Should Developers Switch to GPLv3?

Isaac IANAL asks: "Victor Loh of ExtremeTech writes about the General Public License version 3's clause, which requires releasing digital signature keys — in other words, the software should be able to retain interoperability when modified. The article raises an objection, citing Linus Torvalds, that the so-called TiVoisation clause would inhibit open-source adoption in embedded devices among entities such as governments, health care providers, and finance firms. The issue has been discussed on Slashdot many times before. If you're a developer for a platform that needs to run signed code, could you use software under the GPLv3, or does the GPLv3 (at its current, unreleased state) truly inhibit your control as a developer over your device?"

Not yet

[BadAnalogyGuy]

Wait for the service pack.

What?

[also-rr]

If you are writing from scratch you lose no control as you can dual, triple or whatever license your own code as you see fit.

If I sit down and from scratch write a kernel I can release it under the GPL v2, v3, v8 and seventeen differrent closed licenses with no problems at all other than going mad from reading all of the legal junk that's required to define each one.

It would only impact on me if I decided to use someone else's work as the basis for mine, or as part of mine, and then I would either have to comply with their license or do the work myself. Doesn't seem that hard to me.

Re:What?

[metamatic]

When you buy a Tivo, you buy a TIVO, not a PC or experiment/development computer.

When you buy a PC, you buy a PC running Windows. Presumably you'd have no objection if all the PC manufacturers were required by Microsoft to implement code signing support so that unsigned Linux wouldn't run?

No, don't be *that guy*

[BadAnalogyGuy]

If you are really interested in building a community around your project, choose a license that not only lets people contribute back to you (meaning that it has to be open to them in the first place) but also allows them to leave any time without having to forfeit their work (meaning that you have a cooperative relationship, not a dom/sub relationship).

GPLv3 is the worst of the series, IMO. Where it fails is in its insistence that if you want to be part of the community that you basically have to turn over every single thing to the whole community before you get the blessing to participate. Got a patent? Sorry, bud, check that at the door. Want to run specialized programs that require secrecy of code? Not on this platform, man. Want to mingle your closed code with our open widget? Give up all your source first.

It's not inviting at all except to anyone who has more to gain than lose from such a relationship. So what you get is a bunch of people who are actually leeches creating programs that no one else outside the community can even look at for fear of contamination.

If you want to share, then share. If you want to profit off of others and view everyone that looks at your code without contribution as suspicious, choose the new GPL. (The Artistic License for example, before it became GPL-compatible, was actually very cool and was able to gain a very large and loyal following for the Perl language. People contributed out of a sense of community, not out of coercion or because they were collecting a paycheck to do it.)

Re:No, don't be *that guy*

[kamochan]

The parent got the gist of it.

I have participated in projects which involved patents and resulted in sellable products - and every single line of code (protocol stacks, device drivers, bug fixes etc) that was not crucial to the heart of the customized product were released as open source. It didn't make any sense not to. We always used BSD codebases, though, somewhat wary as to what mess GPLv2 might get us into. With GPLv3, GPL'd code would not even enter the consideration.

One must also remember that many FOSS authors automatically use GPL because it is "teh license", basically due to the publicity. Much in the same way people use GNU/Linux because it is "teh OS". This means that whatever becomes of the next GPL version, will be automatically used in many projects. Consequently GPLv3, as it now reads, would result in lessening participation and contributions from commercial organizations and many skilled individuals alike. I do not see it as a good thing for FOSS. IMHO, the Berkeley folks got it right ages ago.

Re:No, don't be *that guy*

[Mr2001]

GPLv3 is the worst of the series, IMO. Where it fails is in its insistence that if you want to be part of the community that you basically have to turn over every single thing to the whole community before you get the blessing to participate.

Wow, I don't see it that way at all. Yes, you have to turn over enough that the community can actually use the code you're giving back to them, and that seems perfectly reasonable to me. To give back modifications that are useless to the community because of patents or hardware DRM is to spit in the face of what the GPL is all about.

Re:No, don't be *that guy*

[ClamIAm]

The first thing I noticed when reading your post is that I don't think you understand the goal of the GNU project and the FSF. Their goal is to promote Free Software:

Free software is a matter of the users' freedom to run, copy, distribute, study, change and improve the software. More precisely, it refers to four kinds of freedom, for the users of the software:

• The freedom to run the program, for any purpose (freedom 0).
• 
   
• The freedom to study how the program works, and adapt it to your needs (freedom 1). Access to the source code is a precondition for this.
• 
   
• The freedom to redistribute copies so you can help your neighbor (freedom 2).
• 
   
• The freedom to improve the program, and release your improvements to the public, so that the whole community benefits (freedom 3). Access to the source code is a precondition for this.

Keeping these points in mind, let's look at your examples:

If you are really interested in building a community, choose a license that ... also allows them to leave any time without having to forfeit their work

So if I decide to stop contributing to your GPL3 project, I have to surrender my copyright to the code I've contributed? That's news to me.

[GPL3 forces you] to turn over every single thing to the whole community before you get the blessing to participate.

This is not true. First, no one is forcing you to use this license. You make it out to sound like the FSF will shun you unless you use only this specific license, which is not true. Second, GPL3 does not force you to give up everything. You still hold the copyright to code your wrote, so you can also release it under other licenses. If you release a trademarked program, you can specify how you wish for the mark to be used.

Got a patent? Sorry, bud, check that at the door.

See freedoms 2 and 3.

Want to run specialized programs that require secrecy of code? Not on this platform, man. Want to mingle your closed code with our open widget? Give up all your source first.

You do not state the technical manner in which the "secrecy" and "mingling" is happening. Depending on this, these could very well be prohibited by the GPL2, completely invalidating them as fodder for your diatribe.

So what you get is a bunch of people who are actually leeches

This is pretty hilarious. How does the new GPL allow people to "leech" anything? No one is being forced to use this license. I'm guessing you're talking about those evil guys who will no doubt incorporate BSD code into their GPL3 programs. Yeah, those guys are totally violating the spirit of that license. Oh wait.

no one else outside the community can even look at for fear of contamination.

This is no different from looking at code that implements a software patent, or signing an NDA to look at proprietary code.

If you want to profit off of others and view everyone that looks at your code without contribution as suspicious, choose the new GPL.

If by "profit" you mean "allow everyone the freedom to use, study, modify, and distribute my code while preventing others from taking away these freedoms", then I agree with you. That's a pretty good profit derived from using this license.

Also, I fail to see how choosing the GPL3 would force me to view those who study my code as "suspicious".

In all, I fail to see how any of your points are really valid. You fail to actually define what you mean by key words in your argument. Of course, this allows you to shield yourself from having to debate any real issues, such as the meaning of "freedom", "rights", or "responsibilities". So perhaps this was intentional.

Re:No, don't be *that guy*

[stinerman]

GPL is becoming more and more liberal that it is too restrictive and you will be better off with closed source software because you have more freedom.

That is the stupidest thing I've ever heard on slashdot. And that is saying a lot.

Re:should they?

[BadAnalogyGuy]

The GFDL is what you are looking for.

http://www.gnu.org/copyleft/fdl.html

Some people think it is antithetical to the purported aims of the GPL and the FSF.

Re:should they?

[Falkkin]

Many of the Creative Commons licenses are more useful for non-software creative works. They have a wide variety of licenses, including "share-alike" (similar to the GPL), "attribution required" (similar to BSD), and so on. The GFDL is also meant for "documentation", but I personally don't like it (the bit about "invariant sections" is very crufty.)

See www.creativecommons.org for more info.

what's wrong with v3?

[arun_s]

Okay, I may be a little tipsy, and legal loopholes may not be my strong point, but what exactly is wrong with v3? As I understand it, one of its main purposes is to prevent cases like Tivo from happening again, where the source is officially released (therefore GPL-compliant), but modified builds won't work anyway (not covered in GPLv2, therefore legally correct, but still against the actual spirit of the GPL)
Isn't it expected that licenses will evolve as technmology changes, and as loopholes are exploited? If v3 isn't adopted, what's to prevent everyone from locking down their software through keys?
Please clarify if I've misunderstood something, I greatly respect RMS and really can't see what he's doing wrong here. As I see it, without v3, the GPL will just end up just being a license where people can use the community's hard work and avoid giving something back in return.

Re:what's wrong with v3?

[ClamIAm]

The reason the GPL3 gets picked on so much is that most people forget that the GPL is only a means to an end. It is the legal agreement that the FSF believes will promote the ideals of Free Software. All versions of the GPL have had requirements in them, and this one is no different.

In essence, people are confusing the algorithm (Free Software) with the implementation (the specific license or version thereof). The fact that the most visible people whining about it are programmers is truly some incredible irony.

Stop spreading confusion!

[Cyclops]

You're getting it all wrong starting with the post content!

Victor Loh of ExtremeTech writes about the General Public License version 3's clause, which requires releasing digital signature keys -- in other words, the software should be able to retain interoperability when modified.

The enhanced part is a plain lie. The article of ExtremeTech doesn't even say that!.

Spreading it is (either by ignorance or by malice) helping bad companies, like TiVo for instance.. Please read on the following to understand WHAT the GPL v3 draft says.

The draft version of the GPLv3 says that IF AND ONLY IF the software you want to run, needs some special digital signature, then and only then must the digital signatures acompany the source code.

1. Source Code.

(...)

The Corresponding Source also includes any encryption or authorization keys necessary to install and/or execute modified versions from source code in the recommended or principal context of use, such that they can implement all the same functionality in the same range of circumstances.

(...)

3. No Denying Users' Rights through Technical Measures.

Regardless of any other provision of this License, no permission is given for modes of conveying that deny users that run covered works the full exercise of the legal rights granted by this License.

No covered work constitutes part of an effective technological "protection" measure under section 1201 of Title 17 of the United States Code. When you convey a covered work, you waive any legal power to forbid circumvention of technical measures that include use of the covered work, and you disclaim any intention to limit operation or modification of the work as a means of enforcing the legal rights of third parties against the work's users.

(...)

So, what does all this blurb mean? Is Linus so obtuse he can't read english? No. So...?

I could understand it if he said that he felt he couldn't ignore the contributions of some hardware manufacturers, but what does he say? He says that GPLv3 "sucks" because it prevents legitimate businesses like those of TiVo. That if users don't like that hardware, they can use other hardware.

As usual, untrue pragmatism. The pragmatist doesn't idealize about perfect future conditions that may or may not happen. The true pragmatist solves the problem in a practical and definitive form: preventing the harm from happening.

Re:Stop spreading confusion!

[Sloppy]

but what he is effectively saying is that the legal requirements of the GPL v3 are in direct conflict with American law.

No. You have misinterpreted.

Section 1201 of Title 17 (a.k.a. DMCA) defines circumvention as bypassing controls without authorization, and that authorization isn't something that comes from the law or the government -- it comes from the copyright holder. What the GPL is really doing here, is saying that the GPLed works' copyright holder grants authorization. If you withhold authorization (thereby triggering the malignancy of DMCA) then you have violated the license.

A lot of people seem to think that DMCA prohibits descrambling, but it really just prohibits descrambling without permission. If I hold the copyright on a CSS-protected movie and sell it to you, and I say "You may crack the CSS on this movie" then you legally may crack the CSS on that movie; you will not be violating Article 17 Section 1201. Now imagine if I had some little piece of a movie, such that lots of people wanted to make derived works of my movie fragment, and I licensed it under the condition "you, the licensee, may not forbid circumvention of CSS on your derived work." Then anyone who used my movie fragment, would have to allow CSS to be cracked on their movie. That's essentially what GPL3 is doing here.

It's not "locking horns" with the legal system; it's playing within the rules. And one of the rules is that the copyright holder may grant authorization to bypass.

Re:Stop spreading confusion!

[Sloppy]

He says that GPLv3 "sucks" because it prevents legitimate businesses like those of TiVo. That if users don't like that hardware, they can use other hardware.

What's sad is that Linus sees what Tivo has done as "legitimate." Go back a few decades, Linus. When RMS couldn't maintain his laser printer driver, RMS could have just used other hardware. Obviously, RMS didn't like that idea. He didn't like it so much, that the GPL was invented practically as a response to that incident. GPL exists because "just use other hardware" was judged to be totally impractical. If Linus didn't agree with the premise of the GPL, then he should have used some other license (and let his project die in obscurity in 1992).

read these first, they're a good base

[H4x0r+Jim+Duggan]

For explanations of the changes in GPLv3, I highly recommend reading (or skimming) the transcripts of the GPLv3 conferences. Each transcript includes the subsequent Q&A session, and each begins with a list of links to the topics covered and the questions asked.

The freshest transcript is RMS in Bangalore in August. Here are the others:

• Transcript of Richard Stallman's talk from the 3rd international GPLv3 conference, Barcelona, June 22nd 2006
• Transcript of Eben Moglen's talk from the 3rd international GPLv3 conference, Barcelona, June 22nd 2006
• Transcript of Richard Stallman's talk from the 2nd international GPLv3 conference, April 21st 2006
• Transcript of Richard Stallman's GPLv3 presentation and Q and A from Torino, Italy, March 18th 2006
• Transcript of Richard Stallman's GPLv3 talk from FOSDEM, February 25th 2006
• Transcript of Eben Moglen's presentation at the first international GPLv3 conference, January 16th 2006

Many also include links to audio and/or video recordings, and there's more general information about the timeline and how to participate on FSFE's GPLv3 page.

Also, if you want to help raise the quality of discussion, a useful and really easy thing to do is to pass these links on to others.

sheesh!

[Xtifr]

> If you're a developer for a platform that needs to run signed code, could you use software under the GPLv3

Yes!

> or does the GPLv3 (at its current, unreleased state) truly inhibit your control as a developer over your device?"

No! Any more questions? :)

(Ok, if you want to get picky: it doesn't inhibit your control over "your" device, but it may inhibit your ability to inhibit others. You know--the people who actually OWN "your" device! But that's the whole point!)

This whole "requires releasing digital keys" nonsense has to go! Whoever invented that meme should be shot. And I don't care how many of you like his fucking kernel! :) Me--I consider myself a pragmatist too. I've used the BSD license, GPL, Apache, and many more, not to mention semi-free and proprietary licenses. I base my decisions on what I think is appropriate for the project I'm working on. Not on what a bunch of fanatics tell me. But the GPLv3 seems perfectly in line with the GPLv2 to me. It closes a couple of obvious loopholes, and little more. When I get some code released under the GPL, I expect to be able to fix it. TiVo showed us all that that wasn't necessarily true. If it were my code they were using, I'd be pissed as hell!

Everyone's talking like this is going to have huge effects. The fact is that there is really, so far, only one company that would have been affected, and they won't be affected because the Linux kernel devs long ago decided to stick with v2. And now the devs want to justify that decision by pointing out all the supposed flaws with v3. I'm not impressed with their reasoning.

People talk about voting machines. The solution there is easy. The software needs to provide a signature of the results AND the software together. Then you can easily detect tampering while still providing all the freedom necessary to fix problems.

Going with GPLv2-only is the WORST possible solution, as far as I can tell. That will guarantee license-incompatibility in the future. Frankly, I see nothing in the GPLv3 draft that would justify the kind of headaches that going to GPLv2-only would cause. In fact, I see nothing in the GPLv3 worth bitching about. Yes, it's new, yes, there's some controversy, but my god, I was there when the original GPL was released, and this controversy ain't nothin' compared to the shitstorm of controversy back then! Well, Stallman turned out to be basically right about the GPL in the first place, and, by comparison, I see nothing but tiny, incremental improvements this time around.

The GPLv3 will be happening, and I, and probably tens of thousands of others, will be using it. Get used to it!

By the end of the next decade, I predict that people choosing GPLv2-only licenses will be being cursed as roundly and solidly as those who chose non-dual-licensed MPL or Artistic are today.

Re:sheesh!

[petrus4]

>The GPLv3 will be happening, and I, and probably tens of thousands of others, will
  >be using it. Get used to it!

Yes...because as we all know, more than anything else the definition of freedom is having other people decide what happens without being able to do a thing about it ourselves.

Another wonderful example of one of RMS's fans demonstrating to us just how glorious Stallman's vision of freedom truly could be. Still think it looks appealing? ;-)

Code signing: WHO has the key?

[Sloppy]

From article:

Governments, health care providers, and finance firms require private, tamper-proof solutions.

Governments, healthcare providers, and finance firms don't need to be able to make sure their software can be maintained? They want to be locked into a single source?

This is such a bullshit argument. Nothing about GPL3 prevents you from making your own machine tamper-proof. What they're really talking about, is distributing widgets to other people such that the other people cannot maintain or "tamper with" the widget. Governments, healthcare providers, and finance firms do not need that. Only media companies [think they] need that.

From submitter:

If you're a developer for a platform that needs to run signed code..

Before you finish that question, let's get something straight. When that platform is deployed, the end user will have the ability to install or choose what key(s) (perhaps even the end user's own key) the platform will accept, right? If so, then I really don't think you're going to have a problem with GPL3.

If the end user will not be able to sign code themselves, then fuck off. You sure as hell aren't talking about using DRM as a security feature, because users are the party who are ultimately responsible for their own security. Nobody cares if your project is GPL3 compatable or not, and nobody cares if your project uses Linux, because Linux is almost useless, like any other OS, if users cannot get maintenance whenever they want it. If your project can't get bugs fixed or features added (including features that you, the developer, think are bad ideas) then your project might as well run MS Windows. Maybe Torvalds doesn't care about users anymore, but Linux didn't get all the other developers working on it (including the ones who wrote those free drivers that you salivate over) by fucking the users over. Linux attracted people and became a successful project by not being user-hostile.

The licence doesn't say that

[H4x0r+Jim+Duggan]

What part of the GPLv3 discussion draft 2 puts the restrictions on the end-user that you claim?

GPLv3 only puts restrictions on redistribution, not on use. (Just like v2.)

Entirely missing the point of the GPL

[ChaosDiscord]

does the GPLv3 ... truly inhibit your control as a developer over your device?

"Your" device? Once you've sold it to a customer, it's ceased to be "your" device. If a customer buys a device that runs GPLed software, they have the freedom to replace that software as they see fit. That's entire purpose of the GPL: to grant end users freedom. Complaining that the GPLv3 inhibits a developer's control over their device is like complaining that GPLv2 inhibits a developer's control over their software. Congratulations on identifying the core purpose of the GPL.

Next week on Ask Slashdot: "Can you use the Bill of Rights in your dictatorship, or does the it truly inhibit your control as a dictator over your citizens?"

Re:Not yet -- "GPLv3" Should Become "SGPL"?

Your joke accidentally inspired a serious thought:

This shouldn't be named "GPLv3" when done and finalized. If they do that, there will be a big clusterfuck of confusion and uncertainty, coming from "GPL" softwares with crucially differing GPL versions -- v2 vs. v3 -- and this will harm business adoption of open-source software. Not completely clueful managers and officers get confused, they lose face, so they go elsewhere. (That is, stay with closed-source.)

"GPLv3" should be named "Stricter GPL -- SGPL" (or something like that), and "GPLv2" should be kept just "GPL" -- the familiar and famous thing that nobody has a problem with.

And anybody responding that we FSF hippies don't give a damn what the corporate world wants or needs... I understand the sentiment ("we do tools for ourselves and that's all"), but it would be good to have FOSS spread further, and in the biz domain any such ambiquity or other "perception problem" can be a bigger problem than anything related to quality or technology. Make the GPLv3 into what you want, but make it clearly separate from the current well-established GPL.

Re:No.

[petrus4]

The freedom you're talking about is total freedom - which leads to fuedalism, which is not very free at all in practice.

This is total garbage, and can very easily be shown to be total garbage merely by pointing to those projects which *do* use MIT/BSD licenses and which work fine organisationally. Yes, forks happen, but forks happen with GPLed code too.

I've said this to a lot of the pro-FSF lemmings that I've seen on this site, and I'm going to say it to you too...Try using your own brain for a change, rather than constantly leaning on Stallman's. You might even find that you enjoy the experience.

Re:How I really feel

[MostAwesomeDude]

Okay, no.

First off, Linux is only a kernel. Did you somehow forget what else comes with a GNU/Linux distribution? The shells? The binary utilities? The network managers?

Last time I checked, Linux was best built with a GCC toolchain. That's right, a GNU C compiler is used to build Linux. Oh, and you should be using GNU make to configure it.

The FSF and its GNU project provide support utilities for virtually every Linux distro out there right now. Sadly, most of them, excepting Debian and its derivatives, have thrown away their acknoledgement of GNU and its importance in making Linux work. That is exactly how you talk -- as if GNU has done nothing for Linux.

What I hear from you is nothing more than fanboy's prattle. You honestly believe that Linux owes nothing to the FSF? NOTHING?

Without GNU, I would not have the following utilities:

• aspell
• autoconf
• automake
• bash
• bison
• denemo
• diff
• gparted
• gpg
• grep
• grub
• gzip
• less
• libtool
• lilypond
• m4
• make
• nano
• screen
• sed
• tar
• wget

...as well as the entire GNU compiler collection, assembler/linker suite and command-line utilities, and readline library. Oh, and GNOME. Oh, and the C/C++ standard library for Linux.

Still feel that Linux doesn't need the GNU project or the FSF? Well, fine. Just don't call me an "uncompromising, radical, neo-Bolshevik extremist" anymore.

Re:Depends on your needs?

[bluefoxlucid]

Oh yes it does.

Re:I've read the new draft many times thanks

[cpt+kangarooski]

I don't think that your analysis is correct here. The GPL is still relying purely on copyright law; it only applies if you engage in activity otherwise prohibited by copyright law (e.g. copying, distribution, preparing derivatives, etc.). The difference is that rather than limit what it requires in compensation for the copyright license it grants to the copyright field, it's now asking for more. What it asks for doesn't really weaken it. Lots of copyright licenses are made in exchange for money, which is also outside the ambit of copyright.

I don't think that it's getting into EULA territory, really, as the GPL still would not apply to end users. It only applies to people who want to engage in covered activity. Mere use isn't one of those.

And also, EULAs continue to grow in strength, though the main issue there has to do with how they're formed, not what they deal with. No one would have any argument at all against a EULA that was presented and agreed upon in a different fashion. In regard to formation, the GPL is on the same ground it always was.

Re:You've just described GPLv2

[tricorn]

The philosophy is the same. The primary motivating goal behind the GPL has always been to enable the end user the freedom to modify the software that they receive, in whatever fashion, and be able to share the software they're using (modified or not) with others. Patents inhibit that freedom. The restrictions on someone who uses patents as a weapon against Free Software are ONLY to the acts of modifying and distributing it, which is completely within copyright law.

The question is FUD

[darkonc]

The GPL3 does not, as I understand it require that you release your personal (or company) private key.

It simply requires that you provide the user with the ability to use/create a functional key which provides identical functionality.

That way you can't end up with a situation where, say, Microsoft, uses their market clout to make hardware manufacturers release 'secure' boxes which only boot from Microsoft keys, and then they release a Linux kernel signed by Microsoft.... Now you have the source code to the Microsoft Linux kernel, but no 'comodity' box that will boot your recompiled kernel because they all require Microsoft's key.

Now, Microsoft (and Linus) can keep their private key private -- they just have to provide you with a key (any key) that will boot your box ... and They just can't punish you for using your own kernel (as long as it provides identical functionality).