Taking a Stand Against Unofficial Ubuntu Images

Canonical isn't pleased with cloud providers who are publishing broken, insecure images of Ubuntu despite being notified several times. In a blogpost, Mark Shuttleworth, the founder of Ubuntu, and the Executive Chairman and VP, Product Strategy at Canonical, made the situation public for all to see. An excerpt from the blog post: We are currently in dispute with a European cloud provider which has breached its contract and is publishing insecure, broken images of Ubuntu despite many months of coaxing to do it properly. The home-grown images on the cloud, VPS and bare metal services of this provider disable fundamental security mechanisms and modify the system in ways that are unsupportable. They are likely to behave unpredictably on update in weirdly creative and mysterious ways (the internet is full of fun examples). We hear about these issues all the time, because users assume there is a problem with Ubuntu on that cloud; users expect that 'all things that claim to be Ubuntu are genuine', and they have a right to expect that. We have spent many months of back and forth in which we unsuccessfully tried to establish the same operational framework on this cloud that already exists on tens of clouds around the world. We have on multiple occasions been promised it will be rectified to no avail. We are now ready to take legal steps to remove these images. We will seek to avoid affecting existing running users, but we must act to prevent future users from being misled. We do not make this move lightly, but have come to the view that the value of Ubuntu to its users rests on these commitments to security, quality and updates.

It's OVH

They have their own kernel and how deb source

Re:It's OVH

[guruevi]

Not just OVH, any second rate hosting company does it. DreamHost does as well, 1and1. They're a pain in the neck to work with because any update breaks everything and you're stuck with old versions of Apache, nginx and PHP because of it. Sure it helps them because they can deduplicate the shit out of the memory and storage but it's broken.

If you're paying less than $20/mo for a VPS, you're shafted.

Re:It's OVH

[whoever57]

If you're paying less than $20/mo for a VPS, you're shafted.

I have a VPS that costs me $12/month. It's a full KVM VPS. No hosting mods whatsoever. I control the kernel and all the packages on it.

Re:It's OVH

No, there are still some quality providers, well at least one for less than $20/mo. Linode has a $10/mo plan and Linode ain't like those shitty ass "hosts".

Re:It's OVH

I have a VM with 1and1. I run pure Debian, not Ubuntu, but the sources list is pointed at a standard Debian mirror and I update daily with no problems at all.

Re:It's OVH

[Guybrush_T]

I'm surprised to read that. Are you sure it is OVH ? I would expect many providers to suck at understanding such problems, but OVH tends to be on the very competent side, so if that is true, I would wait for OVH version of the problem before drawing a conclusion on who's wrong.

Re:It's OVH

[Guybrush_T]

Online provides baremetal servers (though not very powerful) for 9€ per month (Dedibox SC).

Re:It's OVH

[petermgreen]

It's not just VPSs. A project I cofounded used a dedicated server running Debian from dreamhost (chosen because it was cheap and came with unlimited bandwidth). In setting the server up we removed apache and installed nginx.

Doing so broke the boot process!

IIRC Dreamhost support managed to find a way to manually boot the box but couldn't help with actually fixing it and then we found a way to hack up their scripts so it would boot by itself again.

Re:It's OVH

Yea, 20$/month is too much unless you need the extra CPU/RAM.

I have a KVM VPS for 5€/month. Perfect for a mail server, teamspeak or a small website. I could install my own OS image if needed but so far I had no issues with the default.

My previous VPS was OpenVZ and performance was often spikey and upgrades were a pain, if possible at all. IMHO KVM over OpenVZ is more important than price.

Re: It's OVH

[slazzy]

Just best to use them as a container and launch your own distro from official sources.

Re:It's OVH

Vultr offers $5/month VPS instances and they let you load your own image so you can use the official Ubuntu media if you want.

Re:It's OVH

[ncc74656]

If you're paying less than $20/mo for a VPS, you're shafted.

I'm paying less than $20 per quarter (actual rate is €15.12 IIRC) for Gentoo running on Xen. emerge -auND --with-bdeps=y --backtrack=100 @world works the same on it as it does on my desktop at home.

Re:It's OVH

[lgw]

Not just OVH, any second rate hosting company does it. DreamHost does as well, 1and1. They're a pain in the neck to work with because any update breaks everything and you're stuck with old versions of Apache, nginx and PHP because of it. Sure it helps them because they can deduplicate the shit out of the memory and storage but it's broken.

If you're paying less than $20/mo for a VPS, you're shafted.

For that price range, you can just get a small AWS server and not have these problems (especially if you can pay for 3 years up front).

Re:It's OVH

[0100010001010011]

My $5/mo VPS gives me FreeBSD and a plethora of other options.

Re:It's OVH

[fnj]

All right, I'll bite. Where can I get FreeBSD for $5/mo? I used to use BSDVM, but they went under. The others I found were pretty much all grossly overpriced or unacceptably broken in some way.

Re:It's OVH

[0100010001010011]

https://www.digitalocean.com/p...

Re:It's OVH

[CrashNBrn]

Yep. We are in the process of moving all our servers to DO.

Re:It's OVH

[guruevi]

How many other people are on those servers. I've tried plenty of instances but once you start using your actually assigned quota's (1 CPU and 512MB RAM) you will notice an intense slowdown. Or you're sitting on a server with some other people that are heavy users, same problem.

I've tried a bunch of them, for home/dev use, perhaps, but for real work, not suitable. And whenever you ask how many other customers they have, they either don't tell or it's astronomically high.

DigitalOcean: doesn't tell anything about their infrastructure and if you use too much resources they cut you off with a "TOS violation". From what I can measure, I estimate 50-100 hosts per 'real' server but don't use more than 20% of your CPU for a period of time because you'll be out.
DreamHost: the oversell must be close to 200 hosts per server. Continuously 100-200ms ping rates, their 'shared MySQL' would take 500ms to even complete a simple query. The host got cut off several times per month for various technical reasons.
1and1: Another over-seller, absolutely awful support, after a while they just tried to up-sell me packages that would have no impact on the performance - I'm not running out of storage dimwits.

Re:It's OVH

I pay $2.40 a month, and love my host. CentOS6, no systemd fail, super fast, super available.

You sound privileged.

Re:It's OVH

[whoever57]

I would not expect a lot of real CPU for $12/month. It works for me (small mail/web server, VPN endpoint, etc.).

If I were relying on a machine for work, it would probably be better to pay for a dedicated machine, or to install my own hardware in a datacenter.

The problems I have seen have been the time when they started shutting down the infrastructure and one class of VMs. I only found out because I noted that the RDNS wasn't working. They claimed that they had sent me an email telling me that I needed to migrate to a new VM, but they had not sent emails to me about this.

Re:It's OVH

[kriston]

Run away from DreamHost. They're cheap but you get what you pay for, though 1and1 is now price competitive with far higher performance from my benchmarks.

But DreamHost is actually shutting down and scrapping their East-1 cloud environment in January. Data will be lost permanently in less than a month. But that's okay because they told us months ago and are giving away the service for no charge before it gets torn down. But is it?

Okay, so move to next-gen East-2 with their "SSD" storage, but then find out storage is not any faster than their "magnetic" storage on East-1.

DreamHost has become very disappointing recently. I used 1and1 and DigitalOcean and get 10x the storage speed than I do with DreamHost at the very same cost.

Re:It's OVH

[kriston]

Oof, be prepared to not like the slow storage. It may be SSD, but it benchmarks marginally better than magnetic.

Maybe they should buy some 10g switches and set up a Fibre Channel fabric. Their competitors at $5/month have 10-20x faster storage speed.

Re: It's OVH

[joao.cordeiro]

How hard is it to boot a minimal install iso on grub using ramdisk... I got my vps on ovh but i installed my ubuntu.

What contract?

Why is redistribution of GPL code governed by contracts when the GPL is CRYSTAL CLEAR about redistribution rights?

Re:What contract?

[Calydor]

Most likely it's more an issue of using the name Ubuntu.

Re: What contract?

Contract would be for use of the name. The cloud providers could just simply call it a Linux image and conical would no longer have a claim

Re:What contract?

they want to stop people from exercising their right to change the open source code and they should have chosen a different license if that's the case.

Re:What contract?

Such is the life of those that mix companies and open source.

Re:What contract?

[Nutria]

It's the name that's the problem, not that they're distributing source code.

Re:What contract?

The name and logo of the distro aren't GPL. Anyone is free to create their own Ubuntu derivative, but they can't call it Ubuntu without approval.

Re:What contract?

They don't distribute source code, only the images. The problem is not the name, but the name is the only legal handle Ubuntu has.

Re:What contract?

Mr Shuttleworth has his point here, and its a 3 pointed star.

1. As a user, customer, or person who might suffer from data breach, loss or other care - you don't want this kind of thing.
2. As Ubuntu - you work hard to do what you do, people taking the piss in the end need to be told.
3. Even the cloud provider needs to comprehend this isn't something positive for them, or their customers, users etc.

Its also something that was obvious. The cloud has the same issues as on premise unless handled with AAA care, only with way bigger impact if its cloud provisioned, public and in numbers. Poor management or admin create bad platforms that affect everyone. Such 'cowboys' affect everyone - not just themselves.

Re:What contract?

What if they removed all of the Ubuntu names on the exterior, the webpage, the file name, etc? Ubuntu still has their name all over the interior, no? If I open up system preferences, it tells me that I'm running Ubuntu. Is that name in the system information part of the code or a trademark?

Re:What contract?

And there it is. I came here to see some idiot claiming the GPL has anything to do with this.

Despite its ability to be abused, this is a textbook case of Trademark law being used correctly. Someone is misrepresenting a product that is not Ubuntu as Ubuntu and selling it. The entity that trades under the "mark" Ubuntu can force them to stop, thus protecting the consumer from fraud.

Re:What contract?

[EmeraldBot]

Such is the life of those that mix companies and open source.

No, not really. Microsoft open sourced many of their components in the .Net framework, but if I take an old version, apply 1000+ custom patches that break everything, and then try to call it "Microsoft .Net", they would be pissed - and they'd have every right to be. They may give away the code, but that does not mean they're giving away their reputation, and if this company doesn't bother to even attempt to address complaints, then they need to find a new name for it. I personally think companies are draconian over the abstractedness of copyright and imagined profit losses, but even I think Canonical has a legitimate case here.

Re:What contract?

Mr Shuttleworth has his point here, and its a 3 pointed star.

Triangle?

Re:What contract?

Change it all you want, just put your name on it. Don't need to tarnish reputation of Canonical with your broken builds. Trademark rules still apply.

Re:What contract?

I've got a 20 year old Ford car, should I rename it?

Re:What contract?

[Wootery]

It's not a copyright issue, it's a trademark issue. You're not allowed to break Ubuntu and still call it Ubuntu.

See also the Debian/Mozilla trademark silliness.

Re:What contract?

Bullshit.

USING Ubuntu is not breaking it. They are using it in their ecosystem. It's an operating system, not a operating SERVICE. They can do what they want to modify the system, thats the whole point.

Re:What contract?

[Immerman]

If you've heavily modified it, replaced key functional systems with custom-made versions, and looking to sell it in quantities? You bet your ass you should, otherwise Ford will string you up to dry for trademark infringement, and be right to do so.

Re: What contract?

No, but we understand why you posted as AC.

Re:What contract?

[Qzukk]

not a operating SERVICE

Uh, no, as a virtual machine reseller they are selling a broken copy of Ubuntu as a service. Canonical is within their rights to ask them to stop using their software's name (say, to OVH Linux) if they aren't going to fix the issue.

For a car analogy: If an independent Ford dealership started filling up their cars' gas tanks with sugar you better believe Ford will come in and put a stop to that real fast.

Re:What contract?

[Immerman]

*Any* use of the name is likely to be a trademark infringement. That's why projects like CentOS, that repackage Red Hat, have their work cut out for them. To be fully in compliance, you have to remove *every* reference to the original name, *every* proprietary icon, etc.

Re:What contract?

[Aaron+B+Lingwood]

What if they removed all of the Ubuntu names on the exterior, the webpage, the file name, etc? Ubuntu still has their name all over the interior, no?

/etc/lsb_release

Re:What contract?

[sinij]

Actually, this not how it works in the automotive world. Car registration is tied to VIN number and I can replace every single component in the car, save unibody (or frame+shell) and still call it Ford. I actually can turn this into business venture, called performance tuning or customization, and sell these modified cars as Fords to other people.

Re:What contract?

[Aaron+B+Lingwood]

They can modify it all they want but it is no longer Ubuntu. It has a different kernel, different drivers, and handles virtualisation very differently.

If a user had scripts running on Ubuntu and then migrated over to the new service provider, those scripts would likely stop working. These companies are using the Ubuntu name because the experience will be similar, however, there will be confusion where the user expects the experience to be identical.

Better would be to call it "Based on Ubuntu" or "Ubuntu-esque" or "VPSbuntu".

Re:What contract?

No, you'd be wrong about that. State vehicle registration law does not override federal trademark law. As soon as you are damaging the value of their mark, you're history.

Re:What contract?

[DickBreath]

The GPL cannot give me permission to use the Ubuntu trademark.

Canonical may be willing to enter an agreement to allow use of the Ubuntu trademark, but only under certain conditions. After all, my modifications may reflect poorly on their valuable name.

Re:What contract?

[Waffle+Iron]

I've got a 20 year old Ford car, should I rename it?

Not necessary, because it's the same physical car.

Redistributing OS images is more like manufacturing new cars. You can't build replicas of your car and offer them for sale as genuine"Fords".

Re:What contract?

[DickBreath]

You could probably sell them as modified Fords. As long as the customer understood what he was getting.

If a customer had a problem with a Ford that turned out to be a modified Ford and the modifications were the problem (or even if they weren't) then Ford would likely take action. They rightly don't want their valuable brand name tarnished by someone's modifications.

Re:What contract?

[DickBreath]

The evil Coca Cola company wants to stop me from adding drain opener to their product and then calling it "Coke".

Re:What contract?

[DickBreath]

According to TFA, they are distributing MODIFIED images. So it's not genuine Ubuntu.

It is the name.

Coca Cola would not like me to add drain opener to their product, call it "Coke" and distribute it.

Re:What contract?

[mpoulton]

No, you'd be wrong about that. State vehicle registration law does not override federal trademark law. As soon as you are damaging the value of their mark, you're history.

Not exactly. Factual use of a trademark by a third party is not infringement. As long as what you are selling is an actual Ford product, you are free to call it a Ford without Ford's permission, and they cannot stop you. If your company customizes or modifies a product and resells it, you can call it what it is by using the original manufacturer's name and product name. You cannot imply that you are that original company though. See, for example, Lingenfelter's marketing of Chevrolet-compatible parts and customization of Chevrolet vehicles. Similarly, you can use a third party's trademark to factually identify what your product works with. For example, an independent company that makes iPhone cases can call them iPhone cases and identify which models they work with. They cannot label their own product an iPhone though, or imply that it is made by Apple.

Re:What contract?

[sexconker]

You're the one who's wrong.
If you modify a <MAKE> vehicle, even extensively, you absolutely can sell it as a modified <MAKE> because that's what it is.

I an buy a McDonald's Big Mac, take a shit in it, and sell it as a McDonald's Bic Mac, with Shit. At worst I'd need to declare that I'm not McDonald's and McDonald's owns "McDonald's" (even though they stole it from some dude) and "Big Mac".

Re:What contract?

"Most likely it's more an issue of using the name Ubuntu."
And you base this on what?

There are a lot companies running Ubuntu with no problems.

Re: What contract?

Not necessarily. For example, the Mercedes-Benz logo.

Re:What contract?

[sinij]

Have you ever seen lowered Honda Civic with oversized muffler, drop-in blidning HIDs, base-only stereo, and a painted plywood spoiler? As much as I would like to call that illegal, you still can and do see them being sold as Civics.

Re:What contract?

[DickBreath]

I think when somebody buys it, they understand that this has been modified. They don't think they're getting an unmodified Ubuntu.

Re: What contract?

[DickBreath]

Why do you believe that would be?

Re: What contract?

Trademark laws. Obviously if you use Ubuntu in an approved fashion then Canonical won't come after you, otherwise they wouldn't be in business.

Re: What contract?

Ironically, Coke is a fairly decent drain opener by itself.

Re:What contract?

This is actually bullshit.

Re:What contract?

Replying to myself, to reply to those who replied to me in bulk:

I think you are not looking carefully at the scenario I replied to.

He says: 1) He can replace every single component in a vehicle, saving only the frame+shell, and still call it a Ford.

Please note his wording: "[I can ] still call it a Ford." My response: No, you can not. He did not say he was going to declare it Modified, or anything of the sort. He said "[I can] still call it a Ford."

He says: 2) He can "turn this into a business venture" (i.e. trading on Ford's trademark) by selling "modified cars" (every component except frame!) " as Fords." My response: No, you can not.

Please note: He is saying the "modified car" is going to be sold "as Fords." Not modified, no explanation at all.

That's why I say he is wrong. The replies to me are arguing completely different scenarios.

"a European cloud provider"

[Nutria]

That does us no good. Give us a name!!

Re:"a European cloud provider"

[thegarbz]

That does us no good. Give us a name!!

And potentially screw up a legal process?
And if they lose open them up to an instant libel lawsuit?

Take things one step at a time. If this initial scare tactic doesn't fix the problem you'll find out the name soon enough.

Re:"a European cloud provider"

I have gotten bad md5 hashes from HEAnet several times. Not sure if they were deliberately bad images, but the HEAnet mirrors do have a tendancy to be flakier than most.

Re:"a European cloud provider"

[NotQuiteReal]

Exactly - why would anyone bother to mess with the image, if Canonical is doing the work for free.

One can only assume they are breaking "Ubuntu" on purpose.

Let people know who is being shady.

Re:"a European cloud provider"

Avoid all European cloud providers if you want to be sure you're not doing business with the bad apple in question.

Re:"a European cloud provider"

[squiggleslash]

Hmm, possibly the Mediterranean, though the English Channel and North Sea can also be sources of clouds in Europe.

Re:"a European cloud provider"

[squiggleslash]

VPS providers usually have reasonable reasons to customize the distros they run somewhat to fit within the framework they're using to virtualize each server - which are vary rarely simple "VMWare on a Xeon" type environments due to cost/scalability issues.

My guess is that certain providers are crappier than others.

The relevant portion

The article is a bit vague. I believe the relevant snippet comes from this part:

To count some of the ways we have seen home-grown images create operational and security nightmares for users: clouds have baked private keys into their public images, so that any user could SSH into any machine; clouds have made changes that then blocked security updates for over a week; clouds have confused users with image- or kernel-soup, and users have been pushed into building their own images; VMs have had changes that resulted in very slow boot or poor performance; unstable kernels that disable features Ubuntu packages expect to be there; and many more. When things like this happen, users are left feeling let down. As the company behind Ubuntu, it falls to Canonical to take action.

This better explains WHAT is happening as the original article seems to leave the reader guess WHO, which isn't the point to begin with.

Re:The relevant portion

clouds have baked private keys into their public images, so that any user could SSH into any machine

Holy shit.

Re:The relevant portion

There's a Canadian VPS provider, their name rhymes with "Plowed at Cost," for a lonnnnnng time their linux images all had a backdoor account in them. Fun times, some say thousands of VPS are still pwned.....

Re:The relevant portion

[kriston]

This is trivially simple to fix. Honestly, who doesn't check for unknown authorized user keys, and, for that matter, who doesn't also re-key their host keys?

Oh, wait, GitHub Enterprise, that's who.

Months???

They've ignored Canonical for months? A few days to a week I can see as a lapse but months is on purpose. Remove them as a provider, period.

I think this was about...

A website I reported here a few months ago (that didn't make the front page) that has now been taken down. The URL was www.uhuntu.com , yes that's an "h" instead of a "b" in ubuntu. The website looked almost exactly like ubuntu.com, and even mirrored some of the download links, although I didn't check all of them.

Re:I think this was about...

The was a discussion about this here... https://ubuntuforums.org/showt...

Brands and trademarks are *not* silly.

[Qbertino]

Branding is not silly. In fact, it is essential to getting a good product of the ground and into widespread use. Those neat Mozilla / Firefox Videoads are at least as important to Firefox acceptance as the newest Adblocker Plugin are. If they need to protect their brand and Debian sees no way of integrating a product called "Firefox" because the FF branding/trademark conflict with Debians rules, then they will have to ditch the brand, even though the product is the same. You could argue that Debian is being silly aswell, but in this case neither are - they just follow different core principles from wich both entities aren't willing to back down, both for very very valid reasons.

I'd say in todays sharing economy, branding is getting more and more important.

In conclusion:
Use a FOSS product, but dilute the brand that comes with it, and the key sponsor will come down on you like a pile of bricks. And for good reasons too. In this case Mark Shuttleworth and Ubuntu have acutally been quite generous. They should start sueing the companies in question and make some noise about why exactly they are doing it.

Re:Brands and trademarks are *not* silly.

[Wootery]

Shuttleworth and Ubuntu have acutally been quite generous. They should start sueing the companies in question and make some noise about why exactly they are doing it.

Indeed, particularly considering that trademarks can be lost if not defended.

Commitment to security, quality, and updates??

[Drunkulus]

Said the packager of the most bug-ridden distro in open source history.

Take a stand against Ubuntu. Period.

[OneHundredAndTen]

The Microsoft of the FOSS world.

Re:Take a stand against Ubuntu. Period.

C'm on. Cool down.

Re:Take a stand against Ubuntu. Period.

[lilrobbie]

How does this situation lead you to that conclusion?

Are you saying Canonical should just allow Ubuntu's trademark to be used, even when it's clear the underlying VM image has been badly compromised by the cloud provider?

Digital Ocean @ $5/mos

[CrashNBrn]

DigitalOcean's Linux/BSD images are just fine thanks.

Yuuup

[Khopesh]

clouds have baked private keys into their public images, so that any user could SSH into any machine

The first capture the flag hacking event hosted by my college's volunteer systems team (which supplemented the IT staff) had this problem. Every system had the same SSH keys, so it was easy to man-in-the-middle your opponents, gain their credentials, then log into their actual systems. One of the teams that discovered this (and won the contest) went on to host the next year's event. (This was not recent.)

Unpossible!

How can there be an "official" anything with open sores? It's not like they created it anyways.

Fuck Canonical

[allo]

How broken they might be, but keep loyal to the spirit of open source. People have the right to use and modify your stuff. So let them do it and STFU.

Re:Fuck Canonical

[lilrobbie]

Uhhh... I'm not entirely clear where your logic follows from.

Canonical isn't saying "don't modify and use Ubuntu"... they're saying "don't break Ubuntu in stupid ways, but then still plaster the Ubuntu trademark all over your sales material". This seems like a perfectly reasonable request to me.

Let's say you made a brand of beer, let's call it allo's ale, and you start giving this away to local pubs to serve to customers. Then, one local pub decides to mix your beer with their leftover coffee dregs (hipsters, I tell ya'), but still under the name allo's ale. Don't you see the problem? You (allo) didn't make this beer, it's now been completely corrupted beyond recognition, yet, this pub is still claiming it's your beer. These patrons who buy your ale from the coffee-dregs-place will now tell all their friends your beer sucks, and before you know it, everyone now just assumes you made the crappy tasting beer.

This is the same problem Canonical are fighting against here. The cloud provider(s) have modified Ubuntu in such a way as to fundamentally break the security and functionality of the system. If they don't put a stop to this, people who use these corrupted images will assume *Canonical* and *Ubuntu* are responsible for their bad experiences... not the cloud provider who seems to be mixing the coffee dregs into the VM image they serve.

Re:Fuck Canonical

OK, i'll go fork a bunch of your projects, twist them into piles of shite and then re publish them for production while attributing all of it to your name and wait for you to get spammed with complaints... first: pretty much all OSS licences remove any liability but these VPSs are quietly passing the buck; second canonical is a company and the vps are pretending to distribute the original product of that company and tarnishing it's trademark... all within reason because most VPS providers tweak ubuntu images to stick in extra drivers use a specific type of kernel, tuning it for their platform and exposing additional services etc, but when you just make a security mess and take no responsibility then it's not reasonable.

Re:Fuck Canonical

[allo]

The problem is, when you make a opensource distribution with a name, you should not use trademarks to prevent people from making derivatives. And a "ubuntu plus our installer" is still an ubuntu after installation. If the installer fails miserably ... people will know, that this did not happen when they installed ubuntu from the original cd.

Re:Fuck Canonical

[allo]

The spirit of opensource (not the trademark laws) says, you're allowed to do so. If you do too much nonsense, i may post on my homepage, that your project isn't mine. If you just add a few (broken) scripts, i will try to work with you to fix them first. Because i am happy, when you add scripts, i did not need but which are useful for people using my product.
And i guess there is no intend to break it, its just inability to make good installer images. See hanlon's law.

Re:Fuck Canonical

That's not how trademark works though, that's how copyright works. Your beer example is perfectly legal, as is taking a car, such as a Ford and modifying the hell out of it. You're still legally allowed to market it as a Ford, since that's what it is.
Copyright is what would stop you from making changes and distributing the changed version, but Canonical specifically gave up that right by releasing Ubuntu as GPL.

Re:Fuck Canonical

[lilrobbie]

They're not preventing people from making derivatives. They're preventing the derivatives from mentioning the Ubuntu system underpinning it, because Canonical believes (with a decent amount of proof) that this is tarnishing the Ubuntu brand name.

Canonical is not the first, nor will they be the last, to do this. Mozilla, Debian, RedHat... all these major distros enforce the same rules.

Again, the cloud providers *can* make their own versions/distros based on Ubuntu... they just can't advertise this fact unless the quality of their VM image meets a certain bar.

Re:Fuck Canonical

[allo]

Mozilla does the same and gets the same criticism. Debian doesn't prevent people from make "debian derivatives".

Re:Fuck Canonical

[lilrobbie]

Mozilla does the same and gets the same criticism. Debian doesn't prevent people from make "debian derivatives".

You keep repeating "prevent people from make [...] derivatives", but that is explicitly NOT what's going on here.

You can make as many derivatives as you want... you just can't call them "Allo's Ubuntu", unless you pass Canonical's criteria for using the trademark.

Re:Fuck Canonical

[allo]

What is a modified Ubuntu (possibly broken), when it's no derivative (of the original ubuntu)?

Re:Fuck Canonical

[lilrobbie]

Quoting define:google just for clarity:

derivative: something which is based on another source.

If it's a modified Ubuntu, it's a derivative. You can still make modified Ubuntu distributions. You just can't re-use the TRADEMARK when advertising your derivative. That is, you can use the source code exactly how you want. You cannot use the Ubuntu name to advertise your resulting distro, unless you meet minimum guidelines.

Also, Debian does have protection around the use of it's name in things: https://www.debian.org/tradema...

Specifically:

You cannot use Debian trademarks in any way that suggests an affiliation with or endorsement by the Debian project or community, if the same is not true.

To summarise: You can still create modified distributions of Ubuntu... you just can't call them "Allo's Ubuntu"

Trademarks

[lkcl]

okay, so this is about trademarks. canonical's trademark is being brought into disrepute by the irresponsible action of some cloud providers: it's perfectly reasonable for them to sort this out. now, here's where i have an issue with canonical: why do they think it's okay to have *canonical* not brought into disrepute, when they are themselves acting in a criminal capacity, bringing the *linux* trademark into disrepute by illegally distributing linux kernel source code after they lost their right to do so under the GPLv2, by including the (binary) incompatible ZFS kernel module?

Re:Trademarks

Funny Loonix people. Go pick stuff from your feet and eat it.

Re:Trademarks

[iggymanz]

quit aping that nonsense, perfectly fine to distribute kernel modules with alternate license. no violation of gpl2 in that case.