The FSF, GPLv3 and DRM

whats-life-without-gpl writes "FSF has a thing against DRM. This article tries to explain why RMS isn't a DRM (Note that NewsForge is also owned by OSTG) fan and how GPLv3 is gearing up to protect against it. "

The problem with signing

Linus Torvalds, has a problem with this. He says that he himself signs the Linux kernel, and that that's his way of telling everyone, "You can trust this, it's from me." In an email message to the Linux Kernel Mailing List (LKML) on 23 April, he says that there are two types of keys: "One is an external key that is applied _to_ the kernel (OK, and outside the license), and the other one is embedding a key _into_ the kernel."

GPLv3 says that if any GPLed software carries an embedded key, this key should me made available to the users, but it makes no demands on the first kind of key. Linus has said that he would never distribute his signing keys, but the GPLv3 does not require him to release them. The key he talks about only describe the trustworthiness of the kernel. It in no way affects the freedoms of copyleft. It's only the embedded keys, which can be used to nullify the freedoms offered by copyleft, that need to be released.

Re:The problem with signing

[mrchaotica]

The detail is that the Tivo hardware enforces the authenticity of Tivo's signing key, whereas it's up to the user to enforce the Linus key.

But the effect is the same.

If a company, for example, edicts as policy that they won't accept any kernel save that signed by Linus, then that pretty much leaves everyone else out of the picture for Linux kernels, doesn't it? GPL or no, that company can't get a kernel from anyone else.

The difference is that the same entity is both the one releasing the code and enforcing the key. Linus doesn't have to release his key because he is not requiring it to run the code on anything (therefore, he isn't violating the license). Some company can create hardware that will only accept kernels signed with some particular key only if it doesn't actually distribute a modified and signed kernel itself (because it wouldn't be bound by the license in the first place).

This does bring up a flaw in the idea, though: what stops a company like TiVo from creating "unrelated" shell organizations so as to separate the kernel development and hardware development in order to get around this?

(note: I used the kernel merely as an example; there's no need to inform me about issues related to the lack of the "or any later version" clause)

Re:The problem with signing

[Chops]

It's not quite so simple. Suppose a manufacturer were to build a computer that would only run an OS signed with Linus's key. That turns his "signing key" into an "embedded key". The problem here is that there is no fundamental distinction between the two kinds of keys; it's just a question of how they are used.

The manufacturer building that computer is perfectly legal. Linus continuing to develop Linux and sign his copies of it afterwards is perfectly legal.

The illegal act -- and the signifier of the "fundamental distinction" you're after -- is when the manufacturer copies Linux in order to sell it to someone on his special computer. He may only make that copy if he's complying with the terms of the GPL, the same as it ever was, and in order to comply with the GPL, he must ensure that the people receiving software from him receive the same rights he had when he received it -- the rights to modify it for any purpose that suits them. Since he want to deny his customers that right (at least when running on the computer he sold them), the GPL v3 will (correctly IMHO) deny him the right to sell Linus's software along with his shiny new computer.

If he made that computer, and required that his end users download a kernel.org kernel signed by Linus in order for his computer to operate, he would be in the clear, as would his end users (since they aren't copying any GPLed work, the provisions don't have to apply). This situation would make RMS slightly unhappy, since the end user isn't free to modify his computer's software, but it's perfectly legal according to the terms of the GPL v3.

Of course, the DRM provisions aren't designed to attack that farfetched example; they're designed to counter the much more plausible example of Tivo-style DRMization of GPLed works, letting Tivo profit from hundreds of millions of dollars worth of community research without compensating the community in kind.

Re:Of course RMS is not a DRM!

[Chris+Pimlott]

The summary actually says he's not a "DRM fan" but it's interrupted by the awkwardly placed "potential bias" disclaimer. Editors, you can just put that at the end of the summary, no need to jam it in the middle of a sentence where it destroys the flow.

Re:What's wrong with TiVo?

[Bryansix]

Because if you RTFA you will see that TiVo makes it impossible to run modified code on it's hardware which effectively makes the source code useless to anybody.

Re:Preaching to the choir?

[Millenniumman]

No it can't. It will always be free. The difference is that it can be used in proprietary software, and there is nothing wrong with allowing people that freedom.

OSS is properly a development model, not a philosophy.

Re:I fear a repeat of the Bison fiasco...

[mpcooke3]

DRM will be used to attempt to restrict users rights to read documents, share documents, listen to music, watch films and possibly connect to other systems.

Microsoft, the RIAA and the MPAA have wanted to be able to do this for a long time.

We will then need a blessed versions of Linux that has been signed by a major financial backer like IBM who could give kickbacks to the right cartels just to be able to access the content we can currenly use and to read files sent to us from Microsoft machines.

I don't know if Richard Stallman stands much chance against the tide of monopolies and cartels that want to use DRM to restrict our rights(RIAA/MPAA) and kill competition (Microsoft).

But I'm glad someones trying.