Slashdot Mirror
The FSF, GPLv3 and DRM
whats-life-without-gpl writes "FSF has a thing against DRM. This article tries to explain why RMS isn't a DRM (Note that NewsForge is also owned by OSTG) fan and how GPLv3 is gearing up to protect against it. "
← Back to Stories (view on slashdot.org)
One is a person, the other an ill conceived business plan...
No sig for the moment.
Linus Torvalds, has a problem with this. He says that he himself signs the Linux kernel, and that that's his way of telling everyone, "You can trust this, it's from me." In an email message to the Linux Kernel Mailing List (LKML) on 23 April, he says that there are two types of keys: "One is an external key that is applied _to_ the kernel (OK, and outside the license), and the other one is embedding a key _into_ the kernel."
GPLv3 says that if any GPLed software carries an embedded key, this key should me made available to the users, but it makes no demands on the first kind of key. Linus has said that he would never distribute his signing keys, but the GPLv3 does not require him to release them. The key he talks about only describe the trustworthiness of the kernel. It in no way affects the freedoms of copyleft. It's only the embedded keys, which can be used to nullify the freedoms offered by copyleft, that need to be released.
There, fixed it for you
Obama likes poor people so much, he wants to make more of them.
FSF has a thing against DRM. This article tries to explain why RMS isn't a DRM (Note that NewsForge is also owned by OSTG)
We'd better get the CIA and FBI involved, along with the RIAA, NTSB, MPAA, ABC, CBS, CNN, AOL, MSN, and NBC. Oh, and be sure to alert the EFF and NRA while you're at it. Note that I am not affiliated with the RNC or DNC, although I am a FOB.
One of them tries to control what you can do by enforcing a system of burdensome legal restrictions, and the other is a system for managing digital rights.
FYI, that article really ID's the SNAFUs with DRM and OSS as pertaining to the GPL. I was KO'd when I read it - IANAL, but I wonder if it's BS or OK. Maybe I'll keep it on the QT until I know. Gotta run - I need to have a BM so I can leave for my AA meeting ASAP.
It is pitch black. You are likely to be eaten by a grue.
Hardly. Slashdot features some of the most anti-GPL trolls around =- they can put the Microsoft Marketing department to shame on occasion.
*waves to the trolls* Hi! This is for you!
1) The GPL is only ever a problem for you if you want to distribute someone else's work that they already let you use for free.
2) See point 1.
Gift horse, mouth, examination via the anus... all those are things that spring to mind when I hear complaints about how restrictive the GPL is.
Suppose MS wanted to run Free Software on the next XBOX and didn't want people to mess around with it. They could have Intel modify a processor any number of ways (change the opcodes for a SIMPLE example) and provide a proprietary tool chain to compile the code. No DRM, yet the users have no way to modify and run the code on that hardware. Does GPL need to require a complete tool chain be provided when binaries are provided? It seems overkill, but custom (closed) hardware running free software defeats the GPL in the same way as DRM. I need to read the new draft, but I think it suggests the broader concept of denying freedom more than DRM in particular. Thoughts?
I hope that Tivo get's taken to court. It would be a triumph for open source efforts.
Worst Summary Ever
nothing
TFA gets it wrong. Richard Stallman is opposed to DRM; look at the 'Defective By Design' real-world protests of earlier this year. But that's not the point here.
Since the beginning the idea of free software (as rms sees it) is that if you use a program, you should have the freedom to modify it, among other freedoms. So if you have a Tivo, you should have the freedom to modify the software that runs on your Tivo. If Linux is GPLed, then it's clearly not allowed for the Tivo manufacturers to ship it with a label saying 'we forbid modifying the software'. It's also not allowed under the GPL for them to try blocking your freedom another way by withholding the source code. But under GPLv2 your freedom to change the program can still be taken away, by the manufacturer making the device only execute signed binaries (for which nobody but the manufacturer has the signing key). GPLv3 as proposed is about making sure your freedom to change the software running on your computer (or Tivo) isn't taken away like this.
Of course anyone can write GPLed software that has DRM restrictions. But if you use it, you should have the right to modify it, and remove the DRM if you don't want DRM on your computer. That is the important point.
Analogously: there is nothing in the GPL against charging a sum of money for the software. You can sell it for as much as you like. But if you do, the person who receives it still gets all the freedoms to use, share and change the program.
-- Ed Avis ed@membled.com
I hope that Tivo get's taken to court. It would be a triumph for open source efforts.
Er, TiVo's one of the good guys, they release their source in compliance with the GPL.
Bison (GNU's version of YACC) used to have the restriction that the output of Bison, since it was a large amount of code, was GPL. As a result, nobody used Bison except for GCC, because the liscence was untenible.
I fear that GPLv3, by trying to force RMS's notion of "Liberty" more strongly (anti-DRM provisions, anti-closed-hardware provisions) will be a repeat: GPLv3 based software will only be used by the real FSF zealots. Everyone else will avoid it.
Let us be thankful that Linus Torvald has more of a "tit for tat" notion rather than a liberty notion, and thus selected GPLv2 only.
Test your net with Netalyzr
"You may not impose any further restrictions on the recipients' exercise of the rights granted herein."
Doesn't this mean that - since GPL 3 is more restrictive - that already GPL'ed software cannot be distributed under GPL 3?
Don't know if you are just kidding (because this question has been answered many times). Basically, the output of GCC (the compiler) is not automatically GPL'ed and linking to glibc (the GNU C Library) and STL does not make your program GPL. If you use other GPL (not LGPL) libraries then you can't release your program under licenses other than the GPL. So, basically, linking to "system stuff" is ok, but if you have any doubt over a library you are using just check its license.
Yes, if the libraries are GPLed. If you mean glibc, that library is released under the LGPL, so no your program would not.
I still have more fans than freaks. WTF is wrong with you people?
So the FSF is GPLv3 and DRM with the RMS and what now? I'm in the military and therefore quite good at decoding stupid acronyms, but this is pushing it. . .
More correctly, he can't make it GPL3. It's already been released, and he can't add restrictions to it after the fact, I don't see how he could make it GPL3 any more than he could decide to close the source and charge 699 bucks per CPU to use it.
Unless he wanted to write a brand new kernel from scratch, which would be a kick-ass idea. I wouldn't miss linux' monolithic dinkerishisness.
I don't need no instructions to know how to rock!!!!
Complying with the letter of the license is not the same thing as complying with the spirit and intent of it. The GPL is designed to ensure that the user always has control over his hardware; since the TiVo won't run modified code, the user does not have this control. QED.
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
Now they're even using Root-Mean-Square against us? Is nothing sacred? Next they'll be taking away our sine waves!
Coder's Stone: The programming language quick ref for iPad
FSF: Free Software Foundation
DRM: Digital Rights Management
RMS: Richard M. Stallman (founder of the free software movement, the GNU Project, the Free Software Foundation, and the League for Programming Freedom).
OSTG: The Open Source Technology Group.
GPLv3: GNU Public License version 3.
As a Slashdot discussion grows longer, the probability of an analogy involving cars approaches one.
Let's just site down and admit it. Linus does not now, and probably never has, believed completely in the mission of the FSF or the freedoms given by the GPL.
He is a very smart guy, and knows that his argument doesn't hold water which is why he is declining to speak about it further. The truth is that Linus is buddying up with lots of companies, he's part of the corporate side of open source now not the community side. The relationship between money and open source has been great until now, when the needs of freedom are now coming in opposition to some of the buisness needs of open source money.
Linus didn't build the entire Linux kernel, a community did. If he is unwilling, or the companies supporting him are unwilling, to move the license forward in the interest and popular support of the linux community then we can branch the code now and start extending and reworking the linux kernel under the GPLv3. They know that, and they don't want to loose the communities support so they are trying to make it sound like the FSF is imposing their will on the community, rather than Linus and a hand full of companies imposing their will on the community that builds their product.
The provision in GPLv3 that Linus opposes refernces "Tivoization" in it's text, and if you look back Linus and others he's worked for and with have never viewed Tivo's products as a negative imposition on the rights of software and software developers.
I don't understand. One side says "DRM is EVIL! We hate the RIAA!" and "If you don't support GPLv3, MS will lock your machine out of Linux!" (which they could do anyone regardless of what the GPL says) This is absurd.
DRM can be used for good. Let's say you want to build an electronic voting machine properly. You use entirely GPL source code. All parts are off-the-shelf and well known. Everything is open to public review. However, when you actually go to send the machines out, you want to be damn sure those machines are running the same code you put on them at the factory. That means locked and tagged boxes, and that also means DRM. Under the GPLv3 draft, you'd have to publish the secret key to the world, making that security worthless.
Another case: Let's say I make a system that monitors building security. I want to be open about how it all works, so I use GPL'd hardware. However, even my customers want to make sure that the software isn't tampered with. That means DRM. Again, if I have to publish the secret key, someone could write a modified version, sign it with my key, and get it on the machine.
The GPLv3 draft makes it impossible to create tamper-resistant software. (Note, I didn't say tamper-proof, there would still be ways around it, but as part of a layered security, it is necessary.)
Of course, one could always make a fork of some particular project and allow GPLv2 only. Yet starting from this point it is impossible to reuse any GPLv3 code in it. Whole libraries might become not suitable for this GPLv2 fork, at least the new versions of these libraries. Maintaining such GPLv2 forks may become really difficult. Linux kernel is probably one of few projects which may stay with GPLv2 for a long time. Most small projects are likely to make a transition to GPLv3, either willingly or by using some GPLv3 code.
As long as they provide the source that they used before they signed, I think that's fair enough.
I'm with Linus, I don't think the license should be used as a "crowbar" into the hardware too. The GPL3 sounds like it places even MORE restrictions on what the user and/or developer and/or companies may do, not less... I'm against how they went about it too... it doesn't sound like the FSF even took anyone's opinions into account, RS and the rest just created an even more onerous license than the original. I don't see too many companies adopting it....
Take for instance, the following possible situation.... As a developer and small business man, this type of situation entirely possible, I've run up against this using GPL code. Company X developes a brand new, extra-cool heart monitor and defibulator widget based upon embedded linux. The product has been carefully tested at the factory, with good records kept, etc. The product uses a signed image to verify that it's the same image that went through tests and hasn't been modified. Product is FDA accepted and on the market, the company that developed the product feels fine taking the responsibility for the code. I know the license doesn't confer responsibility to the other developers, but the company has tested this particular image and they assume liability.
Now, some fool at the calibration outlet decides he's going to load some updated packages into the image, without telling anyone and without proper testing. He's creating a dangerous situation by running software that wasn't tested for it's particular use. According to the GPL3, he can resign the binaries and create a potentially injurious product, exposing company X to VERY SERIOUS liability that they had no part in.... Remember that company X did NOT want to release the signing keys, did NOT load the untested software on, but they will be held liable for any injury that results from it's being ABLE to be loaded. Company X here also may become the "deep pockets" defendant in this case, with the repair guy skating away....
No, this is totally wrong.... GPL3 should NOT be able to force this situation.
I don't like what TIVO is doing, and I sure don't like DRM, but I like what the FSF is doing even less. How about an open comment period. How about querying the free software developer as to what they want. I didn't receive any survey, I didn't find any place where I could provide feedback or vote either. They propose to speak for me, but I have not found any way to tell them what I want. People using stuff that I write will find the "either version 2, or (at your option)any later version" missing from any of my new works.
@*&% the GPL3!
They can't stop you legally from doing anything you want with the device (or let's assume that for now), but there's no reason for you to expect that it is capable of anything other than what the manufacturer intended. They are perfectly free to cripple their product for whatever reason they like, so long as it is sold as such.
- bad thing:
- Tivo sign their kernels using their secret key.
- Tivo's bootloader refuses to boot any kernel not signed by tivo
- good thing (prevents trojan LKMs):
- RH sign their LKMs using their secret key.
- A RH kernel binary refuses to load any LKM not signed by RH.
As far as i understood the discussion, GPLv3 thinks that (1.1) is the problem, so it demands publishing the secret key. But that's wrong and renders (2) useless.Instead, the problem is (1.2): i cannot append my own pubkey to the bootloaders list of approved binary signing keys, although i "own" that bootloader. Instead with (2.2), i can build and run my own kernel image embedding a different list of acceptable LKM signing keys.
So if one wants to prevent such a mess like tivo, (s)he should use a licence that demands that the software is not run on devices with a write protected TC pubkey list. I'd perfectly happy with TC if i could enter the fingerprints of valid TC-pubkeys into the BIOS.
Just my 2ct, m.