>Would you fault Debian for being the same way? They're even worse than Fedora when it comes to non-free software.
I disagree. Fedora only distributes Free Software if you want non-free Software you have to know 3th party repositories or find them and insert them into your packaging system. Debian on the other hand has an official non-free repository which everyone knows and everyone can add by simply adding a "non-free" at the end of every line in his sources.list. So I would say that Fedora is stricter than Debian if it comes to Free Software.
Another point are media codecs. Debian ships all Free Software media codecs including ffmpeg and mplayer which allows me to play mp3, wmv, mp4 and many more video/audio files with 100% Free Software. That's the main point why i use Debian it allows me to install software from one source (Debian main) which guarantees me that it is all Free Software and enables me to listen/view media with Free Software codecs.
For me Fedora is in many ways definitely more restrictive than Debian whether this is good or bad.
I also can't understand the naming. Free and open standards are one of the most important things today a organisation like the "Free Standards Group" could do a great job in this area. Now merging this into a "Linux Foundation" just doesn't fit.
>Free Software is represented by much more than Linux.
If you want a Foundation which cares about Free Software in general why don't support one of the Free Software Foundations? They exist exactly for this task. I don't know where you living but today you can find a Free Software Foundation in North America, Europe, Latin America and India. If you don't live in one of this regions just select one of them which is near your location or which you like most.
>The problem for the FSF and their zombie followers is that they *do* claim to place "freedom" above everything else. They don't actually believe that, of course, so they need to continuously redefine "free" and "not free"
I have follow the FSF now for about 20 years and i don't think that they have ever redefined their view of freedom.
As i understand it, their view is:
1. Freedom means that i can do verything i want until it only concerns myself.
2. If i do something which also concerns others than i have to respect point 1 for them too else it wouldn't be my freedom but my power. For example distributing non-free software is not my freedom but it is my power to remove freedom from all users of this program.
This is the view of the FSF and was always the view of the FSF. If you understand this you understand why GPLv2 was written like it is in 1991 and you understand why GPLv3 is written like it is in 2006/2007.
You can like what they do or not (i'm also not happy with everything the FSF does) but you can't say that they changing their opinion about software freedom.
For you i will repeat the conclusion of my first post:
Replacing one program (the kernel) in the BSD System will still result in a BSD System. -> Call it BSD System
Replacing one program (the kernel) in the BSD System will make the BSD System a Linux System -> Call it Linux System
Replacing one program (the kernel) in the BSD System will result in a new System (a Linux based BSD System) and you think that both parts are important enough to get some kudos -> Call it BSD/Linux
>GNU however could be replaced with something else. e.g. the BSD userland/libraries. Would we then be obliged to call the operating system BSD/Linux?
For me replacing the BSD kernel with the kernel Linux in a BSD system would still result in a BSD System but if you want to follow the logic of Linus Torvalds it would be a Linux System.
You can take my position, the position of Linus or for example decide that both BSD and Linux are a essential part of the new OS, that both deserves some kudos and call it e.g. BSD/Linux.
Sorry for my unformated comment but i have forgotten to switch from "HTML Formated" to "Plain Old Text". So here the same comment in a readable form.
>Its more complicated than you think. Code and hardware together are verified by independent labs, which perform the certification according to government standards. The labs will most assuredly not grant a FIPS 140-2 certification that allows arbitrary code to run inside the security boundary, whether supplied by the customer or not.
The question is if the costumer has the option to get his code certified so that he can use his device wor ket work he needs it. So please answere this two questions because i really want to understand it: If i say in this question "I" than i don't necessarily mean myself or a special person but whoever is in charge of the system and the person/group/organisation which should be protected.
1. I have a FIPS 140-2 certified system and now i have a new program for this system to do the work for which i have bought this systems. Can i make this software run? Either by certifying it by my self or by giving it to the correspondig lab which will certify it? 2. Let's assume that parts of my FIPS 140-2 certified system is Free Software and during my daily work i recognize a bug in this free program. Now i or someone which i instruct fix this bug. What options do i have to use this fixed software on my system?
>No, I see it from a developer. I can use the _knowledge_ (i.e. the source code) to create derivative products, which run on entirely different hardware. This is very, very useful.
Yes, this is very useful but not the only aim of the GPL. The aim of the GPL is to give the user all 4 freedoms defined by the Free Software definition and protect this freedoms. And i think whether you agree with the Free Software definition, the FSF or RMS or someone else you can see that the GPLv2 have done this in the past really well and things like DRM have created some holes for the present and the future which will be closed by GPLv3. So that GPLv3 will do an as good job today like the GPLv2 did yesterday.
>Its more complicated than you think. Code and hardware together are verified by independent labs, which perform the certification according to government standards. The labs will most assuredly not grant a FIPS 140-2 certification that allows arbitrary code to run inside the security boundary, whether supplied by the customer or not.
The question is if the costumer has the option to get his code certified so that he can use his device wor ket work he needs it. So please answere this two questions because i really want to understand it:
If i say in this question "I" than i don't necessarily mean myself or a special person but whoever is in charge of the system and the person/group/organisation which should be protected.
1. I have a FIPS 140-2 certified system and now i have a new program for this system to do the work for which i have bought this systems. Can i make this software run? Either by certifying it by my self or by giving it to the correspondig lab which will certify it?
2. Let's assume that parts of my FIPS 140-2 certified system is Free Software and during my daily work i recognize a bug in this free program. Now i or someone which i instruct fix this bug. What options do i have to use this fixed software on my system?
>No, I see it from a developer. I can use the _knowledge_ (i.e. the source code) to create derivative products, which run on entirely different hardware. This is very, very useful.
Yes, this is very useful but not the only aim of the GPL. The aim of the GPL is to give the user all 4 freedoms defined by the Free Software definition and protect this freedoms.
And i think whether you agree with the Free Software definition, the FSF or RMS or someone else you can see that the GPLv2 have done this in the past really well and things like DRM have created some holes for the present and the future which will be closed by GPLv3. So that GPLv3 will do an as good job today like the GPLv2 did yesterday.
>Are you familiar with FIPS-140-2? Have you ever designed a FIPS 140-2 product? I have (level 3). For any level above -1, you must have a robust firmware/upgrade management scheme which explicitly ensures that untrusted code is not allowed to run within the "security boundary".
The question is who decides what code is trusted and what code is untrusted? Maybe you can give me the answere for the FIPS-140-2. If the company, government,... who uses this FIPS 140-2 product can decide which software is trusted and which is untrusted, than this is OK with GPLv3. But if someone else will decide it than it's not ok because than the company, government, etc. will no longer control their own IT infrastructure.
This kind of secuurity would be a joke. If i can't control my own security than i don't think it it's a good security system. And security which can be controlled by the person, company, government which should be protected through it is completly ok with GPLv3.
>Its not just modification of the software that is at issue, it is installation of said software on said hardware that is at stake.
I think you have to see it more from the position of a "user" and not from somewhere outside. Modifying software and than can't run it doesn't make much sense. The position of the FSF and the purpose of the GPL was always that the user should have the control over their devices (driven by software) and not someone else. As GPLv2 was written the only way to remove this control from the user was by don't give him the source code and use your power of the copyright. So GPLv2 was written in this context and it works really well. Today they have another option, they can use DRM techniques and new laws like the DMCA or the EUCD (if you life in Europe) to remove your control over your device. New laws and new technology has created holes in GPLv2 and GPLv3 will close this holes.
What's your practical answere? I buy a computer with a GNU/Linux operating system and the computer runs only with the OS signed by the vendor. Now i wan't to exercise my right given by the GPL and want to run a modified version (i think only very few people modifie software to use it as a wallpaper;) ). Should i buy another computer in the hope that this one will run my version? Or should i just accept that the letters of the GPL are worthless in our shiny new world?
I'm happy that the FSF will keep the letters of the GPL useful as long as possible.
>This is a serious problem for certain kinds of applications that have nothing to do with DRM, and everything to do with security. Under these rules, for example, it would be impossible to use GPLv3 software in functions conformant with FIPS-140-2 (the federal standard for cryptographic devices/software).
I think you are wrong. For example a company can use GPLv3 code, sign it and use it with their DRM hardware to make sure that only this software runs. They don't redistribute hardware+software in a form which would deny freedom to the recipient of the system they just use it to create security for their IT infrastructure and this will be OK with GPLv3.
It's like Linus Torvalds example in one of it's responses that the GPLv3 would make election machines impossible. That's wrong too. A country could take their election machines and their copy of GPLv3 software and make sure that only software verified by the government will run on the machines. What isn't allowed is to sell to a country election machines with GPLv3 software and with pre-installed keys so that the government couldn't change the keys or the software. This would make the election dependent from a software company while the government is the institution which should have the control over their election and of course over their election machines.
>The problem is that some GPL zealots believe that if they purchase a piece of hardware, they should have the right to replace the software on it. I don't think that is a natural right (or rather, I don't think it is an obligation that the manufacturer should have to help you).
That's not the point. If you sell hardware with your software you can do what you want. But if you sell e.g. computers with GPLv3 Software which says i have the right to modify the software than you have to make sure that i can exercise this rights and can't prevent it with DRM.
>And here is way - if it was true than Microsft and Apple should be calling their software "BSD/Windows" and "BSD/OSX"
And MacOSX used a BSD-like Kernel (Darwin) so why MacOSX is called MacOSX and not Darwin?
>The userland != the OS. The OS *is the kernel*
An operating system must allow you to operate with a computer with just a kernel like Linux you can't even boot the computer up to say nothing of operate with a computer. So a OS must be something more than a kernel, maybe that's also the reason why we have two names "operating system" and "kernel", because two different things need two different names.
> I could install the BSD userland on the Linux kernel, and it would still be Linux. "GNU/Linux"
No if you would take a BSD System and replace the BSD Kernel with the Linux than you would still have a BSD System and almost all users wouldn't even recognize any differences.
Or would you say that if you take the whole FreeBSD system and just replace one program, the kernel, that the system wouldn't be FreeBSD anymore but Linux? Even if all "Linux" user will soon discover that their new "Linux" will work different: other commands in the shell, commands with the same name has differnt options, software written for the old "Linux" will not compile on the new "Linux" because all the system libs are different, etc. And this should be the same OS?
On the other hand if i take a GNU System with the kernel Linux and replace Linux with the BSD Kernel (e.g. Debian GNU/kBSD) the user will discover non of this difference. And it's understandable because 95% of the OS would be still the same, only one program has changed, the kernel.
>However, I have been in the business side of a corporate environment and talking about "free speech, not free beer" is not a concept that is easily grasped in that context. Every new meeting, every new person that you come across you will have to explain it again and again - and they still won't get it.
And you don't have to explain Open Source?
>If you use "open source" and say it is about being able to see source code, it is actually less of a problem
But it can become a big problem because the description is wrong. If you describe them Open Source as "being able to see source code" tomorrow i will go to them and offer them a software with source code and a license which don't allow sharing, modification and distribution and they will think that they get Open Source software.
>it sounds like a good thing right from the start
Really? What will all the non-software companies say? Probably they won't see any advantage in "being able to see source code". But if you say to them: Look this is Free Software, that means your are free to use, share, modify and distribute the software that means you have the full control over your data, software and your entire IT-infrastructure and their is no vendor lock-in and you can chose freely your support/service provider.
I think this sounds more "like a good thing right from the start".
At the end you have always to describe it whether you use the term Open Source or the term Free Software. But i'm sure that the "freedom and independence"-argument is much stronger than the "you can see the code"-argument if you explain it right.
>I would call myself a free software advocate, but I release my code under the LGPL because I want give the users of my software the freedom to include it in non-free software.
I wouldn't call it a freedom. I think what you do is giving users of your software the power to deny other users freedom.
> I guess I just say make free software, where the FSF seems to say make software free only to certain users.
I would say the FSF says make software free to all users because FSF prefered way of licensing software protects freedom for all users while your way of licensing gives users the power to deny other users freedom. So you are the one who says "make software free only for certain users".
Thank you for the link. I have read through the complete mailing list archive and it seems like their is a real process running to make Fedora a FSF approved and recommend GNU/Linux distribution. Yesterday 'spot' posted a new status: https://www.redhat.com/archives/fedora-advisory-bo ard/2006-August/msg00271.html and it seems like it's almost done.
It looks really good to me and Fedora could become my new No.1 distribution in the near future (if i can part from my habit of doing it the "Debian-way";) ).
>As a user, if your priorities are cutting-edge technology (without the nicks and cuts of a blade) and freedom, Fedora is a great disto to use.
I agree with this statement by Max Spevack. I'm a long time Debian GNU/Linux user. Recently i switched to Ubuntu because the desktop software of stable was to old and testing/unstable is a moving target and i want a system which i can trust that if it runs today it will run tomorrow too. So Ubuntu was the logical step, almost Debian stable with up-to-date Desktop software.
But i'm not really happy how Ubuntu handles non-Free Software, like Max said: "Ubuntu is one example, as there is very strong language about their commitment to Free and open source software, right up until the line stating that they include binary-only drivers on their CDs and in their repositories."
I think Fedora could be the right choice if i wouldn't be used that much to the Debian way of doing things (deb, dpkg, update-alternatives,...).
And that's leeds me to the question: Fedora seems to be a respectable Free Software GNU/Linux distribution. Wouldn't it be the almost perfect distribution which could be "approved/recommand by FSF"? Has Fedora already thought about such a step or even asked the FSF to get listed at http://www.gnu.org/links/links.html#FreeGNULinuxDi stributions ?
Whether IBM is right or not that OpenSolaris has a development community, OpenSolaris is true Free Software. Free Software is not about a development method but about a way of licensing software. Free Software can build in a community process and in a in-house process as proprietary software can be developed in a community or in-house. It's not the development method which makes something Free Software it's the license.
Sad to see that even such a big company with such a big "linux-centre" like IBM doesn't really understand Free Software.
i completely agree with you. I just wan't to make this sentence a little bit clearer:
>The trouble is that the letter of the GPL v.2 fails to reflect that, which is why the FSF is coming out with the GPL v.3.
The letter of the GPLv2 doesn't really fails to reflect the intent of the GPL and the FSF. But it refects it in the world we had 1991. Since 1991 law and technology has changed which created some holes in GPLv2. GPLv3 will close this holes and will refelct the same intent GPLv2 did but orientated on the world of today (2006).
>If you have the hardware and it matters that much to you that you need to run software with a differnt signature, then change the key in the hardware. Requiring that you distribute the hardware keys seems like the wrong solution.
If you can change the key than you don't have to distribute the hardware keys because than people can exercise all 4 freedoms. But if you embed they keys in a way into the hardware so that i can't change them and the hardware will run only software signed by this keys than you remove some of my freedom granted by the GPL and than the GPL will fight back.
>The purpose of the GPLv2 was never to force all hardware to run your custom software,...
it isn't the purpose of GPLv3 either.
>it was to force other developers to publish their own changes to your code (please note that I am talking about the intents of the GPLv2, not the intents of the FSF). In other words: feel free to modify the software... just don't expect it to run in my hardware. And Linus simply chose the GPLv2 to distribute the kernel based on its intents, and not on the FSF's agenda
That's the "mistake", Linus doesn't choose the license based on its intents he choosed the license based on his intents. Linus hat looked at the license interpreted it and decided that it "technically" fits his needs. But it seems that he has never understand the intent of the license. The intent of the license is the intent of it's creator and that's the FSF. And the intent of the FSF is pretty clear and was always the same. It's not about publishing source code or writing better software. The intent is that every user should have the 4 freedoms defined as Free Software. If you now start do design your hardware+software distribution in a way that removes some of the 4 freedoms you do something which was not the intent of the license and the logical step is to close this hole by releasing a update of the license.
I think it's not the question if we shoud "fight" something. It's a more a question about what is the idea and the aim of the GPL. And the idea and the aim of the GPL is to give all users all 4 freedoms. To protect this idea and this aim we need a DRM clause in GPLv3 because that's the only way GPLv3 will be able to practice it's idea and aim in the age of DRM and DMCA. What 20 years ago was the copyleft clause to protect the idea and the aim of the GPL is today the DRM clause.
>Maybe it is in the short term better to force Hardwarevendors not to lock their Hardware, but will it be better in the long term?
Maintaining users freedom is always better in the long term.
>But when the GPL don't forbid to lock the Hardware, the Vendors help to evolve the GPL-Software although you can't use your own binary on their Hardware.
What is the advantage if i can read the source but doesn't have the freedom to control my software and my device?
Maybe you see it more from the view of an engineer. You want to see the code and want to tinker with it, even if you can tinker just on a piece of paper because their is no device which will run your new version. But the view of GPL is the view from the user which life depends more and more on technical devices and software. The GPL wants that this user have always the full control over this part of his life. That's not a academical question from the view of an engineer but a rather practical question which needs practical answers. And a answer like "Buy a PC make use of your freedom to modify the software and than by another PC on which you can hopefully run the code because your first PC will deny your freedom to run your version of the software" isn't really a practical answer.
>But remember, no one will force you to buy their Hardware
Who will guarantee that i will always have a choice? What device could i buy to run my modified Tivio Software? What option will i have if all PC's come with TPM and DRM.
Even if your are right and their will always be one vendor with alternative hardware. Will this hardware be able to do the same job like the other hardware? Will this hardware really run all the different software which is installed on the locked devices? Will i be able to use this hardware together with my "un-trusted" software to participate the the digital culture, make bank transfers, etc.?
Even if all this answers are positive, but i don't believe that you can give me this positive answers for the complete future. This doesn't explain why a license designed to give users freedom and protect users freedom should maintain holes through which other can remove this freedom? I think such a license would be a lie to all people who choose the GPL with the trust that the GPL is a license which gives and protect freedom.
>Yes, there will be Vendors that use GPL-Soft and forbid changed and therefore unsignd binarys to execute on there Hardware.
And because the idea of GPL is that nobody should have the power to forbid you this things GPLv3 will close this hole.
>but sometimes there are good reasons for this behavior that benefit the Custumer. Think on Mission-Critical Hardware that should NEVER execute hacked binarys - in your best interest.
This will be possible with GPLv3. You are free to use trusted computing hardware and DRM in your office to run only software signed by you. But you (the owner, the big boss of the company) must have the freedom to run modified versions if some business processes have changed. And i think it's also in his interest to controls his own IT infrastructure. The GPLv3 doesn't allow that the manufacture of the "trusted computing hardware" sells you the hardware with the software and now you are not able to adapt the software to your new business processes even if the license of the software say that you can do it.
That's the same mistake like Linus does with his voting-machine-example. The state (call it state A) will be able to use DRM voting machines with DRM technology to ensure that on all voting-machines runs the right software. But if state A sells his voting-machine to another state (call it state B) he have to give state B all he needs to control his voting-machine like state A did.
The freedom of you as a user is never restricted it just ensures that everyone who gets this machines too will have the same freedom.
>Classically, liberals have great respect for property rights.
As far as i know RMS, i would say that he has a great respect for property rights too.
But software like music, novels, etc. aren't property! They are works for which society gives in some cases some monopoly rights (copyright, patent law, trademark,..). But society should hand out this monopoly rights only as long as it gain an advantage for everyone (author and society as a whole). This was given at the beginning of copyright. Today copyright is extremely overplayed. It harms the society more than it offers advantages and it harms most artist and authors too. Today there is no balance at all, it harms the majority for the advantage of few (mostly publishers).
At the beginning of copyright the society had good arguments to give away these exclusive rights, it was a win for everyone. Today society would have good arguments to reorganize this exclusive rights, but the few which still profit from this rights at the expense of the rest of the society have too much power.
This has absolutely nothing to do with property rights.
>There wouldn't be anything stopping them selling OO.o, or selling support for it...
have i said that they couldn't sell it???
My argument _was_ that they can perfectly sell their StarOffice based on a free OOo even if they don't hold the copyright and even if they don't control the developement.
I don't see the problem. At the end it's not a license issue.
People don't buy StarOffice because they maybe use a proprietary license. They buy it because they want a "product" with a company in the back wo is "responsible" if something goes wrong and they have a phone number they could call. Maybe they like some add-ons like a better spellchecker etc too.
So Sun can also offers a StarOffice from a community driven OpenOffice.
Just take from time to time the latest OOo, call it StarOffice, put it into a box with a nice handbook, some add-ons etc. And costumers will be happy to get a "product" from a reputable company. That's why they buy StarOffice and not because they like software with lots of restrictions through proprietary licencing.
Slashdot Mirror
I disagree. Fedora only distributes Free Software if you want non-free Software you have to know 3th party repositories or find them and insert them into your packaging system. Debian on the other hand has an official non-free repository which everyone knows and everyone can add by simply adding a "non-free" at the end of every line in his sources.list. So I would say that Fedora is stricter than Debian if it comes to Free Software.
Another point are media codecs. Debian ships all Free Software media codecs including ffmpeg and mplayer which allows me to play mp3, wmv, mp4 and many more video/audio files with 100% Free Software. That's the main point why i use Debian it allows me to install software from one source (Debian main) which guarantees me that it is all Free Software and enables me to listen/view media with Free Software codecs.
For me Fedora is in many ways definitely more restrictive than Debian whether this is good or bad.
I also can't understand the naming. Free and open standards are one of the most important things today a organisation like the "Free Standards Group" could do a great job in this area. Now merging this into a "Linux Foundation" just doesn't fit.
>Free Software is represented by much more than Linux.If you want a Foundation which cares about Free Software in general why don't support one of the Free Software Foundations? They exist exactly for this task. I don't know where you living but today you can find a Free Software Foundation in North America, Europe, Latin America and India. If you don't live in one of this regions just select one of them which is near your location or which you like most.
I have follow the FSF now for about 20 years and i don't think that they have ever redefined their view of freedom.
As i understand it, their view is:1. Freedom means that i can do verything i want until it only concerns myself.
2. If i do something which also concerns others than i have to respect point 1 for them too else it wouldn't be my freedom but my power. For example distributing non-free software is not my freedom but it is my power to remove freedom from all users of this program.
This is the view of the FSF and was always the view of the FSF. If you understand this you understand why GPLv2 was written like it is in 1991 and you understand why GPLv3 is written like it is in 2006/2007.
You can like what they do or not (i'm also not happy with everything the FSF does) but you can't say that they changing their opinion about software freedom.
For you i will repeat the conclusion of my first post:
I would go with option 1.
>GNU however could be replaced with something else. e.g. the BSD userland/libraries. Would we then be obliged to call the operating system BSD/Linux?
For me replacing the BSD kernel with the kernel Linux in a BSD system would still result in a BSD System but if you want to follow the logic of Linus Torvalds it would be a Linux System.
You can take my position, the position of Linus or for example decide that both BSD and Linux are a essential part of the new OS, that both deserves some kudos and call it e.g. BSD/Linux.
Sorry for my unformated comment but i have forgotten to switch from "HTML Formated" to "Plain Old Text". So here the same comment in a readable form.
>Its more complicated than you think. Code and hardware together are verified by independent labs, which perform the certification according to government standards. The labs will most assuredly not grant a FIPS 140-2 certification that allows arbitrary code to run inside the security boundary, whether supplied by the customer or not.
The question is if the costumer has the option to get his code certified so that he can use his device wor ket work he needs it. So please answere this two questions because i really want to understand it:
If i say in this question "I" than i don't necessarily mean myself or a special person but whoever is in charge of the system and the person/group/organisation which should be protected.
1. I have a FIPS 140-2 certified system and now i have a new program for this system to do the work for which i have bought this systems. Can i make this software run? Either by certifying it by my self or by giving it to the correspondig lab which will certify it?
2. Let's assume that parts of my FIPS 140-2 certified system is Free Software and during my daily work i recognize a bug in this free program. Now i or someone which i instruct fix this bug. What options do i have to use this fixed software on my system?
>No, I see it from a developer. I can use the _knowledge_ (i.e. the source code) to create derivative products, which run on entirely different hardware. This is very, very useful.
Yes, this is very useful but not the only aim of the GPL. The aim of the GPL is to give the user all 4 freedoms defined by the Free Software definition and protect this freedoms.
And i think whether you agree with the Free Software definition, the FSF or RMS or someone else you can see that the GPLv2 have done this in the past really well and things like DRM have created some holes for the present and the future which will be closed by GPLv3. So that GPLv3 will do an as good job today like the GPLv2 did yesterday.
>Its more complicated than you think. Code and hardware together are verified by independent labs, which perform the certification according to government standards. The labs will most assuredly not grant a FIPS 140-2 certification that allows arbitrary code to run inside the security boundary, whether supplied by the customer or not. The question is if the costumer has the option to get his code certified so that he can use his device wor ket work he needs it. So please answere this two questions because i really want to understand it: If i say in this question "I" than i don't necessarily mean myself or a special person but whoever is in charge of the system and the person/group/organisation which should be protected. 1. I have a FIPS 140-2 certified system and now i have a new program for this system to do the work for which i have bought this systems. Can i make this software run? Either by certifying it by my self or by giving it to the correspondig lab which will certify it? 2. Let's assume that parts of my FIPS 140-2 certified system is Free Software and during my daily work i recognize a bug in this free program. Now i or someone which i instruct fix this bug. What options do i have to use this fixed software on my system? >No, I see it from a developer. I can use the _knowledge_ (i.e. the source code) to create derivative products, which run on entirely different hardware. This is very, very useful. Yes, this is very useful but not the only aim of the GPL. The aim of the GPL is to give the user all 4 freedoms defined by the Free Software definition and protect this freedoms. And i think whether you agree with the Free Software definition, the FSF or RMS or someone else you can see that the GPLv2 have done this in the past really well and things like DRM have created some holes for the present and the future which will be closed by GPLv3. So that GPLv3 will do an as good job today like the GPLv2 did yesterday.
>Are you familiar with FIPS-140-2? Have you ever designed a FIPS 140-2 product? I have (level 3). For any level above -1, you must have a robust firmware/upgrade management scheme which explicitly ensures that untrusted code is not allowed to run within the "security boundary".
;) ). Should i buy another computer in the hope that this one will run my version? Or should i just accept that the letters of the GPL are worthless in our shiny new world?
The question is who decides what code is trusted and what code is untrusted? Maybe you can give me the answere for the FIPS-140-2. If the company, government,... who uses this FIPS 140-2 product can decide which software is trusted and which is untrusted, than this is OK with GPLv3. But if someone else will decide it than it's not ok because than the company, government, etc. will no longer control their own IT infrastructure.
This kind of secuurity would be a joke. If i can't control my own security than i don't think it it's a good security system. And security which can be controlled by the person, company, government which should be protected through it is completly ok with GPLv3.
>Its not just modification of the software that is at issue, it is installation of said software on said hardware that is at stake.
I think you have to see it more from the position of a "user" and not from somewhere outside. Modifying software and than can't run it doesn't make much sense.
The position of the FSF and the purpose of the GPL was always that the user should have the control over their devices (driven by software) and not someone else. As GPLv2 was written the only way to remove this control from the user was by don't give him the source code and use your power of the copyright. So GPLv2 was written in this context and it works really well.
Today they have another option, they can use DRM techniques and new laws like the DMCA or the EUCD (if you life in Europe) to remove your control over your device. New laws and new technology has created holes in GPLv2 and GPLv3 will close this holes.
What's your practical answere? I buy a computer with a GNU/Linux operating system and the computer runs only with the OS signed by the vendor. Now i wan't to exercise my right given by the GPL and want to run a modified version (i think only very few people modifie software to use it as a wallpaper
I'm happy that the FSF will keep the letters of the GPL useful as long as possible.
>This is a serious problem for certain kinds of applications that have nothing to do with DRM, and everything to do with security. Under these rules, for example, it would be impossible to use GPLv3 software in functions conformant with FIPS-140-2 (the federal standard for cryptographic devices/software).
I think you are wrong. For example a company can use GPLv3 code, sign it and use it with their DRM hardware to make sure that only this software runs. They don't redistribute hardware+software in a form which would deny freedom to the recipient of the system they just use it to create security for their IT infrastructure and this will be OK with GPLv3.
It's like Linus Torvalds example in one of it's responses that the GPLv3 would make election machines impossible. That's wrong too. A country could take their election machines and their copy of GPLv3 software and make sure that only software verified by the government will run on the machines. What isn't allowed is to sell to a country election machines with GPLv3 software and with pre-installed keys so that the government couldn't change the keys or the software. This would make the election dependent from a software company while the government is the institution which should have the control over their election and of course over their election machines.
>The problem is that some GPL zealots believe that if they purchase a piece of hardware, they should have the right to replace the software on it. I don't think that is a natural right (or rather, I don't think it is an obligation that the manufacturer should have to help you).
That's not the point. If you sell hardware with your software you can do what you want. But if you sell e.g. computers with GPLv3 Software which says i have the right to modify the software than you have to make sure that i can exercise this rights and can't prevent it with DRM.
>And here is way - if it was true than Microsft and Apple should be calling their software "BSD/Windows" and "BSD/OSX"
And MacOSX used a BSD-like Kernel (Darwin) so why MacOSX is called MacOSX and not Darwin?
>The userland != the OS. The OS *is the kernel*
An operating system must allow you to operate with a computer with just a kernel like Linux you can't even boot the computer up to say nothing of operate with a computer. So a OS must be something more than a kernel, maybe that's also the reason why we have two names "operating system" and "kernel", because two different things need two different names.
> I could install the BSD userland on the Linux kernel, and it would still be Linux. "GNU/Linux"
No if you would take a BSD System and replace the BSD Kernel with the Linux than you would still have a BSD System and almost all users wouldn't even recognize any differences.
Or would you say that if you take the whole FreeBSD system and just replace one program, the kernel, that the system wouldn't be FreeBSD anymore but Linux? Even if all "Linux" user will soon discover that their new "Linux" will work different: other commands in the shell, commands with the same name has differnt options, software written for the old "Linux" will not compile on the new "Linux" because all the system libs are different, etc. And this should be the same OS?
On the other hand if i take a GNU System with the kernel Linux and replace Linux with the BSD Kernel (e.g. Debian GNU/kBSD) the user will discover non of this difference. And it's understandable because 95% of the OS would be still the same, only one program has changed, the kernel.
>However, I have been in the business side of a corporate environment and talking about "free speech, not free beer" is not a concept that is easily grasped in that context. Every new meeting, every new person that you come across you will have to explain it again and again - and they still won't get it.
And you don't have to explain Open Source?
>If you use "open source" and say it is about being able to see source code, it is actually less of a problem
But it can become a big problem because the description is wrong. If you describe them Open Source as "being able to see source code" tomorrow i will go to them and offer them a software with source code and a license which don't allow sharing, modification and distribution and they will think that they get Open Source software.
>it sounds like a good thing right from the start
Really? What will all the non-software companies say? Probably they won't see any advantage in "being able to see source code". But if you say to them: Look this is Free Software, that means your are free to use, share, modify and distribute the software that means you have the full control over your data, software and your entire IT-infrastructure and their is no vendor lock-in and you can chose freely your support/service provider.
I think this sounds more "like a good thing right from the start".
At the end you have always to describe it whether you use the term Open Source or the term Free Software. But i'm sure that the "freedom and independence"-argument is much stronger than the "you can see the code"-argument if you explain it right.
>I would call myself a free software advocate, but I release my code under the LGPL because I want give the users of my software the freedom to include it in non-free software.
I wouldn't call it a freedom. I think what you do is giving users of your software the power to deny other users freedom.
> I guess I just say make free software, where the FSF seems to say make software free only to certain users.
I would say the FSF says make software free to all users because FSF prefered way of licensing software protects freedom for all users while your way of licensing gives users the power to deny other users freedom.
So you are the one who says "make software free only for certain users".
Thank you for the link. I have read through the complete mailing list archive and it seems like their is a real process running to make Fedora a FSF approved and recommend GNU/Linux distribution. Yesterday 'spot' posted a new status: https://www.redhat.com/archives/fedora-advisory-bo ard/2006-August/msg00271.html and it seems like it's almost done.
;) ).
It looks really good to me and Fedora could become my new No.1 distribution in the near future (if i can part from my habit of doing it the "Debian-way"
>As a user, if your priorities are cutting-edge technology (without the nicks and cuts of a blade) and freedom, Fedora is a great disto to use.
i stributions ?
I agree with this statement by Max Spevack. I'm a long time Debian GNU/Linux user. Recently i switched to Ubuntu because the desktop software of stable was to old and testing/unstable is a moving target and i want a system which i can trust that if it runs today it will run tomorrow too. So Ubuntu was the logical step, almost Debian stable with up-to-date Desktop software.
But i'm not really happy how Ubuntu handles non-Free Software, like Max said: "Ubuntu is one example, as there is very strong language about their commitment to Free and open source software, right up until the line stating that they include binary-only drivers on their CDs and in their repositories."
I think Fedora could be the right choice if i wouldn't be used that much to the Debian way of doing things (deb, dpkg, update-alternatives,...).
And that's leeds me to the question: Fedora seems to be a respectable Free Software GNU/Linux distribution. Wouldn't it be the almost perfect distribution which could be "approved/recommand by FSF"? Has Fedora already thought about such a step or even asked the FSF to get listed at http://www.gnu.org/links/links.html#FreeGNULinuxD
>The key question is; if Sun tries to kill OpenSolaris development, can they do it?
No, because OpenSolaris is Free Software, so everyone can use it, study it, adapt it and (re-)distribute it.
Whether IBM is right or not that OpenSolaris has a development community, OpenSolaris is true Free Software.
Free Software is not about a development method but about a way of licensing software. Free Software can build in a community process and in a in-house process as proprietary software can be developed in a community or in-house. It's not the development method which makes something Free Software it's the license.
Sad to see that even such a big company with such a big "linux-centre" like IBM doesn't really understand Free Software.
i completely agree with you.
I just wan't to make this sentence a little bit clearer:
>The trouble is that the letter of the GPL v.2 fails to reflect that, which is why the FSF is coming out with the GPL v.3.
The letter of the GPLv2 doesn't really fails to reflect the intent of the GPL and the FSF. But it refects it in the world we had 1991. Since 1991 law and technology has changed which created some holes in GPLv2. GPLv3 will close this holes and will refelct the same intent GPLv2 did but orientated on the world of today (2006).
>If you have the hardware and it matters that much to you that you need to run software with a differnt signature, then change the key in the hardware. Requiring that you distribute the hardware keys seems like the wrong solution.
If you can change the key than you don't have to distribute the hardware keys because than people can exercise all 4 freedoms. But if you embed they keys in a way into the hardware so that i can't change them and the hardware will run only software signed by this keys than you remove some of my freedom granted by the GPL and than the GPL will fight back.
>The purpose of the GPLv2 was never to force all hardware to run your custom software,...
it isn't the purpose of GPLv3 either.
>it was to force other developers to publish their own changes to your code (please note that I am talking about the intents of the GPLv2, not the intents of the FSF). In other words: feel free to modify the software... just don't expect it to run in my hardware. And Linus simply chose the GPLv2 to distribute the kernel based on its intents, and not on the FSF's agenda
That's the "mistake", Linus doesn't choose the license based on its intents he choosed the license based on his intents. Linus hat looked at the license interpreted it and decided that it "technically" fits his needs. But it seems that he has never understand the intent of the license.
The intent of the license is the intent of it's creator and that's the FSF. And the intent of the FSF is pretty clear and was always the same. It's not about publishing source code or writing better software. The intent is that every user should have the 4 freedoms defined as Free Software. If you now start do design your hardware+software distribution in a way that removes some of the 4 freedoms you do something which was not the intent of the license and the logical step is to close this hole by releasing a update of the license.
>But should we fight this fight with the GPL?
I think it's not the question if we shoud "fight" something.
It's a more a question about what is the idea and the aim of the GPL. And the idea and the aim of the GPL is to give all users all 4 freedoms. To protect this idea and this aim we need a DRM clause in GPLv3 because that's the only way GPLv3 will be able to practice it's idea and aim in the age of DRM and DMCA. What 20 years ago was the copyleft clause to protect the idea and the aim of the GPL is today the DRM clause.
>Maybe it is in the short term better to force Hardwarevendors not to lock their Hardware, but will it be better in the long term?
Maintaining users freedom is always better in the long term.
>But when the GPL don't forbid to lock the Hardware, the Vendors help to evolve the GPL-Software although you can't use your own binary on their Hardware.
What is the advantage if i can read the source but doesn't have the freedom to control my software and my device?
Maybe you see it more from the view of an engineer. You want to see the code and want to tinker with it, even if you can tinker just on a piece of paper because their is no device which will run your new version.
But the view of GPL is the view from the user which life depends more and more on technical devices and software. The GPL wants that this user have always the full control over this part of his life. That's not a academical question from the view of an engineer but a rather practical question which needs practical answers. And a answer like "Buy a PC make use of your freedom to modify the software and than by another PC on which you can hopefully run the code because your first PC will deny your freedom to run your version of the software" isn't really a practical answer.
>But remember, no one will force you to buy their Hardware
Who will guarantee that i will always have a choice? What device could i buy to run my modified Tivio Software? What option will i have if all PC's come with TPM and DRM.
Even if your are right and their will always be one vendor with alternative hardware. Will this hardware be able to do the same job like the other hardware? Will this hardware really run all the different software which is installed on the locked devices? Will i be able to use this hardware together with my "un-trusted" software to participate the the digital culture, make bank transfers, etc.?
Even if all this answers are positive, but i don't believe that you can give me this positive answers for the complete future. This doesn't explain why a license designed to give users freedom and protect users freedom should maintain holes through which other can remove this freedom? I think such a license would be a lie to all people who choose the GPL with the trust that the GPL is a license which gives and protect freedom.
>Yes, there will be Vendors that use GPL-Soft and forbid changed and therefore unsignd binarys to execute on there Hardware.
And because the idea of GPL is that nobody should have the power to forbid you this things GPLv3 will close this hole.
>but sometimes there are good reasons for this behavior that benefit the Custumer. Think on Mission-Critical Hardware that should NEVER execute hacked binarys - in your best interest.
This will be possible with GPLv3.
You are free to use trusted computing hardware and DRM in your office to run only software signed by you. But you (the owner, the big boss of the company) must have the freedom to run modified versions if some business processes have changed. And i think it's also in his interest to controls his own IT infrastructure.
The GPLv3 doesn't allow that the manufacture of the "trusted computing hardware" sells you the hardware with the software and now you are not able to adapt the software to your new business processes even if the license of the software say that you can do it.
That's the same mistake like Linus does with his voting-machine-example. The state (call it state A) will be able to use DRM voting machines with DRM technology to ensure that on all voting-machines runs the right software. But if state A sells his voting-machine to another state (call it state B) he have to give state B all he needs to control his voting-machine like state A did.
The freedom of you as a user is never restricted it just ensures that everyone who gets this machines too will have the same freedom.
As far as i know RMS, i would say that he has a great respect for property rights too. But software like music, novels, etc. aren't property! They are works for which society gives in some cases some monopoly rights (copyright, patent law, trademark,..). But society should hand out this monopoly rights only as long as it gain an advantage for everyone (author and society as a whole). This was given at the beginning of copyright. Today copyright is extremely overplayed. It harms the society more than it offers advantages and it harms most artist and authors too. Today there is no balance at all, it harms the majority for the advantage of few (mostly publishers).
At the beginning of copyright the society had good arguments to give away these exclusive rights, it was a win for everyone. Today society would have good arguments to reorganize this exclusive rights, but the few which still profit from this rights at the expense of the rest of the society have too much power.
This has absolutely nothing to do with property rights.
At least now we have said it 3 times, so nobody can overlook it ;)
have i said that they couldn't sell it???
My argument _was_ that they can perfectly sell their StarOffice based on a free OOo even if they don't hold the copyright and even if they don't control the developement.
People don't buy StarOffice because they maybe use a proprietary license. They buy it because they want a "product" with a company in the back wo is "responsible" if something goes wrong and they have a phone number they could call. Maybe they like some add-ons like a better spellchecker etc too.
So Sun can also offers a StarOffice from a community driven OpenOffice. Just take from time to time the latest OOo, call it StarOffice, put it into a box with a nice handbook, some add-ons etc. And costumers will be happy to get a "product" from a reputable company. That's why they buy StarOffice and not because they like software with lots of restrictions through proprietary licencing.