Slashdot Mirror
Could Linux Still Go GPL3?
turnitover writes "Even though Linus has said 'The Linux kernel has always been under the GPL v2. Nothing else has ever been valid,' LinuxWatch is reporting that Richard Stallman has said it's ultimately up to the developers. And those on the LKML (Linux Kernel Mailing List) are going back and forth about whether to move to GPL3. The sticking point, not surprisingly, is the issue of DRM." In response to the DRM issue Linus wrote: "I personally think that the anti-DRM clause is much more sensible in the context of the Creative Commons licenses, than in software licenses. If you create valuable and useful content that other people want to be able to use (catchy tunes, funny animation, good icons), I would suggest you protect that _content_ by saying that it cannot be used in any content-protection schemes."
Speaking of RMS, is it just me or does the GNU /. topic icon look like it is sucking it's thumb and holding a blanket. If it is, was this a stab at RMS?
500 dollar reward for tip(s) leading to the arrest of the person(s) who stole my sig.
You can't just take code already under GPL2 and move it to GPL3 without the authors' permissions. That's CHANGING THE LICENSE, and that's exactly what Linus is getting so fired up about. Everyone that contributed something under GPL2 would have to be contacted and would have to give consent to have their code moved over to GPL3. You can't just make a broad sweeping change to the license. If you could, then you could easily fork and close-source your branch. If that were the case, we'd have IBM, Novell, Sun, and RedHat proprietary Linux. It would also be a management NIGHTMARE to have pieces of code under each license.
The main issue isn't DRM or not-DRM, it's YOU CAN'T CHANGE THE LICENSE!
There is a good article on LWN.net, but it's subscriber-only until Feb 9th: http://lwn.net/Articles/169797/
Here's an excerpt:
==BEGIN EXCERPT===
Another thing to keep in mind is that Linus can change his mind, even after seemingly painting himself into a corner with an absolute statement. One of your editor's favorite Linus pronouncements was issued almost exactly seven years ago. In response to a query on how to set up an i386 box with 4GB of memory, Linus stated:
Oh, the answer is very simple: it's not going to happen.
EVER.
You need more that 32 bits of address space to handle that kind of memory. This is not something I'm going to discuss further... This is not negotiable.
Less than one year later, Ingo Molnar's high memory patch was merged for 2.3.23.
===END EXCERPT---
There are a few things to keep in mind about DRM that have not been explained in a lot of the articles.
This was debated on ILUG yesterday. Here's the mail that started it: http://www.linux.ie/lists/pipermail/ilug/2006-Febr uary/086087.html
So it's worth keeping in mind that what Linus calls the GPLv3 is actually only the first discussion draft - but also, due to point #2 above, while changes may be made, I'd be pretty sure there will be DRM-combatting provisions in GPLv3.
Please help publicise swpat.org - the software patents wiki
Linus said
"Notice how the current GPLv3 draft pretty clearly says that Red Hat would have to distribute their private keys so that anybody sign their own versions of the modules they recompile,"
when the (draft of the) GPLv3 says
"3. Digital Restrictions Management. [...] no permission is given [...] for modes of distribution that deny users that run covered works the full exercise of the legal rights granted by this License."
As far as I understand, what the GPLv3 says is that as long as RedHat gives you a way to recompile the OS with your own signing keys (or without authentication at all) then they are allowed to distribute GPL software with whatever signature they want.
Where did I miss something ?
--Go Debian!
What you say is true. However Linus has ideals too. In TFA he says "the point of the GPL is not the 'convert the infidels' logic, but something totally different: 'quid pro quo.' "
The GPL 3 is anti-DRM in a big way, and Linus doesn't agree with that, fair enough. However another aspect of it is to prevent someone from taking GPL code, and designing a hardware/software combo that will only run using unmodified versions of the code. In such an instance, they use GPL code, but their modifications are useless to the rest of the world because we can't modify their version and run it on the device. Basically they break Linus' "quid pro quo" rule. Thus part of what GPL 3 is trying to do is exactly what Linus says he believes in.
I personally think the GPL 3, as it stands, needs some revisions before being finalized. Linus is a smart man and has pointed out one of the very real problems with the current draft. But to suggest that Linus is just an engineer, with no ideological concerns whatsoever is not quite right. He's not the zealot that RMS is, but he still has (legitimate) moral concerns (otherwise he wouldn't care what license gets used). As should we all, frankly.
Scenario A:
Alan signs a Linux binary with his private key "A". He makes available public key "a". Many Linux installations are set to refuse to run binarys which are not signed to match one of the public keys they have in their "trusted keys" file, which typically include Alan's key "a". I can run a modified binary as follows: Create my own key pair "C" and "c". Add public key "c" to my trusted keys file. Modify, compile the program, sign the binary with "C". The program now runs.
Scenario B:
BadCorp's box has DRM-like hardware which refuses to run any code not signed by BadCorp's private key B. They use a modified, signed copy of Linux as the OS. They make available the source of their modifications (which are pretty much specific to their hardware) but nobody else can modify the kernel running on a BadCorp box because they don't have key B.
I think scenario B is what the GPL v3 language is trying to forbid, and scenario A is why GPL v3 doesn't require Alan's private key to be released. However, I'm not sure what happens in
Scenario C:
BadCorp produce a box which won't run unsigned code, and which only they can add keys to the trusted keys file. DastardlyCorp produce modified GPL programs for the BadCorp box, sign the binaries with key "D" and pay BadCorp to add key "d" to the trusted keys file. DastardlyCorp won't release key "D" - "It's our private key. Get BadCorp to add your key to the box if you want to modify stuff. It is their fault, not ours, that you can't run on their box." BadCorp says "Only if you pay us money. We aren't bound by the the GPL - we don't release any GPLed software." (And BadCorp and DastardlyCorp just happen to be owned by the same people.)
Scenario D:
As above, but BadCorp unilaterally add Alan's key "a" to the trusted keys list. Now Alan can recompile for the BadCorp box, but other people can't - but Alan did not want this situation to be.
How can the license force DastardlyCorp to release their key in scenario C, but not force Alan to release in scenario D?
Disclaimer - I am not a lawyer, I have not followed this controversy closely. Better informed comment is invited.
Quattuor res in hoc mundo sanctae sunt: libri, liberi, libertas et liberalitas.
So GPLV3 effectively prevents digital signatures from being used to determine if a binary may be from a source the user trusts!
No it doesn't. You can provide a digital signature that verifies that binary is from 'Bluehat' without the signature being required to run the binary.
The key difference here is that the former informs the user who is then free to make a decision about whether they want to trust a non-'Bluehat' binary, and the latter tells the consumeruser he isn't allowed to run a binary that's not from 'Bluehat'.