The Free Software Foundation reckons its new version of the General Public Licence removes the problems bedevilling version two, but not everyone is convinced the problem even exists. The FSF reckons that Linux developers need to move quickly to GPLv3 if they're to avoid Android (and similar Linux-based platforms) getting tied …
It was a bit slow on the news front (despite every UK online electronics retailer crashing in sequence as they lowered HP Touchpad prices) so you just wrote up a press release as a story, didn't you ? Because theres nothing new in here...
FUD by FSF?
This is such FUD. There are many problems with GPL3 that prevented Linus&co switching to this new license.
I can't see them switching because of this (imho) small glitch.
If the kernel went GPLv3 it would simply stop being used by many bits of hardware.
Lots of devices protect their firmware to stop users bricking them, tampering / stealing premium content, jailbreaking etc. Compelling devices to reveal signing keys would simply be unacceptable in many cases.
If it happened (and it won't since Linus thinks compelling devices to disclose keys is pretty stupid), it would likely the kernel would fork with one branch continuing to be GPLv2. And eventually embedders might even jump ship for a BSD kernel. So instead of opening things up it would actually make things worse.
No, there's only one
No, there's only one "problem" with the GPL: it obliges you to release the Source Code to your modified versions, so that other people can benefit from your work in the same way as you benefitted from other people's work.
Anyone who dislikes the GPL wants to do the one thing it doesn't allow, the one thing it was designed specifically to prevent.
GPLv2 allows a developer to write some firmware, disclose the source code but cryptographically sign the image to prevent someone else replacing it with something else, source or not. GPLv3 would compel them to reveal the key. I hope it's obvious why this is unacceptable for a lot of situations. But to illustrate, a cable TV box might use crypto for it's VOD / PPV / premium channels and the crypto provider would simply refuse to sign off on a box which allowed their software to be hacked with a compromised image.
I cited cable tv boxes but expect the same applies to media players, phones, tablets, TVs and the vast bulk of other embedded things a kernel is used for.
If the kernel went GPLv3 (and it won't for all the reasons Linus has already said) then either the issue would be worked around (e.g. implement a 2 stage bootloader, with 1st stage being proprietary), or the kernel would get forked, or embedded solutions would move to something else like BSD. In no event ever would suddenly the box by open to hackers. The net result would be less openness, not more.
Not sure where the GPL2 doesn't already do all the things you claim GPL3 will cause. There are some reasonably solid reasons that the Linux kernel can't be easily changed to GPL3, but nothing you mentioned is them.
@A J Stiles
Yes, there is a very simple way for companies to avoid having to release their source code: Put in the time and money to develop the stuff themselves from the ground-up and not try to parasite of the work of others.
The GPL, in all its forms, is simply an attempt at an anti-parasite measure in the realm of IP. As you said, anyone who dislikes the general concep is simply someone aspires to parasiteism on the work of others.
Moving to GPL3 would need a re-write
Thousands of people have contributed their efforts under GPL2. To move that code to GPL3 would require the OK of all those contributors. That is a huge effort and would probably force a rewrite. Nobody wants to waste effort like that so it just won't happen.
Anyway, GPL3 will not stop the patent nonsense. Nor would moving to BSD or any other license.
When MS attacks Motorola it is for supposed patent violation. Copyright has nothing to do with it and no matter what header you put at the top of the code the patent issues will be the same.
Taking it to the nth degree
You could argue that a cryptographically-signed binary is a derivative work and therefore the Source Code needed to reproduce it exactly includes the signing key. GPL3 is just a bit more explicit on the point.
Imagine if the police told you that you had the right to a phone call, then did something that rendered you temporarily deaf and dumb specifically in order to prevent you from exercising it.
"Not sure where the GPL2 doesn't already do all the things you claim GPL3 will cause. There are some reasonably solid reasons that the Linux kernel can't be easily changed to GPL3, but nothing you mentioned is them."
GPLv3 has a clause that essentially says if you protect your binary by digitally signing it that you must provide signing key in addition to the source code. That clause is completely unacceptable for many embedded uses for legal, safety, IP and other reasons.
This is why the kernel, busybox, uclibc et al don't use it. If they did the projects would instantly fork. Linus has stated time and again his opposition to GPLv3 and other principle kernel contributors agree. Outsiders don't appear to get it, thinking idealism trumps pragmatism failing to realise that the kernel has always been driven by pragmatism. The kernel's licence is even explicitly modified to remove the "version 2 or later" provision. There are so many contributors to the kernel that it would be extremely difficult, probably impossible to switch, and why bother?
From the GPLv3 itself:
"If you convey an object code work under this section in, or with, or
specifically for use in, a User Product, and the conveying occurs as
part of a transaction in which the right of possession and use of the
User Product is transferred to the recipient in perpetuity or for a
fixed term (regardless of how the transaction is characterized), the
Corresponding Source conveyed under this section must be accompanied
by the Installation Information."
The definition of "Installation Information" includes "authorization keys" required to "install
and execute modified versions of a covered work in that User Product". Note, however, the following exception:
"But this requirement does not apply
if neither you nor any third party retains the ability to install
modified object code on the User Product (for example, the work has
been installed in ROM)."
So manufacturers have two obvious options here, excepting "don't use GPLv3 software ever":
- Install firmware in ROM, or some other non-rewritable medium. Updating firmware becomes difficult, but there are still some classes of embedded device which already lack support for this.
- Don't include any GPLv3 software inside signed blobs, where such blobs are on rewritable media. If the DRM or other security-sensitive software they're using (including the libraries it consumes) is either proprietary, or under licences which lack this clause, then they can still sign those bits. Just don't sign the whole system image, if the system as a whole contains software under the GPLv3. In an Internet-enabled DVR, for example, that might leave me able to replace the integrated web browser with one of my choice, whilst still not touching the video decoding parts.
A Linux kernel licensed under the GPLv3 wouldn't automatically become unable to run proprietary software, because - kernel modules aside - you don't actually link to it. Such a prohibition would certainly be against the spirit in that instance, anyway.
The fourth option is to design better DRM ("better" in the sense of "less susceptible to circumvention"), for example mandating that it be implemented in hardware rather than software. This doesn't make it impossible, but then again it isn't impossible at the moment, as has been repeatedly demonstrated.
Re: Not true
"But to illustrate, a cable TV box might use crypto for it's VOD / PPV / premium channels and the crypto provider would simply refuse to sign off on a box which allowed their software to be hacked with a compromised image."
So you're saying that they would rather ship the kernel with a cryptographic key in the firmware and then rely on no-one ever managing to acquire it by, for example, subverting the supplied software or more involved hardware hacks. There's a long history of products where such manufacturer measures have failed - it's like the Sheriff of Nottingham asking Robin Hood to look after his treasure chest while he goes on holiday, secure in the knowledge that the padlock is the best in the land.
If the kernel were GPLv3, maybe the manufacturers wouldn't be adopting the easiest approach around all those supposedly vital concerns of security, "legality" and all the other corporate scare-words.
Public key crypto
"So you're saying that they would rather ship the kernel with a cryptographic key in the firmware and then rely on no-one ever managing to acquire it by, for example, subverting the supplied software or more involved hardware hacks."
Public key crypto doesn't work like that. You create a keypair e.g. A and A' which are mathematically related but from which it is difficult to derive A from A' or vice versa. You sign the binary with A and put A' into the firmware updater that verifies that the firmware is correct and valid before flashing it.
"There's a long history of products where such manufacturer measures have failed - it's like the Sheriff of Nottingham asking Robin Hood to look after his treasure chest while he goes on holiday, secure in the knowledge that the padlock is the best in the land."
Of course there is a history of failed products. That doesn't mean that all products have failed to protect themselves, or shouldn't take all appropriate measures to safeguard their integrity.
I've worked on set top boxes and from memory, these are some of the safeguards that got used:
1. Multi stage bootloaders. Stage 1 is baked into a ROM and validates second stage bootloader / firmware.
2. Signed firmware, to prevent tampering. Box won't flash firmware which is unsigned.
3. No serial port on board - pins are snipped or there is no circuit at all.
4. Strong root password, a long e.g, 30+ chars random password. So even if someone got access to the serial there is no login.
5. Port knocking. In the case of emergency you might need ssh access to a box so you protect it with a port knocker so ssh only comes up with the right sequence of port knocks.
6. ssh only accessible by blessed public / private key pair, not the same one used to sign the ROM. No key, no login.
7. /tmpfs runs from a RAM disk
8. All flash is encrypted at the hardware level
9. All flash partitions are read only
10. Flash cannot be partitioned without root access
11. No critical data of any kind is stored on USB, HDD etc.
12. Chipset stores IP tokens (that enable h264, VC1, dolby etc.) in special non volatile flash memory
13. Hardware assisted crypto for streaming content.
14. No listening ports of any kind if the device, or if they exist they only accept cryptographically signed commands.
15. Unique hardware identifiers and keys per box using during encryption so streaming data is not vulnerable to a class break.
16. Two way encryption on all streaming content, i.e. box would seek authorisation and obtain a key to decrypt content. If box was compromised, then it wouldn't be getting its key.
So hardware and software security all over the place. It doesn't preclude the possibility of bugs of course, or of some malicious employee revealing a key. But generally the purpose is to make it extremely hard and fruitless to hack the device.
Where does GPLv3 fit in all this? It doesn't. It would never get used or it would be worked around in some other way.
Re: Public key crypto
""So you're saying that they would rather ship the kernel with a cryptographic key in the firmware and then rely on no-one ever managing to acquire it by, for example, subverting the supplied software or more involved hardware hacks."
Public key crypto doesn't work like that. You create a keypair e.g. A and A' which are mathematically related but from which it is difficult to derive A from A' or vice versa. You sign the binary with A and put A' into the firmware updater that verifies that the firmware is correct and valid before flashing it."
I wasn't talking about the signing keys; I was referring to accessing the content keys. If you have to distribute the keys to access the content, you have given Robin Hood the treasure.
"Where does GPLv3 fit in all this? It doesn't. It would never get used or it would be worked around in some other way."
The GPLv3 is all about not only having the theoretical right to actually deploy modified forms of the software, but actually being able to do so. I seriously doubt that if manufacturers let users enjoy this right then they have no recourse and no control over the interoperability of the hardware. Really, most of the complaints about this are to do with the easiest option being taken away.
"I wasn't talking about the signing keys; I was referring to accessing the content keys. If you have to distribute the keys to access the content, you have given Robin Hood the treasure."
The only keys that get distributed are the ones used by the box to descramble content. And believe me, they're not just left laying around for people to rip off. There is a keystore that hold the keys and the store is encrypted / decrypted through the hardware and a second layer of encryption which is unique to each box. Not saying someone couldn't apply super human effort to break this stuff, possibly even find an exploit but the point is it is made extremely hard to obtain the keys. All the stuff about locking down the firmware, ports, filesystem is to prevent any foothold on which to launch an attack. It's mandated by the crypto providers and mandated by the cable providers.
"The GPLv3 is all about not only having the theoretical right to actually deploy modified forms of the software, but actually being able to do so. I seriously doubt that if manufacturers let users enjoy this right then they have no recourse and no control over the interoperability of the hardware. Really, most of the complaints about this are to do with the easiest option being taken away."
Most set top boxes aside from common media players have to deal with premium content. They simply cannot contractually or legally let someone come along and hack the box. A cable provider (for example) signs a contract which says they will take a long list of measures to stop content being broadcast or stored in an unscrambled way. They have to do it. It's simply not an option on the table to let people have at the box. In many cases the box doesn't even belong to the person in the first place - it's either rented or is provided by the service provider.
So GPLv3 is a non starter. It would never, ever be used unless some way was found to defang the DRM clause, e.g. 2 stage bootloader. But it won't come to that because the kernel devs and other embedded tool devs have made it quite clear they're sticking with GPLv2.
Re: Won't happen
"In many cases the box doesn't even belong to the person in the first place - it's either rented or is provided by the service provider."
Although this is the case in various contracts, the way this has been expanded to include devices actually purchased by the user ("you're only borrowing the device really") is shameful. That GPLv3 tackles this head on is in no way a mark against it. Of course various manufacturers and cartels don't want users to play with stuff they have in their possession - frequently, stuff they have actually paid for - but I'm happy that there are people out there who aren't satisfied with the status quo.
Thanks for the insight into the STB business, though.
lackluster adoption of GPL v3
I think more likely the FSF is seeing lackluster adoption of GPL v3 given it's not new at all
Version 3, 29 June 2007
I don't have any stats but have seen more people complain about GPL v3 than not.
Also WRT Linux as far as I know there is no way it will ever go GPL v3, because, if I recall right, the main problem was contacting all previous contributors and getting their approval, there's just too many people, and too difficult to contact everyone to make the effort worth while.
And since the Linux kernel is pretty important to Android and the like.........
Have to agree
It's all very well saying "change to this new version..." but in the real world, it's not at all that easy. GPL3 contains other stuff that may be unpalatable to the likes of Google and the companies that make Android devices (like issues regarding patents etc) - could be a real headache for a lot of Android manufacturers.
As for the comment regarding the unlikelihood of anyone actually going to court to enforce the clause that's causing all this fuss, well, is it REALLY that unlikely? It only takes one person/company from the countless that have contributed to upset the whole apple cart (or in this case, the Apple cart would be more than happy!).
Re: Have to agree
> well, is it REALLY that unlikely?
To date, there have been many, many GPL violations - but hardly any of them get to court. The secret is in Section 5 of GPLv2 :
"You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License."
It's up to the infringer whether or nhot he's bound by the licence; he can either accept it (and get into conformity), or reject it (in which case, it's a clear-cut copyright infringement action). Just about everyone goes for the former option :-)
The only time GPL cases get to a court is when a defendant has decided to tough it out. Every single one of them has lost trying that approach - and some seem to have been hit quite hard (Best Buy lost a load of TVs, which went to charity)
"new GPL licence"
A bit like a new PIN number, or an updated ATM machine?
H6242 - kill the lawyers
A plague on those who force us to pay attention to this drivel.
"IT World reckons the FSF shouldn't be using fear of a non-existent threat to promote its new licence"
I agree with that statement, I suppose it's the word "fear" that is disgusting.
But moving from v2 to v3 is not that easy. And even if something i gained something might also be lost.
Moving Linux to v3 is a rather unnecessary adventure as far as I have understod.
But then again this is the USA where litigation has become the last resort for staying alive when everything else has been outsourced including the money..
Won't make any difference
If a Chinese no-name OEM is not honouring the terms of the GPL at the moment, what damned difference would it make if it were a more recent GPL? None at all. It's pointless to even suggest an upgrade would do anything. I'd note also that Android's user land is BSD so this is only a kernel issue.
A more pragmatic stance by the FSF would be to promote a rival smartphone OS rather than sniping at one which they don't like. I'm sure MeeGo could do with the support. It doesn't seem far fetched to imagine ROM images that installed MeeGo on former Android. handsets. Think of CyanogenMod but with MeeGo. Who knows, perhaps this might spur a handset maker to actually ship devices with the OS on it for real.
That or the FSF can keep griping.
Promoting a rival smartphone OS
for the sake of Free Software zealotry would be a bad thing. I don't care if, for example, my wireless card's firmware is non-free- I'd rather have that than functionality being deliberately removed or replaced with something half-baked. The source code should be released as required by the licence, but I also consider it important to have the freedom to use something non-free.
I'm not saying just promotion
I'm saying they should throw their weight behind an alternative. Devote resources, publicize and pragmatically strive to produce a viable smart phone OS alternative to Android in the shortest time posssible. Something that people can run on their phone and perhaps see the merit in using. The problem is the FSF is too fond of whining, politiking and not doing anything to substantiate their position. It's precisely the reason why the world is running Linux, not Hurd at the moment.
One problem with GPL3,,,
,,,was that BACK WHEN IT WAS NEW (Hint hint article writer) Linus mis-interpreted part of it (The "Tivo" clause IIRC) and thought it meant he had to give up all private encryption keys used during development of the kernel.
Of course, being Linus, he didn't sugar-coat the language he used when commenting on this flawed understanding.
Therefore, a large number of idiots took his word as gospel and immediately declared that the GPL3 was the "Jumping the shark moment" and that GPL2 was fine and dandy and they didn't need no stinking new one.
He managed to poison the GPL3's reputation at the very beginning.
Re: One problem with GPL3
> BACK WHEN IT WAS NEW (Hint hint article writer)
I'm glad I'm not the only one that noticed that.
GPLv3 is dated 29th June 2007. It's over 4 years old. Describing it as a "New GPL licence" in the article title really does speak volumes about the amount of research that went into said article.
Perhaps it was an honest mistake.
I think the GPLv3 managed that all by itself
Here is a reasonable summary that shows it is not just Linus who has a problem with it but almost all primary kernel developers.
It's no wonder he was against it when it would have such a far reaching and disruptive impact on the kernel and its uses. GPLv3 was the poison, not his words.
in that linked article, but they came after his initial (I mean very initial)... outspoken derision.
The GPL3 may not have helped itself after and he may have come up with some arguable points afterwards (I don't agree with them all) but I remember reading the incorrect outburst on slashdot and the flame-war it inspired VERY soon after the GPL3's unveiling.
You think they're sheep?
Perhaps you haven't read the kernel archives. One thing you would know if you had that arguments and differences of opinion break out all the time and no one is afraid to shout out. Even Alan Cox who is extremely outspoken and adamantly anti software patents was against the DRM stuff.
If 28 out of 29 lead devs are negative about GPLv3, one is neutral and none are positive, then it should tell you precisely what they think. They simply don't want the rules under which the kernel is developed under to change. If that means some boxes are locked down or Linux ends up in missile guidance systems or some other morally objectionable thing then so be it.
Seems absurd. . .
"Linux developers are generally a benign bunch, unlikely to start raising capital to fund what would be a lengthy legal case,. . ."
Didn't Bruce Parens attempt to sell or license his rights to Busybox - even though at that point, he didn't actually have any such rights? ( I am sure that someone here knows the story better than I do.)
Also, it only takes ONE developer to agree to let a lawyer take the case on a contingency basis.
Furthermore, I do not see how, legally speaking, moving to GPL v3 can possibly restore any licenses that were lost as result of violations of v2. Now of course I am not a lawyer but it simply seems absurd.
Re: Does this help VLC?
"Will this save VLC on iOS from being blocked by some douchebag of a Nokia employee with a vested interest?"
Not getting your shiny? If someone releases code under a particular licence and then finds someone else violating the licence, what do you expect them to do?
Pay for some proprietary video player for your proprietary phone environment and suck it up. You chose which horse to ride.
Plenty of V3 about
Free software developers have sued manufacturers for failing to comply with the GPL. Do a quick web search for busybox and you will find plenty. Most GPL violations are settled out of court. A typical sequence is a developer writes to a manufacturer explaining what they are not doing, but should be. After some time for thought the manufacturer apologises, takes steps not to repeat their mistake and the developer re-instates the license.
GPL version 2 has weak areas: Tivozsation is when a manufacturer releases modified source code, but that code is useless because the boot loader will only load software signed by the manufacturer. Googlization is when a company makes GPL software available as a service but does not distribute it - and so is not required to distribute source code according to GPL version 2.
If googlization bothers you, take a look at the Affero General Public License. Tivoization is countered by GPL V3. GPL V3 also has better compatibility with other open licenses and is also more explicit about trying to defeat the GPL via limited agreements not to sue over patents (like the Novell/Microsoft deal). The cost of these benefits is that GPL V3 is considerably bigger and more complicated.
There are plenty of new projects that use GPL V3. There are plenty of older projects that have always been licensed as "GPL V2 or any later version" which are easy to move to "GPL V3 or later" if the developers so choose.
He who writes the code gets to choose the license. For some strange reason developers are choosing GPL (whatever version) no matter how much Microsoft and Florian Müller rant about it.
Tivoization will continue
Because the kernel will not and cannot change to GPLv3. For user land programs it probably doesn't make the slightest bit of difference whether they use it or not. The simple answer for Tivoization is don't buy a protected box if you expect to be able to hack it.
Redistributing GPL v2 under GPL v3
I quote from http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
"This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version."
Er, doesn't this mean anybody can redistribute any piece of GPL v2-distributed software under the v3 licence if they so desire? I think that was the intention. In which case, no need to contact all the authors at all.
But this is a non-story isn't it?
Re: Redistributing GPL v2 under GPL v3
"Er, doesn't this mean anybody can redistribute any piece of GPL v2-distributed software under the v3 licence if they so desire?"
You've quoted the licensing boilerplate, but there is some software out there where they state an explicit version and drop the "any later version" part. Actually, such software usually doesn't carry the boilerplate in every file, as is the recommended practice, but the authors of such software often state the explicit version somewhere in the documentation.
Of course, just as someone else remarked about Linus, his misunderstanding and his subsequent tantrum, this has prompted a few people to have a "wet cement" moment (as in "this building would look so much better with my finishing touch") where they think that overriding the "any later version" thing allows them to precisely control their intent, when frequently such people neither understand the licence in its entirety nor comprehend the need for refinements to be made in the licence (for example, to stop people trying to work around various aspects of it).
As for the "non-story" aspect. The GPLv3 enhancement is supposed to reduce the danger of confrontation over a suspected licensing violation and to offer an obvious path to compliance without people getting lawyers deeply involved straight away. I don't see that being a bad thing.
You are mistaken. There is no "or later" clause in the Linux license. These are the first lines of the COPYING file dtstributed in the source tarball:
NOTE! This copyright does *not* cover user programs that use kernel
services by normal system calls - this is merely considered normal use
of the kernel, and does *not* fall under the heading of "derived work".
Also note that the GPL below is copyrighted by the Free Software
Foundation, but the instance of code that it refers to (the Linux
kernel) is copyrighted by me and others who actually wrote it.
Also note that the only valid version of the GPL as far as the kernel
is concerned is _this_ particular version of the license (ie v2, not
v2.2 or v3.x or whatever), unless explicitly otherwise stated.
did you read the actual Linux license?
You do know Linux uses a modified license without the 'any later version' language? Which combined with distributed copyright ownership makes it practically impossible to switch to gpl3 even if they wanted to (most of them don't).
Then why not release the affected code, dumbass?
You can all moan against GPL as much as you like
however, you all must admit the GPL is the only reason we're still talking/bitching about Linux here instead of let's say BSD. Please tell why do you think Google and others did not pick the BSD license it if' GPL is that toxic, and also why Microsoft can't even spell GPL without having a seizure.
Apple built an empire on top of a mountain of cash using BSD but they didn't even bother to send a thank you card to the BSD community. I wonder how those developers feel seeing their work being heavily monetized while they receive not even the slightest appreciation. Well, GPL was designed specifically to prevent this state of affair. Trouble is that everybody and his dog was upset about this and they all started poking to find holes in the protection GPL was meant to offer. So they came up with legal and moral issues calling it un-American, cancer, monopolistic behavior, unconstitutional and so on, and moving to clever workarounds like TiVo, organized copyright infringement and patent threats.
FSF corrected most of these weaknesses in GPL v3 while working hard to preserve the license appeal to businesses (which by the way, we know they have no incentive to be honest). Please keep in mind that FSF main goal is making sure the fundamental rights are being preserved both for developers and end-users (speaking of this, I'd really love to see another organization having the same goals).
As for FSF position, I don't consider it FUD. They are mainly talking to actual our would be copyright infringers and there is no threat, uncertainty or doubt in their discourse.
Final word for all of you you that are against GPL: Don't like it ? Don't use it! Feel free to use any other license that suits you, or even better, come up with your own license.
Re: You can all moan against GPL as much as you like
> I wonder how those developers feel seeing their work being heavily monetized
> while they receive not even the slightest appreciation.
The ones I've spoken to seem to be fine with that.
If it were me, I'd be massively offended - but that's why I use the GPL wherever I can.
Apple built an empire on top of a mountain of cash using BSD but they didn't even bother to send a thank you card to the BSD community. I wonder how those developers feel seeing their work being heavily monetized while they receive not even the slightest appreciation. Well, GPL was designed specifically to prevent this state of affair.
This is utter tosh. I'm involved with FreeBSD, and I can tell you that Apple contribute a shitload back to BSD. They fund developers, they fund projects, they contribute code back to the project, they produce BSD licensed software and toolchains that are helping to remove our dependence on GPL software.
I particularly like the final line - GPL is going to save all us BSD developers? No thanks, we'll continue using the 2 clause BSD license, you can keep your toxic GPL. The BSD license does exactly what it is supposed to do, and allows for reuse of code, and we're real happy for Apple, Juniper, Citrix, Ironport, Sophos, Panasonic, Sophos, Netasq, Isilon at al to reuse our code.
The GPL puts such a restriction on developers. Take a company like Juniper Networks, who spend a shed load of money developing Junos, which is based on FreeBSD. Junos is completely closed source, which stops competitors using Juniper's code to build their own products.
This is precisely the situation the FSF wants to avoid, that Linux could become the base of a closed source OS. They argue that this would be disastrous, and the company would not push fixes back to the tree unless compelled.
Well, that's not what happens. Certain things clearly are not contributed back, such as Juniper's custom routing stacks, but lots of other things are. They spend a lot of time and money testing things that the project cannot, and contribute lots back. In general, the companies that use FreeBSD like this (and there are lots) only benefit FreeBSD.
A GPL zealot will never see it that way though. To their eyes, Apple and Juniper are just leeches. A typical BSD user just sees it as code reuse, which is the most important thing - consider where we would be if every commercial OS had not reused the Berkeley sockets API (probably not discussing this).
"This is utter tosh. I'm involved with FreeBSD, and I can tell you that Apple contribute a shitload back to BSD. They fund developers, they fund projects, they contribute code back to the project, they produce BSD licensed software and toolchains that are helping to remove our dependence on GPL software."
I wonder why that is.
"The GPL puts such a restriction on developers."
It obliges developers to offer the same rights to others that they enjoy themselves. The result is, as designed, that everyone involved contributes to a body of work that anyone can improve.
"A GPL zealot will never see it that way though. To their eyes, Apple and Juniper are just leeches."
Well, it's not so much about whether Apple give anything back as whether the original authors of a work, companies like Apple (albeit not really Apple because they don't like the GPL for some reason), and whoever ends up using the software all get to enjoy the same privileges on an evolving and continuously improving work they more or less share or have an interest in.
Of course, slinging terms like "zealot" around is a lot of fun, but there are some (yes, even the GPLv2-only brigade) who feel that establishing a common work where the majority of improvements are shared by default is better (or more sustainable, or more rewarding, or more the kind of thing they want to participate in) than having their code out there in some popular product where the vendor may or may not nurture further upstream development and where the end-user has to sit on their hands and be a mere spectator.
Excuse those of us that favour copyleft licences for pointing this out, but the zealotry seems to be more evident in the frequently aggressive statements made by permissive licensing advocates who always seem aggrieved that people dared to write Free Software and not give them the opportunity to use it as if they wrote it themselves.
Re: Re: @AC
The original AC - maybe you are the same person - implied that GPL3 was designed to save BSD from being code-raped by Apple. They missed a couple of pertinent points:
1) The reason we work on *BSD is to not restrict the users of our code, regardless of how they want to use it
2) Changes to GPL aren't going to affect how *BSD projects are run or how we manage our code - we aren't going to change to a non permissive license.
Excuse those of us that favour copyleft licences for pointing this out, but the zealotry seems to be more evident in the frequently aggressive statements made by permissive licensing advocates who always seem aggrieved that people dared to write Free Software and not give them the opportunity to use it as if they wrote it themselves.
I'm mostly aggrieved that people associate open source with GPL and believe that companies reusing BSD works are somehow being naughty or evil. We want re-use, we want everyone to use our code, from individuals to companies who might want to build upon it. Code isn't really open unless you can re-use it.
It's true, lots of us are here because we have extreme dislikes of GPL/FSF. My favourite quote is this from a BSD licensed library's about page (not me!):
memcache(3) is as Open Source as it gets and can be embedded in anything (commercial software, open source, etc). May the GPL and its users rot in hell for their stupidity.
You don't become ubiquitous with a copyleft license, you do with a permissive license. Look at the license choices for cross platform standard libraries:
They are permissive because they are standards, and they are standards because they are permissive.
"I'm mostly aggrieved that people associate open source with GPL and believe that companies reusing BSD works are somehow being naughty or evil."
Well, companies doing that are just exercising the rights given to them, just like people extending permissively licensed works and releasing the derived work under a copyleft licence, but some people get more upset about that than anything else. (Hint: people shouldn't extend permissions to people when they don't really mean it.)
"We want re-use, we want everyone to use our code, from individuals to companies who might want to build upon it. Code isn't really open unless you can re-use it."
That's true, but the ideological difference is in what people can do with the result and the notion of who the "user" is. I've seen permissive licence advocates state that copyleft is not "true freedom" or some highly subjective nonsense, when the notion of freedom common to (and upheld by) most democracies is precisely the kind of "regulated freedom" that copyleft licences enforce in their own way: the right to do something with a work is distributed to a wider audience that includes outsiders to the original and subsequent development.
"You don't become ubiquitous with a copyleft license, you do with a permissive license."
Quibbling aside about how ubiquitous something might be, even the FSF advocate permissive licences for certain classes of project. And yet people have the nerve to go on about a lack of pragmatism in the FSF camp.
Hardly unbiased sources
Quoting Naughton and Mueller on the GPL is a bit ridiculous, like quoting Benyamin Netanyahu about Ramadan, or Rick Perry on the scientific method.
Re: Hardly unbiased sources
> Quoting Naughton and Mueller on the GPL is a bit ridiculous
I've run out of upvotes for you...
how does that make GPL3 better than 2?
I'm at a loss to understand why a licence that let's users violate it knowing they can unilaterally restore their own rights after delay waiting on enforcement, is better than one that takes time to kick off enforcement then leaves offenders up shit creek if they persist. Usually with a lot of grovelling, paying costs and signing binding undertakings to not offend again.
So why is GPL3 supposed to be better from the licensors viewpoint? Seems superficially like a licence to take the piss with few enforcement teeth. A licence easy to duck against one with bite.
The FSF really have lost what little grasp of the plot they still retained, pushing a poison pill licence with no obvious advantages beyond that patent poison pill. Which doesn't look like an advantage to many corporations.
Even if their story was more than FUD, the GPL3 is widely seen as too toxic for corporate use. As pointed out days ago when this was first reported on, if Linux was GPL3 Android would not be using Linux. That's one self destructive way to prevent license violation.
- Crawling from the Wreckage Want a more fuel efficient car? Then redesign it – here's how
- Review Xperia Z3: Crikey, Sony – ANOTHER flagship phondleslab?
- Human spaceships dodge ALIEN BODY skimming Mars
- Downrange Are you a gun owner? Let us in OR ELSE, say Blighty's top cops
- Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know