Because it is a part of a software package, with a non-free license. It means it taints the whole package to be non-free or it has to be removed. Mozilla's trademark policy now wants the image to be there.
The trademark policy to require patches to be approved by Mozilla is a slowdown or a hurdle that could have been sorted out by for example streamlining the process. The logo issue cannot be sorted out without one side giving up a position they deem important.
Debian can't freely make changes to Firefox without changing the name.
Yeah, that is correct. To be honest most open source software writers don't mind if their sofware gets patched, even if they do have it trademarked. At the maximum, they are anal about making the distinction with a tag, so something like "foobar-debian" or "foobar-dfsg". For Mozilla this isn't enough. It is their right after all to do so, but then even if the source code is GPl, so it is open source, I wouldn't call it FREE software. It reminds me of the light version of what Sun was doing with java. The source code is open, but the license is restrictive there. Mozilla is a lighter, but similar case. The source code is open and GPL, but the trademark makes the software impossible to legally distribute and modify, basing on the Mozilla produced version. What Mozilla produces is open, but not free. It will become free and open when Debian starts to distribute it without the trademark stuff.
You might question based on what can I call Firefox not free, but I can reply with: effort. Currently to modify and distribute Firefox you need to take an effort to remove the image and remove firefox references. I don't see this situation as much different from releasing a GPL software package which contains an essential part that is incompatible with GPL. In either case, the resulting package is not free.
Even Debian prevents other people from freely modifying their distros and keeping the Debian name
I would like to debunk a few misleading points some people have been making. I'd like to start with the parent post.
Dramatizing what you think Debian did doesn't help, especially if it's not what really happened. I won't try to translate it to a says/answers play, but this is what I think happened:
Debian struck an agreement with the Mozilla Foundation in early 2005 that they can distribute Firefox without the problematic non-DFSG logo and with their patches. The Mozilla Corporation was created in the meantime and it brought new people and new policies. Mozilla Corp. now says that Debian must include the non-DFSG logo (which they can't and won't do) or stop using the trademarked Firefox name. Mozilla Corp. also says that they aren't allowed to distribute patched Firefox versions without OKing all the patchset with Mozilla Corp. first, so build scripts, everything included.
Concluding this, Debian decided to drop the Firefox name solving their problems with Mozilla Corp. The Debian people didn't decide to "do what we want, because it's free software", they had no choice. The image is non-dfsg and Mozilla said a.) they won't make it dfsg compliant and b.) they require it to be distributed with Firefox. Debian had three choices to solve this: a.) drop Firefox from the repository b.) put it into non-free c.) drop the Firefox name and rebrand it. If they would have chosen b., they still would have to solve the patching problem, so it is understandable why they went for option c. As a Debian user I'm supporting that position aswell (no ad-hominems please!).
"But Debian's patches are HUGE and CRAP":
Actually, Debian's patches are not big at all.
# apt-get source firefox
# gunzip firefox_1.5.dfsg+1.5.0.7-1.diff.gz
# gunzip firefox_1.5.dfsg+1.5.0.7.orig.tar.gz
What we get is:
561K 2006-09-18 15:02 firefox_1.5.dfsg+1.5.0.7-1.diff
1.1K 2006-09-18 15:02 firefox_1.5.dfsg+1.5.0.7-1.dsc
227M 2006-09-18 15:02 firefox_1.5.dfsg+1.5.0.7.orig.tar
Still, you could say, "wow, half megabyte of patch! That is HUGE!", but you'd be wrong
Out of that half megabyte:
~/firefox-1.5.dfsg+1.5.0.7# du -hs debian/
376K debian/
The directory consist of the licenses, readme, changelog, graphical files, build scripts and some config files, etc. So in fact, 185K is actually what applies to the vanilla firefox source (source code and else).
Still, if we go further, we can check how much the patch actually modifies, not adds:
# egrep -c "^-[^-#]" firefox_1.5.dfsg+1.5.0.7-1.diff
936
I'd also like to add my own anecdotal experience about quality.
I've been running Firefox for years on multiple linux systems (debian, gentoo, redhat) and on Windows (when I absolutely must use that OS). I didn't notice the debian version being worse or behaving differently than the others, at all. The memory leaks and the rare crashes occured on every platform, so I have to conclude it is Mozilla's own fault, not the distributors'. To be honest it is sad to see an open source project get corporatized this way, so that they care more about their brand and image than to get stuff done. The development seems sadly commercialized aswell, with some of the stupid features they've been putting into Firefox lately (anti-phishing, built-in spellchecker) instead of leaning on the security, standard compliance and bugkilling part. At this stage, I'd trust debian to do QA over Mozilla Corp. a hundred times more, than the other way around. That's what a distribution should do anyway, no?
No need for a demo. I downloaded a version from a handy ftp server. I liked the game, I like to support small developers and I liked the message they've written (politely asking yarrr pirates to buy the game) when checking online servers within the game. So I'll buy the game asap/donate the amount to the developers and continue to use the "pirated" version, without the "steaming" crap.
"You don't know that you have to filter user input," Lerdorf exclaimed.
Apparently the much belowed MySQL doesn't know it either, since in contrast to most standard SQL relational databases like Postgresql, it silently trims certain input/fields instead of reporting an error.
While people might not agree with me that PHP is horribly broken, I think we can all agree that if we were to choose between Apache, PHP and Postgresql as to what made the web more broken, I think almost everyone would pick PHP. The reason can be summed up as bad design decisions in PHP (slashes, inconsistent naming, header fun, etc.).
I don't blast someone if they choose the smaller learning curve with PHP + Mysql, but they're certainly not the superior solution compared to for example Perl/Python + Postgresql/Oracle.
Also, it's another useless corporate substitute. It is more likely that you know, someone might just simply hand their own music player to their friend and say 'Hey, listen to this nice music!' or something. Also, the even more likely scenario is that "Hey, let's upload these nice mp3 files on your laptop!"
That's scary. Tom Sawyer is on the compulsory literature list in my country, I remember reading it as a kid and then rereading it when I was like 12 for the school literature lessons.
It is amazing that that book would be banned/challenged in the country it was written.
You're an idiot and it scares me that such idiots' say matters when deciding about global policy. I hate to get screwed over because of your idiocy. It's not selfish but stupid, as sensible policies would force innovation and thus economic growth, not decrease it.
The fun question is, will the studios ever get daft enough to want to take the Silmarillion to the silver screen?
Of course. They will hire Gandalf to read it aloud in six four hour pieces, while staring you down with his bushy eyebrows. Instant success! Gandalf most likely won't mind, he had more fun stuff to do in his past 2000 years of life.
Of course. My goal was to err on the side of overstatement, just to show that even overstating the risk, you're more likely to win the lottery than to be a terrorism victim.
Also I've added that it's a quick guesstimate. For example I didn't include specific events like Lockerbie (I didn't find the specific number of UK casualties - out of the 270 victims there were 189 americans so not relevant for UK statistics) and I didn't project my estimate to the future, where higher average life expectancy will be achieved, so increasing the terrorists' chances. I also didn't compensate for the fact that The Troubles were varying in intensity greatly, 479 dead in 1972 and slowly decreasing numbers of deaths up until 2001 with 16 dead. It would mean that doubling the length of the conflict most likely wouldn't mean doubling the number of victims either. So that's another source of overstatement.
Let's assume that The Troubles is an accurate representation of most terrorism in the UK between 1969 and 2001. Let's also assume that the average life expectancy has been 70 years in that period (It has been 50 in the first half of the 20th century and is 80 at the moment in Europe).
The period is 32 years and the total number of victims is 3,523, including both sides, civilian and military personnel aswell.
The current population of the UK in 2001 has been 58,789,194. Let's assume that if the conflict would have lasted for roughly twice as long, for 70 years, which is roughly the average life expectancy, then the number of victims were doubled.
This gives us (3523*2)/58789194 * 100 = 0.0119851957827488% chance of being killed in an average lifetime by terrorism.
(For reference, the chance of winning the UK National Lottery is 0.0193366388688181%, if we assume that you play for 52 years in your life, every week.)
And that is real terrorism. We didn't take it into account that the current terrorism threat is not seriously proven. There are other things we didn't take into account, like growing life expectancy, etc. in this guesstimate, but it was just a thought exercise of what kind of numbers can I come up with in five minutes.
Quite why you would make a cross border payment of 20GBP is another matter.
I don't see even the stupidest terrorist doing this. Not even a serious symphatiser. Come on, 20GBP? The guy most likely had good intentions. It's not as if he sent millions of pounds. Any serious terrorist would a.) try to stay off the radar completely, b.) RECIEVE money.
Slashdot Mirror
I counted you saying it 8 times. That's numerical analysis for you!
The trademark policy to require patches to be approved by Mozilla is a slowdown or a hurdle that could have been sorted out by for example streamlining the process. The logo issue cannot be sorted out without one side giving up a position they deem important.
Yeah, that is correct. To be honest most open source software writers don't mind if their sofware gets patched, even if they do have it trademarked. At the maximum, they are anal about making the distinction with a tag, so something like "foobar-debian" or "foobar-dfsg". For Mozilla this isn't enough. It is their right after all to do so, but then even if the source code is GPl, so it is open source, I wouldn't call it FREE software. It reminds me of the light version of what Sun was doing with java. The source code is open, but the license is restrictive there. Mozilla is a lighter, but similar case. The source code is open and GPL, but the trademark makes the software impossible to legally distribute and modify, basing on the Mozilla produced version. What Mozilla produces is open, but not free. It will become free and open when Debian starts to distribute it without the trademark stuff.
You might question based on what can I call Firefox not free, but I can reply with: effort. Currently to modify and distribute Firefox you need to take an effort to remove the image and remove firefox references. I don't see this situation as much different from releasing a GPL software package which contains an essential part that is incompatible with GPL. In either case, the resulting package is not free. Actually, no. Would you care to elaborate on this a bit please? I'm not familiar with this aspect of GPLv3.
Doh. You were both faster than me.
(sarcasm) Let's hope that the PoC passes DFSG so that debian can start working on a fix ASAP(/sarcasm)
I would like to debunk a few misleading points some people have been making. I'd like to start with the parent post.
Dramatizing what you think Debian did doesn't help, especially if it's not what really happened. I won't try to translate it to a says/answers play, but this is what I think happened:
Debian struck an agreement with the Mozilla Foundation in early 2005 that they can distribute Firefox without the problematic non-DFSG logo and with their patches. The Mozilla Corporation was created in the meantime and it brought new people and new policies. Mozilla Corp. now says that Debian must include the non-DFSG logo (which they can't and won't do) or stop using the trademarked Firefox name. Mozilla Corp. also says that they aren't allowed to distribute patched Firefox versions without OKing all the patchset with Mozilla Corp. first, so build scripts, everything included.
Concluding this, Debian decided to drop the Firefox name solving their problems with Mozilla Corp. The Debian people didn't decide to "do what we want, because it's free software", they had no choice. The image is non-dfsg and Mozilla said a.) they won't make it dfsg compliant and b.) they require it to be distributed with Firefox. Debian had three choices to solve this: a.) drop Firefox from the repository b.) put it into non-free c.) drop the Firefox name and rebrand it. If they would have chosen b., they still would have to solve the patching problem, so it is understandable why they went for option c. As a Debian user I'm supporting that position aswell (no ad-hominems please!).
"But Debian's patches are HUGE and CRAP":
Actually, Debian's patches are not big at all.
# apt-get source firefox
# gunzip firefox_1.5.dfsg+1.5.0.7-1.diff.gz
# gunzip firefox_1.5.dfsg+1.5.0.7.orig.tar.gz
What we get is:
561K 2006-09-18 15:02 firefox_1.5.dfsg+1.5.0.7-1.diff
1.1K 2006-09-18 15:02 firefox_1.5.dfsg+1.5.0.7-1.dsc
227M 2006-09-18 15:02 firefox_1.5.dfsg+1.5.0.7.orig.tar
Still, you could say, "wow, half megabyte of patch! That is HUGE!", but you'd be wrong
Out of that half megabyte:
~/firefox-1.5.dfsg+1.5.0.7# du -hs debian/
376K debian/
The directory consist of the licenses, readme, changelog, graphical files, build scripts and some config files, etc. So in fact, 185K is actually what applies to the vanilla firefox source (source code and else).
Still, if we go further, we can check how much the patch actually modifies, not adds:
# egrep -c "^-[^-#]" firefox_1.5.dfsg+1.5.0.7-1.diff
936
I'd also like to add my own anecdotal experience about quality.
I've been running Firefox for years on multiple linux systems (debian, gentoo, redhat) and on Windows (when I absolutely must use that OS). I didn't notice the debian version being worse or behaving differently than the others, at all. The memory leaks and the rare crashes occured on every platform, so I have to conclude it is Mozilla's own fault, not the distributors'. To be honest it is sad to see an open source project get corporatized this way, so that they care more about their brand and image than to get stuff done. The development seems sadly commercialized aswell, with some of the stupid features they've been putting into Firefox lately (anti-phishing, built-in spellchecker) instead of leaning on the security, standard compliance and bugkilling part. At this stage, I'd trust debian to do QA over Mozilla Corp. a hundred times more, than the other way around. That's what a distribution should do anyway, no?
Serge wants to do debian?
Word.
No need for a demo. I downloaded a version from a handy ftp server. I liked the game, I like to support small developers and I liked the message they've written (politely asking yarrr pirates to buy the game) when checking online servers within the game. So I'll buy the game asap/donate the amount to the developers and continue to use the "pirated" version, without the "steaming" crap.
I will migrate beer out of the keg into my belly. How's that for migrating?!
No, it's like saying that Beethoven is the Mozart of music.
but since it's a liliputian pc, will it be big endian?
RIP.
.
"Oh my GOD TEH evil empire sucks the life out of INNOCENT mp3 files!!!!!4!4444444"
Imagine the foot icon howering over my post this time (instead of whoooooooosh).
While people might not agree with me that PHP is horribly broken, I think we can all agree that if we were to choose between Apache, PHP and Postgresql as to what made the web more broken, I think almost everyone would pick PHP. The reason can be summed up as bad design decisions in PHP (slashes, inconsistent naming, header fun, etc.).
I don't blast someone if they choose the smaller learning curve with PHP + Mysql, but they're certainly not the superior solution compared to for example Perl/Python + Postgresql/Oracle.
Where is the foot icon when you need it...
Also, it's another useless corporate substitute. It is more likely that you know, someone might just simply hand their own music player to their friend and say 'Hey, listen to this nice music!' or something. Also, the even more likely scenario is that "Hey, let's upload these nice mp3 files on your laptop!"
You're not a geek if you don't find .* of it funny.
That's scary. Tom Sawyer is on the compulsory literature list in my country, I remember reading it as a kid and then rereading it when I was like 12 for the school literature lessons.
It is amazing that that book would be banned/challenged in the country it was written.
You're an idiot and it scares me that such idiots' say matters when deciding about global policy. I hate to get screwed over because of your idiocy. It's not selfish but stupid, as sensible policies would force innovation and thus economic growth, not decrease it.
I've never heard Windows called MS06-049 before...
Of course. My goal was to err on the side of overstatement, just to show that even overstating the risk, you're more likely to win the lottery than to be a terrorism victim.
Also I've added that it's a quick guesstimate. For example I didn't include specific events like Lockerbie (I didn't find the specific number of UK casualties - out of the 270 victims there were 189 americans so not relevant for UK statistics) and I didn't project my estimate to the future, where higher average life expectancy will be achieved, so increasing the terrorists' chances. I also didn't compensate for the fact that The Troubles were varying in intensity greatly, 479 dead in 1972 and slowly decreasing numbers of deaths up until 2001 with 16 dead. It would mean that doubling the length of the conflict most likely wouldn't mean doubling the number of victims either. So that's another source of overstatement.
I've made a rough appoximation of the chance:
Let's assume that The Troubles is an accurate representation of most terrorism in the UK between 1969 and 2001. Let's also assume that the average life expectancy has been 70 years in that period (It has been 50 in the first half of the 20th century and is 80 at the moment in Europe).
The period is 32 years and the total number of victims is 3,523, including both sides, civilian and military personnel aswell.
The current population of the UK in 2001 has been 58,789,194. Let's assume that if the conflict would have lasted for roughly twice as long, for 70 years, which is roughly the average life expectancy, then the number of victims were doubled.
This gives us (3523*2)/58789194 * 100 = 0.0119851957827488% chance of being killed in an average lifetime by terrorism.
(For reference, the chance of winning the UK National Lottery is 0.0193366388688181%, if we assume that you play for 52 years in your life, every week.)
And that is real terrorism. We didn't take it into account that the current terrorism threat is not seriously proven. There are other things we didn't take into account, like growing life expectancy, etc. in this guesstimate, but it was just a thought exercise of what kind of numbers can I come up with in five minutes.