Slashdot Mirror
Kororaa Accused of Violating GPL
AlanS2002 writes "The Kororaa Project, a pre-configured binary install method for Gentoo Linux which bundles nVidia's and ATI binary drivers in its Kororaa Xgl Live CD , has put its Live CD on hold after being accused of violating the GPL. The issue appears to be the distribution of the Linux Kernel and nVidia's/ATI binary drivers together. When the binary drivers are built the GPL'ed code is included in the binary result, which is a violation."
It only taints the kernel if you load the module. The kernel itself [the bzImage] is entirely based on GPL code.
/me shakes head...
So don't autoload the drivers and the kernel will not load with a tainted status.
Tom
Someday, I'll have a real sig.
Repeat after me:
There is no GPL code in the binary driver!
Nobody claims there is and that's not the issue here.
One really has to ask how this article submission could have been acceptec, especially as the way the nvidia driver works is clearly spelled out on the kororaa hompage:
The NVIDIA kernel module consists of two pieces: a binary-only
portion and a kernel interface layer (aka the "shim"). The
binary-only portion is not Linux-specific (the same code is used
on Windows, Solaris, etc), and does not include any Linux kernel
header files when it is built. The shim is provided in source code
form with the driver package, and this is the piece that is compiled
for your version and configuration of the Linux kernel. The shim
is the only piece that references Linux kernel data structures or
macros, and only does so to the extent that is needed to provide
the functionality of a modern graphics driver. After the shim is
compiled, it is linked with the binary-only portion, to produce
the final NVIDIA kernel module.
Nope. You have to provide every piece of source code necessary to build it. The maintainers of KORORAA don't have the source code to NVidia and ATI drivers. Hence the violation.
No, that's blatently wrong. OpenWRT includes the closed source BroadComm network driver, and RedHat Enterprise includes lots of Redhat only software that isn't GPL.
Now, if you created your own custom kernel in order to make the binary drivers work, but then didn't include the source code for that, I would agree with you. But they didn't modify the kernel at all. They just compiled kernel modules.
If the drivers themselves were "Derived works" then that would prohibit distribution. However, that would also prevent people from using them at all and require ATI and nVidia open sourced the drivers. This is not the case, though. The drivers contain a GPL kernel interface and a binary only driver. The kernel interface that the ATI and nVidia drivers use is the derived work, and is opensource. You can get it in the respective packages from ATI and nVidia's websites.
According to information that the originator of Kororaa received from NVidia while investigating this matter, this is not true.
NVidia states that the binary is the same binary they use in all Systems. Be they Linux, BSD, Windows, or Bob's Unknown Mini-OS. The "shim" is the glue code they write that is OS specific that makes calls into the binary.
"Genius may shine aloof and alone, like a star, but goodness is social, and it takes two men and God to make a Brother."
Perhaps, but the binary module is compiled by linking against the kernel headers, and it includes shim code which may (or may not) be derived from the kernel.
That is not "linking" in the sense that is covered by the GPL. The kernel headers contain declarations for kernel functions, structures, and macros. They don't actually produce any object code that is linked in the binary. The binary driver is produced from two object files, one distributed binary-only by NVIDIA and one compiled from NVIDIA's shim source, which is explicitly allowed to be linked with the binary, and not under the GPL. So no mixture of proprietary and GPL code occurs until runtime, when you actually use the driver, and while that is technically a GPL violation since the kernel runs in a single address space (hence the "tainted kernel" messages) neither NVIDIA nor any distributor is liable for it.
Why do you think that nvidia doesn't precompile their shim code too, when they distribute their kernel module.
They do, actually, or at least they used to (for the default kernels of specific distributions). Its just that the Linux kernel doesn't have a stable binary ABI for drivers, so it is necessary to recompile it for every single different kernel version. If it was up to them they likely wouldn't distribute any code at all, just a binary module, but because of the way Linux is that isn't practical. Other distributions, including even Debian, have also distributed linked binaries of the NVIDIA kernel drivers without trouble.
"(Man) tries to live his own life as if he were telling a story. But you have to choose: live or tell." --Sartre
The nVidia "shim" is licensed under the GPL and is copyright nVidia --- this means that it's perfectly legal to compile the shim against the GPL kernel. At the same time, nVidia is free to do whatever they want with the shim, and its license is immaterial to them at that point because they hold its copyright. The GPL has no say over what else the copyright owner can do with kernel-linked code, the only thing that's mandatory is that it's GPL'd, and it is. For example, it's very common for copyright holders to dual-license their own GPL'd code for commercial and highly proprietary use.
Well, what nVidia chose to do in this case is to link the shim with their binary driver, and they're perfectly entitled to do that, by their copyright. Furthermore, since the shim and the binary driver are separate components from the kernel, they can certainly be shipped on the same CD as GPL components, as long as the binary code is not linked to the kernel. And it's not.
So you see, by virtue of being the copyright holders of the shim and GPL'ing it, nVidia easily comply with the requirements of the GPL but aren't constrained in what else they do with it.
If the binary module were linked against the kernel then you'd be right, but it's not. At no point in time did the binary module even get a sniff of the kernel, and it's shipped without knowing anything about it, nor viceversa.
Yes, the dependency is contrived, but that's how the GPL forced them to rearrange their code dependency graph in order to stay on the good side of the GPL's guidelines.
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
No, stop the FUD, please.
As a special exception, the Free Software Foundation gives unlimited
permission to copy, distribute and modify the configure scripts that
are the output of Autoconf. You need not follow the terms of the GNU
General Public License when using or distributing such scripts, even
though portions of the text of Autoconf appear in them. The GNU
General Public License (GPL) does govern all other use of the material
that constitutes the Autoconf program.
However, if the exception was not there, anything that needs autoconf would have to be licensed under a GPL-compatible license. Not necessarily GPLed itself -- if your piece of software is, for example, under BSD3, anyone can replace GPLed parts with something else and be not bound by the GPL any more.
In nVidia's case, though, there is no such exception, and it would be next to impossible to get it, considering that every single contributor to the Linux kernel would have to grant it. Including those who are dead (in which case you need to track down whoever inherited the copyright) or in persistent vegetative case (in that case you're simply out of luck until they die).
The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
Does anyone besides open source zealots care about open drivers? I think so. Perhaps if Nvidia and ATi had open sourced their drivers, Xgl wouldn't have taken so long to exist (Xgl requires a certain level of driver support, and aiglx even more so). I'm pretty sure you'd have liked this just as much 4 years ago, when I first saw people talking about things like openGL accellerated gtk widgets, and otherwise imagining how to use 3d to its best. But 4 years ago, you were writing off a large group of people by doing that.
Furthermore, installing drivers for your ethernet, cd drive, etc is very simple on linux, because the drivers are open source and in kernel. Attempting to maintain a glue between the kernel and your driver is painful and prone to failure; unlike in tree drivers, when someone else breaks code you depended on, you have to fix it, not them. Recall that nvidia's nforce2 boards are better supported in the kernel than by nVidia itself! With no documents to support them in their efforts, even. I hear they even now recommend the reverse engineered driver over their own, but don't distribute or improve, oddly. If nvidia's drivers were GPL'd, installing them would be as simple as installing anything else.
It's pretty naive to think that their IP is so valuable that the source code would disclose it any more than the underlying binary code does. Their IP is already in jeopardy by distributing the software. One of the many reasons I suspect they have no intention of participating in OSS is that there's a number of speed over quality decisions written into it that would be exposed, perhaps even application specific optimizations. While this could be neat to have optimized drivers on a per game basis, this is never disclosed to the public (and when revealed sparks not applause but public humiliation). Furthermore, it means that optimizations are done on their terms, not the public's. Any application specific optimizations are given only to a specific application, with no cross over improvement in other applications, or the ability to make the change. If NVIDIA really wanted to share their drivers with the public and gain all the benefits often touted, they'd stop pointing at other people's IP they own and begin to change it. They haven't, and they won't. What nefarious secrets lie within? Perhaps just a case of "this stuff is really hard, and we don't do it very well?"
Just a thought -- if you dislike the open source spirit as embodied by the GPL, why not do something productive about it, like make a liveCD based on BSD running Xgl. There's nvidia drivers for BSD too, ya know. And for all the talk about pressuring vendors to open their code, they have no qualms about giving it away reguardless with no expectation of anything in return. Linux needs to focus on being Linux, not beating Redmond.
The good news is that I suspect the person who wrote to Kororaa doesn't actually have any basis for the claim. While nvidia's legality has been on shady grounds, the message published doesn't provide any insightful evidence in either direction. Anyone seriously familiar with the kernel and binary objects should be familiar with the recurring arguments and whatnot. It's clear to me that if the drivers themselves were in violation, nvidia would have been sued some time ago.
I Browse at +4 Flamebait
Open Source Sysadmin
So don't autoload the drivers and the kernel will not load with a tainted status.
That doesn't make any difference.
Copyright law prohibits the creation of derived works without permission, and the GPL does not grant that permission unless you distribute source. So the question boils down to "Are the binary-only modules derivative works under the law?".
The answer is: yes and no. The modules come from ATI and NVidia in two parts: a binary-only part that contains all of the interesting code, and some "glue code" that is distributed in source. Both parts have liberal redistribution permissions, which makes the GPL happy, so the big issue is source.
The argument is that the core, binary-only components of their drivers are not derived works of Linux, since they contain no Linux code (not even any headers) and I think they even claim that the same binaries are used on other platforms and wasn't developed specifically for Linux, at least in the beginning. The glue code that they distribute that wraps the binary-only component is clearly a derived work of Linux, but they distribute the source to that.
When a user compiles the glue code and links it with the binary-only component to produce a kernel module, the result is a derived work of the GPL'd Linux kernel. Note that I didn't say "and loads it into a running kernel". That's not really relevant. Technically, it's somewhat unclear whether the GPL gives users the right to create otherwise unauthorized derived works, but the general interpretation (including by the FSF) is that people can do whatever they like, and it's only when they start distributing that the question of whether or not the GPL has granted them permission becomes important.
When someone takes that same compiled glue plus binary module and distributes them, they're distributing a derived work of Linux, without complying with the terms of the GPL, and therefore without permission to distribute under copyright law.
I think it's quite clear that Kororaa cannot do this without infringing Linux copyrights. The only way they can justify it is if they can argue that the binary kernel modules (glue + core binaries) are not, under the law, derived works of Linux. That seems like a tough one, but IANAL, so maybe it's possible.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Intel publishes open source drivers for their latest integrated video chipsets.
While people may report that some Matrox or ATI cards work fine with open source drivers, those are all old, discontinued cards. If you want to buy new hardware, Intel is basically your only choice for open source drivers.
>> Does Matrox or Intel release source code to their drivers? (Is Matrox even still in the consumer graphics card business?)
Yes, Matrox is still in the business, but they're not really competing directly against nVidia and ATI in the games market -- for example, they provide no hardware vertex or pixel shaders in their consumer cards. And yes, Matrox does release driver source code.
I recently bought a Matrox Millennium G550 PCIe, and not only does it list Linux on the retail box alongside the other operating systems, but their product page proclaims it as "the world's first PCI Express graphics card with open-source display drivers for Linux and other Unix-like operating systems". And they're quite inexpensive too, which is nice.
The drivers are in recent kernels already too, although I'm getting "drmOpenDevice: Open failed" problems at the moment so DRI is being disabled and thus 3D isn't accelerated on that box just now. I hope it's just a local misconfiguration.
Not really sure what the status is beyond that, but in theory the G550 should have good support in Linux without needing any binary modules.
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
People choose the GPL for all sorts of reasons. Some kernel developers like the GPL because they want the kernel, including hardware drivers, to remain free software. They're actively opposed to the idea of binary-only drivers proliferating, even if it means more hardware support for Linux. Did you happen to read the link I gave you?
The issue isn't whether it's arrogant to say that; the issue is whether or not it's legal to distribute the NVidia driver with the Linux kernel. My personal opinion is that it is legal, actually, but treating the whole issue as "licensing crap" is wrong. It's like a child complaining about having to eat dinner before having cookies. "But I like cookies! Why can't I just have cookies?"
I know you like hardware support. I like cookies. It's not that simple, though, and saying "stop worrying and eat cookies" doesn't make it that simple. You should think about why Linux is so much better and more successful than its non-GPLed competitors, and why Linus said that relicensing Linux under the GPL was the best thing he ever did.
Why do you think it's just RMS, and that everybody who choosed to use his license actually doesn't agree with most of what it's supposed to mean? Where did you get that idea?
You really should read that link I included. Here, I'll include it again:
http://www.groklaw.net/articlebasic.php?story=200
I'll even save you some clicking: Some kernel developers (Arjan van de Ven and Andrea Arcangeli) are very concerned about the popularity of binary kernel drivers, and see it possibly eroding Linux's freeness, and interfering with the process of kernel development even for those not using the binary drivers. That's the opinion of people who are heavily involved in kernel development. You say it has "exactly zero to do with creating quality free code"; why do you think you know better than they do?