it in less than (number less than ten) years because they use their "bait and switch" tactics, their "first use for free" tactics, their "hook the kids" tactics, and their "leverage any semi-monopoly we have" tactics. Tell me, what other business uses those exact four tactics? (just like some illicit business, their profit margin is incredible)
4. in this respect, I think Free Software (and copyleft licenses) is not only more fair, but more "right", too. When you have an itch, you pay a programmer to scratch it. No strings attached other than "others must play fair too". People that PRODUCE software continue being paid to produce software, ie, to churn out LOCs. But people that just exploit the general public by sitting on a product (yeah, a nice one by a number of accounts, and this "nice" I'm saying even applies -- or applied some day -- to Windows 95) that they have done once. Imagine a perfect world, where instead of lining up MS's stockholder pockets, all the profits of MS had being used to hire more programmers!! And send them to churn out more -- and better -- code!! Get it?
5. yes, I love numbered lists.
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
First of all, nobody knows what the GPLv3 will say about DRM. What's been released is only a draft, and the purpose of releasing a draft was to get feedback on it. Enough people are unhappy with exactly what the draft says about DRM and how it is phrased that the final version will almost certainly be different in some way (or the GPLv3 will be seen as not having taken into account community needs, and quickly become irrelevant).
As far as I can tell, nothing in the GPLv3 would prevent Bluehat from releasing a signature for a binary without giving the signing key. (I doubt that a court would even find that the hash in a signature is a copyrightable work, let alone a derived work, so the license on the binary doesn't matter to what they can do with the signature.) Certainly nothing would prevent Mactel from producing a motherboard that would only run binaries signed by Bluehat; they're not dealing with GPL code at all (unless they're checking the signature with GPG in the BIOS, I guess). On the other hand, the GPLv3 would probably prohibit distributing a complete system consisting of the Mactel motherboard, the Bluehat kernel, and the Bluehat signature, without the Bluehat private key.
Your claim:
So GPLV3 effectively prevents digital signatures from being used to determine if a binary may be from a source the user trusts!
is wrong, however. It prevent signatures from being used to determine if a binary is from a source the vendor trusts. The user can refuse the GPL and ignore it entirely, and be legally fine with fair use rights to use of the binaries. The user can't distribute the resulting system with Bluehat's public key built in, but that's a good thing; the recipient should be allowed to decide that Bluehat is an evil organization and only Boydriva is trustworthy.
Linux is under GPLv2 license. But it's not *owned* by Linus. Linus holds the trademarks, and owns a large portion of the code because he wrote it. But there has never been a requirement for anyone submitting changes to Linux to sign over their rights to said patch. Therefore, each and every submitter would have to approve any change of license. I can tell you now, that will NEVER happen.
You do not have the freedom to murder me, and that allows me to freely live in the same society with you. If you had that right, I would not be free.
In order for us to be free to walk on the sidewalks, we all have to give up our freedom to drive wherever we want.
The only freedom that the GPL restricts is the freedom to restrict someone else's freedom.
Anarcy isn't all that it's cracked-up to be.
...because "hacker" sounds way sexier than "code drone."
The cost of converting to GPL v3 in time and effort (which is fairly high) when compared with the benefit (which is little, if any), are so enormously out of balance that it makes any change highly unlikely.
Linus's motivation and goals are very, very different than RMS's. Stallman will be satisfied with nothing short of a revolution; Torvalds just wants to create a really cool kernel. Linus will not even entertain notions of rewriting his kernel license because, and this is the important part, there's nothing wrong with his current license. Since it ain't broke, there's no reason to fix it.
RMS was, undoubtably, very disappointed over Linus's wholesale rejection of the new GPL version. It sounds like Linus didn't even bother reading it all the way through because he wasn't interested in change to begin with. It's extremely likely that others will take Linus's word on the subject as gospel (Linus being a god, and all) without bothering to read the license themselves, spelling disaster for GPL v3. What you're currently witnessing is RMS's "it's not dead yet!" effort at salvaging the GPL3.
"With sufficient thrust, pigs fly just fine. However, this is not necessarily a good idea...."
RFC 1925
Help me out here. I'm trying to figure out under which social theory you think Bluehat has the right to take thousands of man-years of effort and lock it down into a closed product. If Microsoft were to do that, more power to 'em: they financed the whole operation and have every right to it. Bluehat, though, is taking my (figuratively) work and telling me I can't use it as I see fit.
Frankly, I have little sympathy for such dealings. Want a solid, closed-friendly OS? Pick one of the BSDs, as they explicitly encourage it. Linux isn't an appropriate choice here, and companies that want a free ride of its back can bite me.
Dewey, what part of this looks like authorities should be involved?
You've got it wrong. Bluehat can still provide signed binaries and not provide the signing key for those binaries. However the hardware must allow the user to run unsigned binaries. That way you get the best of both worlds: you can use Bluehat's signed binaries if you so choose, or you can opt-out and run unsigned binaries, or Bluehat can provide the signing key and you can sign your own binaries. Everybody gets what they want (except maybe Bluehat).
All the GPL3 is trying to stop is the case where Bluehat produces hardware that only runs Bluehat binaries.
Disclaimer: IANAL and this is not legal advise.
Note: I realize the other responses make similar comments. For some reason comments.pl disappeared for while and I couldn't submit this. There were still some unique elements, so I thought I'd submit it anyway once the comment pages returned.
Your example seems rather contrived. I can imagine (barely) such a contract, but the GPL3 would not get in the way, as long as the source code they provided could be used on normal systems as well, with the same functionality (or at least that is the intention). The agreement between the business and the insurance company can't have any effect on "Bluehat's" obligations under the GPL3. It would only prevent "Bluehat" from releasing the software with modifications that require "Bluehat's" signature to work. The software can require "locked" hardware, so long as either the signature required by the "locked" hardware is controlled by the machine's owner, or the signing key is provided with the source code.
In your example, the business would lock its production hardware to use only software officially signed by "Bluehat", in accordance with its contract with the insurance company. Bluehat would provide its "official" signed release software, which could be used on the production hardware, along with the source code (but not the signing key). The business could compile the own version of the software, sign it with their own key, and load it onto their development hardware. Since they can sign it themselves, they can make modified versions and use them on any machine not subject to their agreement with the insurance company.
The problem the GPL3 is trying to prevent is the case where an "open source" application is developed which requires access to e.g. DRM decryption hardware which can only be used with a specific key: a driver for a DRM-crippled video card, for example, or a media player which must be signed with an "approved" key to access an external storage device. In an extreme case, someone could create a version of a GPL'd software package modified to use DRM-aware encryption hardware to save its documents; the software would be "open source", but only their signed release would be capable of reading or saving the documents. In these cases, you can't compile your own working versions because you don't have access to the required signing key. The GPL3 would require, in these cases, that the signing key itself be included in the source distribution, because one cannot produce a working piece of software from the source code without it. Since that is unlikely to happen, the GPL3 would effectively prevent people from using existing GPL3 code to create software that is "open source" in name but cannot be used in modified form without the approval of the owner of an authorized signing key. I can't say I disagree with that intention.
Of course, the GPL3 is currently still in a draft state, and the wording of the new provisions probably still leaves some ambiguities that should be cleared up by the time the final version is released. I am confident, however, that their intention is as I described above, which is exactly the same as the intention of the GPL2: to prevent open-source software from being effectively turned into proprietary software through the addition of incompatible closed-source modifications. The GPL3's authors aren't trying to shift the balance of power; as with the changes to the software-patent clauses, developments in technology and law have simply made it necessary to close a few potential loopholes in the GPL2.
"The state is that great fiction by which everyone tries to live at the expense of everyone else." - Bastiat
For example, on my pet project I use GPL rather than BSD because I want to make sure that every derivative will be free-software, that's what I care about protecting. If I release content and someone has the right to make a DRM-encumbered version of it, this freedom is lost. To protect (the freedom of) that content, I use a license with anti-DRM clause.
The filesystem is the package manager