back to article New GPL licence touted as saviour of Linux, Android

The Free Software Foundation reckons its new version of the General Public Licence removes the problems bedevilling version two, but not everyone is convinced the problem even exists. The FSF reckons that Linux developers need to move quickly to GPLv3 if they're to avoid Android (and similar Linux-based platforms) getting tied …

COMMENTS

This topic is closed for new posts.
  1. Tom Chiverton 1
    FAIL

    Be honest

    It was a bit slow on the news front (despite every UK online electronics retailer crashing in sequence as they lowered HP Touchpad prices) so you just wrote up a press release as a story, didn't you ? Because theres nothing new in here...

  2. Nate Amsden

    lackluster adoption of GPL v3

    I think more likely the FSF is seeing lackluster adoption of GPL v3 given it's not new at all

    http://www.gnu.org/licenses/gpl-3.0.html

    Version 3, 29 June 2007

    I don't have any stats but have seen more people complain about GPL v3 than not.

    Also WRT Linux as far as I know there is no way it will ever go GPL v3, because, if I recall right, the main problem was contacting all previous contributors and getting their approval, there's just too many people, and too difficult to contact everyone to make the effort worth while.

    And since the Linux kernel is pretty important to Android and the like.........

    1. Anonymous Coward
      Happy

      Have to agree

      It's all very well saying "change to this new version..." but in the real world, it's not at all that easy. GPL3 contains other stuff that may be unpalatable to the likes of Google and the companies that make Android devices (like issues regarding patents etc) - could be a real headache for a lot of Android manufacturers.

      As for the comment regarding the unlikelihood of anyone actually going to court to enforce the clause that's causing all this fuss, well, is it REALLY that unlikely? It only takes one person/company from the countless that have contributed to upset the whole apple cart (or in this case, the Apple cart would be more than happy!).

      1. Vic

        Re: Have to agree

        > well, is it REALLY that unlikely?

        Yes.

        To date, there have been many, many GPL violations - but hardly any of them get to court. The secret is in Section 5 of GPLv2 :

        "You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License."

        It's up to the infringer whether or nhot he's bound by the licence; he can either accept it (and get into conformity), or reject it (in which case, it's a clear-cut copyright infringement action). Just about everyone goes for the former option :-)

        The only time GPL cases get to a court is when a defendant has decided to tough it out. Every single one of them has lost trying that approach - and some seem to have been hit quite hard (Best Buy lost a load of TVs, which went to charity)

        Vic.

  3. hyartep
    Childcatcher

    FUD by FSF?

    This is such FUD. There are many problems with GPL3 that prevented Linus&co switching to this new license.

    I can't see them switching because of this (imho) small glitch.

    1. DrXym

      GPLv3

      If the kernel went GPLv3 it would simply stop being used by many bits of hardware.

      Lots of devices protect their firmware to stop users bricking them, tampering / stealing premium content, jailbreaking etc. Compelling devices to reveal signing keys would simply be unacceptable in many cases.

      If it happened (and it won't since Linus thinks compelling devices to disclose keys is pretty stupid), it would likely the kernel would fork with one branch continuing to be GPLv2. And eventually embedders might even jump ship for a BSD kernel. So instead of opening things up it would actually make things worse.

      1. Anonymous Coward
        Facepalm

        @DrXym

        Not sure where the GPL2 doesn't already do all the things you claim GPL3 will cause. There are some reasonably solid reasons that the Linux kernel can't be easily changed to GPL3, but nothing you mentioned is them.

        1. DrXym

          AC

          "Not sure where the GPL2 doesn't already do all the things you claim GPL3 will cause. There are some reasonably solid reasons that the Linux kernel can't be easily changed to GPL3, but nothing you mentioned is them."

          GPLv3 has a clause that essentially says if you protect your binary by digitally signing it that you must provide signing key in addition to the source code. That clause is completely unacceptable for many embedded uses for legal, safety, IP and other reasons.

          This is why the kernel, busybox, uclibc et al don't use it. If they did the projects would instantly fork. Linus has stated time and again his opposition to GPLv3 and other principle kernel contributors agree. Outsiders don't appear to get it, thinking idealism trumps pragmatism failing to realise that the kernel has always been driven by pragmatism. The kernel's licence is even explicitly modified to remove the "version 2 or later" provision. There are so many contributors to the kernel that it would be extremely difficult, probably impossible to switch, and why bother?

          1. mangobrain
            Boffin

            Divulging keys

            From the GPLv3 itself:

            "If you convey an object code work under this section in, or with, or

            specifically for use in, a User Product, and the conveying occurs as

            part of a transaction in which the right of possession and use of the

            User Product is transferred to the recipient in perpetuity or for a

            fixed term (regardless of how the transaction is characterized), the

            Corresponding Source conveyed under this section must be accompanied

            by the Installation Information."

            The definition of "Installation Information" includes "authorization keys" required to "install

            and execute modified versions of a covered work in that User Product". Note, however, the following exception:

            "But this requirement does not apply

            if neither you nor any third party retains the ability to install

            modified object code on the User Product (for example, the work has

            been installed in ROM)."

            So manufacturers have two obvious options here, excepting "don't use GPLv3 software ever":

            - Install firmware in ROM, or some other non-rewritable medium. Updating firmware becomes difficult, but there are still some classes of embedded device which already lack support for this.

            - Don't include any GPLv3 software inside signed blobs, where such blobs are on rewritable media. If the DRM or other security-sensitive software they're using (including the libraries it consumes) is either proprietary, or under licences which lack this clause, then they can still sign those bits. Just don't sign the whole system image, if the system as a whole contains software under the GPLv3. In an Internet-enabled DVR, for example, that might leave me able to replace the integrated web browser with one of my choice, whilst still not touching the video decoding parts.

            A Linux kernel licensed under the GPLv3 wouldn't automatically become unable to run proprietary software, because - kernel modules aside - you don't actually link to it. Such a prohibition would certainly be against the spirit in that instance, anyway.

            The fourth option is to design better DRM ("better" in the sense of "less susceptible to circumvention"), for example mandating that it be implemented in hardware rather than software. This doesn't make it impossible, but then again it isn't impossible at the moment, as has been repeatedly demonstrated.

      2. Charles Manning

        Moving to GPL3 would need a re-write

        Thousands of people have contributed their efforts under GPL2. To move that code to GPL3 would require the OK of all those contributors. That is a huge effort and would probably force a rewrite. Nobody wants to waste effort like that so it just won't happen.

        Anyway, GPL3 will not stop the patent nonsense. Nor would moving to BSD or any other license.

        When MS attacks Motorola it is for supposed patent violation. Copyright has nothing to do with it and no matter what header you put at the top of the code the patent issues will be the same.

    2. A J Stiles
      FAIL

      No, there's only one

      No, there's only one "problem" with the GPL: it obliges you to release the Source Code to your modified versions, so that other people can benefit from your work in the same way as you benefitted from other people's work.

      Anyone who dislikes the GPL wants to do the one thing it doesn't allow, the one thing it was designed specifically to prevent.

      1. DrXym

        Not true

        GPLv2 allows a developer to write some firmware, disclose the source code but cryptographically sign the image to prevent someone else replacing it with something else, source or not. GPLv3 would compel them to reveal the key. I hope it's obvious why this is unacceptable for a lot of situations. But to illustrate, a cable TV box might use crypto for it's VOD / PPV / premium channels and the crypto provider would simply refuse to sign off on a box which allowed their software to be hacked with a compromised image.

        I cited cable tv boxes but expect the same applies to media players, phones, tablets, TVs and the vast bulk of other embedded things a kernel is used for.

        If the kernel went GPLv3 (and it won't for all the reasons Linus has already said) then either the issue would be worked around (e.g. implement a 2 stage bootloader, with 1st stage being proprietary), or the kernel would get forked, or embedded solutions would move to something else like BSD. In no event ever would suddenly the box by open to hackers. The net result would be less openness, not more.

        1. A J Stiles
          Boffin

          Taking it to the nth degree

          You could argue that a cryptographically-signed binary is a derivative work and therefore the Source Code needed to reproduce it exactly includes the signing key. GPL3 is just a bit more explicit on the point.

          Imagine if the police told you that you had the right to a phone call, then did something that rendered you temporarily deaf and dumb specifically in order to prevent you from exercising it.

        2. Anonymous Coward
          Linux

          Re: Not true

          "But to illustrate, a cable TV box might use crypto for it's VOD / PPV / premium channels and the crypto provider would simply refuse to sign off on a box which allowed their software to be hacked with a compromised image."

          So you're saying that they would rather ship the kernel with a cryptographic key in the firmware and then rely on no-one ever managing to acquire it by, for example, subverting the supplied software or more involved hardware hacks. There's a long history of products where such manufacturer measures have failed - it's like the Sheriff of Nottingham asking Robin Hood to look after his treasure chest while he goes on holiday, secure in the knowledge that the padlock is the best in the land.

          If the kernel were GPLv3, maybe the manufacturers wouldn't be adopting the easiest approach around all those supposedly vital concerns of security, "legality" and all the other corporate scare-words.

          1. DrXym

            Public key crypto

            "So you're saying that they would rather ship the kernel with a cryptographic key in the firmware and then rely on no-one ever managing to acquire it by, for example, subverting the supplied software or more involved hardware hacks."

            Public key crypto doesn't work like that. You create a keypair e.g. A and A' which are mathematically related but from which it is difficult to derive A from A' or vice versa. You sign the binary with A and put A' into the firmware updater that verifies that the firmware is correct and valid before flashing it.

            "There's a long history of products where such manufacturer measures have failed - it's like the Sheriff of Nottingham asking Robin Hood to look after his treasure chest while he goes on holiday, secure in the knowledge that the padlock is the best in the land."

            Of course there is a history of failed products. That doesn't mean that all products have failed to protect themselves, or shouldn't take all appropriate measures to safeguard their integrity.

            I've worked on set top boxes and from memory, these are some of the safeguards that got used:

            1. Multi stage bootloaders. Stage 1 is baked into a ROM and validates second stage bootloader / firmware.

            2. Signed firmware, to prevent tampering. Box won't flash firmware which is unsigned.

            3. No serial port on board - pins are snipped or there is no circuit at all.

            4. Strong root password, a long e.g, 30+ chars random password. So even if someone got access to the serial there is no login.

            5. Port knocking. In the case of emergency you might need ssh access to a box so you protect it with a port knocker so ssh only comes up with the right sequence of port knocks.

            6. ssh only accessible by blessed public / private key pair, not the same one used to sign the ROM. No key, no login.

            7. /tmpfs runs from a RAM disk

            8. All flash is encrypted at the hardware level

            9. All flash partitions are read only

            10. Flash cannot be partitioned without root access

            11. No critical data of any kind is stored on USB, HDD etc.

            12. Chipset stores IP tokens (that enable h264, VC1, dolby etc.) in special non volatile flash memory

            13. Hardware assisted crypto for streaming content.

            14. No listening ports of any kind if the device, or if they exist they only accept cryptographically signed commands.

            15. Unique hardware identifiers and keys per box using during encryption so streaming data is not vulnerable to a class break.

            16. Two way encryption on all streaming content, i.e. box would seek authorisation and obtain a key to decrypt content. If box was compromised, then it wouldn't be getting its key.

            So hardware and software security all over the place. It doesn't preclude the possibility of bugs of course, or of some malicious employee revealing a key. But generally the purpose is to make it extremely hard and fruitless to hack the device.

            Where does GPLv3 fit in all this? It doesn't. It would never get used or it would be worked around in some other way.

            1. Anonymous Coward
              Anonymous Coward

              Re: Public key crypto

              ""So you're saying that they would rather ship the kernel with a cryptographic key in the firmware and then rely on no-one ever managing to acquire it by, for example, subverting the supplied software or more involved hardware hacks."

              Public key crypto doesn't work like that. You create a keypair e.g. A and A' which are mathematically related but from which it is difficult to derive A from A' or vice versa. You sign the binary with A and put A' into the firmware updater that verifies that the firmware is correct and valid before flashing it."

              I wasn't talking about the signing keys; I was referring to accessing the content keys. If you have to distribute the keys to access the content, you have given Robin Hood the treasure.

              "Where does GPLv3 fit in all this? It doesn't. It would never get used or it would be worked around in some other way."

              The GPLv3 is all about not only having the theoretical right to actually deploy modified forms of the software, but actually being able to do so. I seriously doubt that if manufacturers let users enjoy this right then they have no recourse and no control over the interoperability of the hardware. Really, most of the complaints about this are to do with the easiest option being taken away.

              1. DrXym

                Won't happen

                "I wasn't talking about the signing keys; I was referring to accessing the content keys. If you have to distribute the keys to access the content, you have given Robin Hood the treasure."

                The only keys that get distributed are the ones used by the box to descramble content. And believe me, they're not just left laying around for people to rip off. There is a keystore that hold the keys and the store is encrypted / decrypted through the hardware and a second layer of encryption which is unique to each box. Not saying someone couldn't apply super human effort to break this stuff, possibly even find an exploit but the point is it is made extremely hard to obtain the keys. All the stuff about locking down the firmware, ports, filesystem is to prevent any foothold on which to launch an attack. It's mandated by the crypto providers and mandated by the cable providers.

                "The GPLv3 is all about not only having the theoretical right to actually deploy modified forms of the software, but actually being able to do so. I seriously doubt that if manufacturers let users enjoy this right then they have no recourse and no control over the interoperability of the hardware. Really, most of the complaints about this are to do with the easiest option being taken away."

                Most set top boxes aside from common media players have to deal with premium content. They simply cannot contractually or legally let someone come along and hack the box. A cable provider (for example) signs a contract which says they will take a long list of measures to stop content being broadcast or stored in an unscrambled way. They have to do it. It's simply not an option on the table to let people have at the box. In many cases the box doesn't even belong to the person in the first place - it's either rented or is provided by the service provider.

                So GPLv3 is a non starter. It would never, ever be used unless some way was found to defang the DRM clause, e.g. 2 stage bootloader. But it won't come to that because the kernel devs and other embedded tool devs have made it quite clear they're sticking with GPLv2.

                1. Anonymous Coward
                  Pint

                  Re: Won't happen

                  "In many cases the box doesn't even belong to the person in the first place - it's either rented or is provided by the service provider."

                  Although this is the case in various contracts, the way this has been expanded to include devices actually purchased by the user ("you're only borrowing the device really") is shameful. That GPLv3 tackles this head on is in no way a mark against it. Of course various manufacturers and cartels don't want users to play with stuff they have in their possession - frequently, stuff they have actually paid for - but I'm happy that there are people out there who aren't satisfied with the status quo.

                  Thanks for the insight into the STB business, though.

      2. LaeMing
        Thumb Up

        @A J Stiles

        Yes, there is a very simple way for companies to avoid having to release their source code: Put in the time and money to develop the stuff themselves from the ground-up and not try to parasite of the work of others.

        The GPL, in all its forms, is simply an attempt at an anti-parasite measure in the realm of IP. As you said, anyone who dislikes the general concep is simply someone aspires to parasiteism on the work of others.

  4. Neil Brown

    "new GPL licence"

    A bit like a new PIN number, or an updated ATM machine?

  5. ratfox
    Flame

    H6242 - kill the lawyers

    A plague on those who force us to pay attention to this drivel.

  6. Lars Silver badge
    Linux

    I agree

    "IT World reckons the FSF shouldn't be using fear of a non-existent threat to promote its new licence"

    I agree with that statement, I suppose it's the word "fear" that is disgusting.

    But moving from v2 to v3 is not that easy. And even if something i gained something might also be lost.

    Moving Linux to v3 is a rather unnecessary adventure as far as I have understod.

    But then again this is the USA where litigation has become the last resort for staying alive when everything else has been outsourced including the money..

  7. DrXym

    Won't make any difference

    If a Chinese no-name OEM is not honouring the terms of the GPL at the moment, what damned difference would it make if it were a more recent GPL? None at all. It's pointless to even suggest an upgrade would do anything. I'd note also that Android's user land is BSD so this is only a kernel issue.

    A more pragmatic stance by the FSF would be to promote a rival smartphone OS rather than sniping at one which they don't like. I'm sure MeeGo could do with the support. It doesn't seem far fetched to imagine ROM images that installed MeeGo on former Android. handsets. Think of CyanogenMod but with MeeGo. Who knows, perhaps this might spur a handset maker to actually ship devices with the OS on it for real.

    That or the FSF can keep griping.

    1. Anonymous Coward
      Devil

      Promoting a rival smartphone OS

      for the sake of Free Software zealotry would be a bad thing. I don't care if, for example, my wireless card's firmware is non-free- I'd rather have that than functionality being deliberately removed or replaced with something half-baked. The source code should be released as required by the licence, but I also consider it important to have the freedom to use something non-free.

      1. DrXym

        I'm not saying just promotion

        I'm saying they should throw their weight behind an alternative. Devote resources, publicize and pragmatically strive to produce a viable smart phone OS alternative to Android in the shortest time posssible. Something that people can run on their phone and perhaps see the merit in using. The problem is the FSF is too fond of whining, politiking and not doing anything to substantiate their position. It's precisely the reason why the world is running Linux, not Hurd at the moment.

  8. Anonymous Coward
    Anonymous Coward

    One problem with GPL3,,,

    ,,,was that BACK WHEN IT WAS NEW (Hint hint article writer) Linus mis-interpreted part of it (The "Tivo" clause IIRC) and thought it meant he had to give up all private encryption keys used during development of the kernel.

    Of course, being Linus, he didn't sugar-coat the language he used when commenting on this flawed understanding.

    Therefore, a large number of idiots took his word as gospel and immediately declared that the GPL3 was the "Jumping the shark moment" and that GPL2 was fine and dandy and they didn't need no stinking new one.

    He managed to poison the GPL3's reputation at the very beginning.

    1. Vic

      Re: One problem with GPL3

      > BACK WHEN IT WAS NEW (Hint hint article writer)

      I'm glad I'm not the only one that noticed that.

      GPLv3 is dated 29th June 2007. It's over 4 years old. Describing it as a "New GPL licence" in the article title really does speak volumes about the amount of research that went into said article.

      Perhaps it was an honest mistake.

      Vic.

    2. DrXym

      I think the GPLv3 managed that all by itself

      Here is a reasonable summary that shows it is not just Linus who has a problem with it but almost all primary kernel developers.

      http://news.cnet.com/Top-Linux-programmers-pan-GPL-3/2100-7344_3-6119372.html

      It's no wonder he was against it when it would have such a far reaching and disruptive impact on the kernel and its uses. GPLv3 was the poison, not his words.

      1. Anonymous Coward
        Anonymous Coward

        Good points

        in that linked article, but they came after his initial (I mean very initial)... outspoken derision.

        The GPL3 may not have helped itself after and he may have come up with some arguable points afterwards (I don't agree with them all) but I remember reading the incorrect outburst on slashdot and the flame-war it inspired VERY soon after the GPL3's unveiling.

        1. DrXym

          You think they're sheep?

          Perhaps you haven't read the kernel archives. One thing you would know if you had that arguments and differences of opinion break out all the time and no one is afraid to shout out. Even Alan Cox who is extremely outspoken and adamantly anti software patents was against the DRM stuff.

          If 28 out of 29 lead devs are negative about GPLv3, one is neutral and none are positive, then it should tell you precisely what they think. They simply don't want the rules under which the kernel is developed under to change. If that means some boxes are locked down or Linux ends up in missile guidance systems or some other morally objectionable thing then so be it.

  9. This post has been deleted by its author

    1. Anonymous Coward
      Mushroom

      Re: Does this help VLC?

      "Will this save VLC on iOS from being blocked by some douchebag of a Nokia employee with a vested interest?"

      Not getting your shiny? If someone releases code under a particular licence and then finds someone else violating the licence, what do you expect them to do?

      Pay for some proprietary video player for your proprietary phone environment and suck it up. You chose which horse to ride.

  10. Turtle

    Seems absurd. . .

    "Linux developers are generally a benign bunch, unlikely to start raising capital to fund what would be a lengthy legal case,. . ."

    Didn't Bruce Parens attempt to sell or license his rights to Busybox - even though at that point, he didn't actually have any such rights? ( I am sure that someone here knows the story better than I do.)

    Also, it only takes ONE developer to agree to let a lawyer take the case on a contingency basis.

    Furthermore, I do not see how, legally speaking, moving to GPL v3 can possibly restore any licenses that were lost as result of violations of v2. Now of course I am not a lawyer but it simply seems absurd.

  11. Anonymous Coward
    Anonymous Coward

    Fear?

    Then why not release the affected code, dumbass?

  12. Flocke Kroes Silver badge

    Plenty of V3 about

    Free software developers have sued manufacturers for failing to comply with the GPL. Do a quick web search for busybox and you will find plenty. Most GPL violations are settled out of court. A typical sequence is a developer writes to a manufacturer explaining what they are not doing, but should be. After some time for thought the manufacturer apologises, takes steps not to repeat their mistake and the developer re-instates the license.

    GPL version 2 has weak areas: Tivozsation is when a manufacturer releases modified source code, but that code is useless because the boot loader will only load software signed by the manufacturer. Googlization is when a company makes GPL software available as a service but does not distribute it - and so is not required to distribute source code according to GPL version 2.

    If googlization bothers you, take a look at the Affero General Public License. Tivoization is countered by GPL V3. GPL V3 also has better compatibility with other open licenses and is also more explicit about trying to defeat the GPL via limited agreements not to sue over patents (like the Novell/Microsoft deal). The cost of these benefits is that GPL V3 is considerably bigger and more complicated.

    There are plenty of new projects that use GPL V3. There are plenty of older projects that have always been licensed as "GPL V2 or any later version" which are easy to move to "GPL V3 or later" if the developers so choose.

    He who writes the code gets to choose the license. For some strange reason developers are choosing GPL (whatever version) no matter how much Microsoft and Florian Müller rant about it.

    1. DrXym

      Tivoization will continue

      Because the kernel will not and cannot change to GPLv3. For user land programs it probably doesn't make the slightest bit of difference whether they use it or not. The simple answer for Tivoization is don't buy a protected box if you expect to be able to hack it.

  13. Andrew Stubbs

    Redistributing GPL v2 under GPL v3

    I quote from http://www.gnu.org/licenses/old-licenses/gpl-2.0.html

    "This program is free software; you can redistribute it and/or

    modify it under the terms of the GNU General Public License

    as published by the Free Software Foundation; either version 2

    of the License, or (at your option) any later version."

    Er, doesn't this mean anybody can redistribute any piece of GPL v2-distributed software under the v3 licence if they so desire? I think that was the intention. In which case, no need to contact all the authors at all.

    But this is a non-story isn't it?

    1. Anonymous Coward
      Boffin

      Re: Redistributing GPL v2 under GPL v3

      "Er, doesn't this mean anybody can redistribute any piece of GPL v2-distributed software under the v3 licence if they so desire?"

      You've quoted the licensing boilerplate, but there is some software out there where they state an explicit version and drop the "any later version" part. Actually, such software usually doesn't carry the boilerplate in every file, as is the recommended practice, but the authors of such software often state the explicit version somewhere in the documentation.

      Of course, just as someone else remarked about Linus, his misunderstanding and his subsequent tantrum, this has prompted a few people to have a "wet cement" moment (as in "this building would look so much better with my finishing touch") where they think that overriding the "any later version" thing allows them to precisely control their intent, when frequently such people neither understand the licence in its entirety nor comprehend the need for refinements to be made in the licence (for example, to stop people trying to work around various aspects of it).

      As for the "non-story" aspect. The GPLv3 enhancement is supposed to reduce the danger of confrontation over a suspected licensing violation and to offer an obvious path to compliance without people getting lawyers deeply involved straight away. I don't see that being a bad thing.

    2. vagabondo
      Linux

      @Andrew Stubbs

      You are mistaken. There is no "or later" clause in the Linux license. These are the first lines of the COPYING file dtstributed in the source tarball:

      __________________________________________________________

      NOTE! This copyright does *not* cover user programs that use kernel

      services by normal system calls - this is merely considered normal use

      of the kernel, and does *not* fall under the heading of "derived work".

      Also note that the GPL below is copyrighted by the Free Software

      Foundation, but the instance of code that it refers to (the Linux

      kernel) is copyrighted by me and others who actually wrote it.

      Also note that the only valid version of the GPL as far as the kernel

      is concerned is _this_ particular version of the license (ie v2, not

      v2.2 or v3.x or whatever), unless explicitly otherwise stated.

      Linus Torvalds

    3. Paul Shirley

      did you read the actual Linux license?

      You do know Linux uses a modified license without the 'any later version' language? Which combined with distributed copyright ownership makes it practically impossible to switch to gpl3 even if they wanted to (most of them don't).

    4. This post has been deleted by its author

  14. Anonymous Coward
    Megaphone

    You can all moan against GPL as much as you like

    however, you all must admit the GPL is the only reason we're still talking/bitching about Linux here instead of let's say BSD. Please tell why do you think Google and others did not pick the BSD license it if' GPL is that toxic, and also why Microsoft can't even spell GPL without having a seizure.

    Apple built an empire on top of a mountain of cash using BSD but they didn't even bother to send a thank you card to the BSD community. I wonder how those developers feel seeing their work being heavily monetized while they receive not even the slightest appreciation. Well, GPL was designed specifically to prevent this state of affair. Trouble is that everybody and his dog was upset about this and they all started poking to find holes in the protection GPL was meant to offer. So they came up with legal and moral issues calling it un-American, cancer, monopolistic behavior, unconstitutional and so on, and moving to clever workarounds like TiVo, organized copyright infringement and patent threats.

    FSF corrected most of these weaknesses in GPL v3 while working hard to preserve the license appeal to businesses (which by the way, we know they have no incentive to be honest). Please keep in mind that FSF main goal is making sure the fundamental rights are being preserved both for developers and end-users (speaking of this, I'd really love to see another organization having the same goals).

    As for FSF position, I don't consider it FUD. They are mainly talking to actual our would be copyright infringers and there is no threat, uncertainty or doubt in their discourse.

    Final word for all of you you that are against GPL: Don't like it ? Don't use it! Feel free to use any other license that suits you, or even better, come up with your own license.

    1. Vic

      Re: You can all moan against GPL as much as you like

      > I wonder how those developers feel seeing their work being heavily monetized

      > while they receive not even the slightest appreciation.

      The ones I've spoken to seem to be fine with that.

      If it were me, I'd be massively offended - but that's why I use the GPL wherever I can.

      Vic.

    2. Tom 38
      Stop

      @AC

      """

      Apple built an empire on top of a mountain of cash using BSD but they didn't even bother to send a thank you card to the BSD community. I wonder how those developers feel seeing their work being heavily monetized while they receive not even the slightest appreciation. Well, GPL was designed specifically to prevent this state of affair.

      """

      This is utter tosh. I'm involved with FreeBSD, and I can tell you that Apple contribute a shitload back to BSD. They fund developers, they fund projects, they contribute code back to the project, they produce BSD licensed software and toolchains that are helping to remove our dependence on GPL software.

      I particularly like the final line - GPL is going to save all us BSD developers? No thanks, we'll continue using the 2 clause BSD license, you can keep your toxic GPL. The BSD license does exactly what it is supposed to do, and allows for reuse of code, and we're real happy for Apple, Juniper, Citrix, Ironport, Sophos, Panasonic, Sophos, Netasq, Isilon at al to reuse our code.

      The GPL puts such a restriction on developers. Take a company like Juniper Networks, who spend a shed load of money developing Junos, which is based on FreeBSD. Junos is completely closed source, which stops competitors using Juniper's code to build their own products.

      This is precisely the situation the FSF wants to avoid, that Linux could become the base of a closed source OS. They argue that this would be disastrous, and the company would not push fixes back to the tree unless compelled.

      Well, that's not what happens. Certain things clearly are not contributed back, such as Juniper's custom routing stacks, but lots of other things are. They spend a lot of time and money testing things that the project cannot, and contribute lots back. In general, the companies that use FreeBSD like this (and there are lots) only benefit FreeBSD.

      A GPL zealot will never see it that way though. To their eyes, Apple and Juniper are just leeches. A typical BSD user just sees it as code reuse, which is the most important thing - consider where we would be if every commercial OS had not reused the Berkeley sockets API (probably not discussing this).

      1. Anonymous Coward
        Go

        Re: @AC

        "This is utter tosh. I'm involved with FreeBSD, and I can tell you that Apple contribute a shitload back to BSD. They fund developers, they fund projects, they contribute code back to the project, they produce BSD licensed software and toolchains that are helping to remove our dependence on GPL software."

        I wonder why that is.

        "The GPL puts such a restriction on developers."

        It obliges developers to offer the same rights to others that they enjoy themselves. The result is, as designed, that everyone involved contributes to a body of work that anyone can improve.

        "A GPL zealot will never see it that way though. To their eyes, Apple and Juniper are just leeches."

        Well, it's not so much about whether Apple give anything back as whether the original authors of a work, companies like Apple (albeit not really Apple because they don't like the GPL for some reason), and whoever ends up using the software all get to enjoy the same privileges on an evolving and continuously improving work they more or less share or have an interest in.

        Of course, slinging terms like "zealot" around is a lot of fun, but there are some (yes, even the GPLv2-only brigade) who feel that establishing a common work where the majority of improvements are shared by default is better (or more sustainable, or more rewarding, or more the kind of thing they want to participate in) than having their code out there in some popular product where the vendor may or may not nurture further upstream development and where the end-user has to sit on their hands and be a mere spectator.

        Excuse those of us that favour copyleft licences for pointing this out, but the zealotry seems to be more evident in the frequently aggressive statements made by permissive licensing advocates who always seem aggrieved that people dared to write Free Software and not give them the opportunity to use it as if they wrote it themselves.

        1. Tom 38

          Re: Re: @AC

          The original AC - maybe you are the same person - implied that GPL3 was designed to save BSD from being code-raped by Apple. They missed a couple of pertinent points:

          1) The reason we work on *BSD is to not restrict the users of our code, regardless of how they want to use it

          2) Changes to GPL aren't going to affect how *BSD projects are run or how we manage our code - we aren't going to change to a non permissive license.

          "

          Excuse those of us that favour copyleft licences for pointing this out, but the zealotry seems to be more evident in the frequently aggressive statements made by permissive licensing advocates who always seem aggrieved that people dared to write Free Software and not give them the opportunity to use it as if they wrote it themselves.

          "

          I'm mostly aggrieved that people associate open source with GPL and believe that companies reusing BSD works are somehow being naughty or evil. We want re-use, we want everyone to use our code, from individuals to companies who might want to build upon it. Code isn't really open unless you can re-use it.

          It's true, lots of us are here because we have extreme dislikes of GPL/FSF. My favourite quote is this from a BSD licensed library's about page (not me!):

          memcache(3) is as Open Source as it gets and can be embedded in anything (commercial software, open source, etc). May the GPL and its users rot in hell for their stupidity.

          You don't become ubiquitous with a copyleft license, you do with a permissive license. Look at the license choices for cross platform standard libraries:

          libpng: permissive

          zlib: permissive

          libjpeg: permissive

          openssl: permissive

          They are permissive because they are standards, and they are standards because they are permissive.

          1. Anonymous Coward
            Anonymous Coward

            Re: (untitled)

            "I'm mostly aggrieved that people associate open source with GPL and believe that companies reusing BSD works are somehow being naughty or evil."

            Well, companies doing that are just exercising the rights given to them, just like people extending permissively licensed works and releasing the derived work under a copyleft licence, but some people get more upset about that than anything else. (Hint: people shouldn't extend permissions to people when they don't really mean it.)

            "We want re-use, we want everyone to use our code, from individuals to companies who might want to build upon it. Code isn't really open unless you can re-use it."

            That's true, but the ideological difference is in what people can do with the result and the notion of who the "user" is. I've seen permissive licence advocates state that copyleft is not "true freedom" or some highly subjective nonsense, when the notion of freedom common to (and upheld by) most democracies is precisely the kind of "regulated freedom" that copyleft licences enforce in their own way: the right to do something with a work is distributed to a wider audience that includes outsiders to the original and subsequent development.

            "You don't become ubiquitous with a copyleft license, you do with a permissive license."

            Quibbling aside about how ubiquitous something might be, even the FSF advocate permissive licences for certain classes of project. And yet people have the nerve to go on about a lack of pragmatism in the FSF camp.

  15. Fred Goldstein
    FAIL

    Hardly unbiased sources

    Quoting Naughton and Mueller on the GPL is a bit ridiculous, like quoting Benyamin Netanyahu about Ramadan, or Rick Perry on the scientific method.

    1. Vic

      Re: Hardly unbiased sources

      > Quoting Naughton and Mueller on the GPL is a bit ridiculous

      I've run out of upvotes for you...

      Vic.

  16. Paul Shirley

    how does that make GPL3 better than 2?

    I'm at a loss to understand why a licence that let's users violate it knowing they can unilaterally restore their own rights after delay waiting on enforcement, is better than one that takes time to kick off enforcement then leaves offenders up shit creek if they persist. Usually with a lot of grovelling, paying costs and signing binding undertakings to not offend again.

    So why is GPL3 supposed to be better from the licensors viewpoint? Seems superficially like a licence to take the piss with few enforcement teeth. A licence easy to duck against one with bite.

    The FSF really have lost what little grasp of the plot they still retained, pushing a poison pill licence with no obvious advantages beyond that patent poison pill. Which doesn't look like an advantage to many corporations.

    Even if their story was more than FUD, the GPL3 is widely seen as too toxic for corporate use. As pointed out days ago when this was first reported on, if Linux was GPL3 Android would not be using Linux. That's one self destructive way to prevent license violation.

    1. Anonymous Coward
      Facepalm

      Re: how does that make GPL3 better than 2?

      "Even if their story was more than FUD, the GPL3 is widely seen as too toxic for corporate use."

      I bet there's quite a bit of GPLv3 stuff in actual corporate use. But then again, the goal of the FSF isn't about making software just right for corporate use (or, to more accurately communicate your intent behind the term, corporate exploitation) - it's about upholding the famous four freedoms for the users - so why should they care?

    2. LaeMing
      Megaphone

      Probably because the FSF

      is more interested in users'/developers' rights than petty revenge. If the violator starts complying, then the FSF's concerns are met and being vindictive becomes just childish.

    3. Vic

      Re: how does that make GPL3 better than 2?

      > a licence that let's users violate it knowing they can unilaterally restore their own rights

      They can't. Section 8 allows violators who have put right their transgressions to have their rights reinstated only *provisionally*.

      The copyright holder gets a say here; he can choose to terminate the violator's rights even if the transgression is fixed, up to 60 days after the violation has been put right.

      Vic.

  17. Lars Silver badge
    Linux

    So many missunderstandings

    So many misunderstandings about the GPL, part of that is mere FUD and part pure lack of knowledge.

    A very typical thing is this about having to reveal all the wonderful software one has created.

    If you want all that wonderful software to be included into the Linux kernel (for the world) then that is the way it works. That is called to work in kernel space. (your chance of getting it into the Linux kernel is not too good, though ).

    If you, on the other hand, want to keep that wonderful software for your self then you do it in user space. Simple as that.

    Lots and lots of companies using Linux put their wonderful secret software in the user space. No GPL problem, and most of that software does not belong in kernel space anyway.

    1. Anonymous Coward
      Trollface

      Actually...

      If Linux had been designed *properly*, then pretty much everything would be in userspace *anyway*...

      1. A J Stiles
        FAIL

        No it wouldn't

        Freax (as it was first known) was intended as a proof-of-concept that microkernels, despite being tremendously fashionable with people who get hard-ons for abstraction and structure but break into a cold sweat at the thought of actual hardware even existing, were less efficient than monolithic kernels.

        In case it needs explaining again: You put fences where as little as possible has to go through them, not just where they look pretty.

        Device drivers need to be located entirely in kernel space, so that nothing in user space can compromise the sanity-checking they have to do for the sake of your hardware. As a bonus, you can do your sanity-checking on the "idealised" side of the driver where it's the same for all devices, aot the "real" side where it's different for each device.

        1. Anonymous Coward
          Boffin

          Hmmmm....

          Have you heard of MINIX 3?

  18. Robin Szemeti
    FAIL

    more FUD from the FSF

    The pile-of-poo that is the GPLV3 did not take off. Almost no one went for it, except for a few zealots, and the rest of the world has been quite happy with the tried-and-trusted GPLV2 ever since.

    This seems to have stuck in the throat of the FSF who just can't accept peoples free choice that the GPLV3 sucks and they would rther keep using the old one.

    For an orgniisation that promotes freedom, this seems to be a very odd standpoint.

    There are a LOT of things I dont like about the V3 of the GPL and find the FUD spread around by the FSF about how "dangerous" V2 is to be somewhat offensive .. V3 has been around for a good while now, no one likes it .. end of story.

    If Mr Stallman and his mates would just accept that the entire world does not have to conform to their exceedingly narrow view of freedom, it would be a good start.

  19. Tufty Squirrel

    Florian Meuller

    ...couldn't find his hindquarters with both hands and a flashlight.

  20. heyrick Silver badge
    Stop

    EUPL...

    I release stuff under the EUPL, for the reason that GPL 2 is fairly free but carries the notorious "infection" risk, however the later GPL 3 is legal gibberish that is MUCH more restricted, so much so that it isn't recognised as a compatible licence with the EUPL. Somewhere along the way, GPL has lost its vision, and its way...

    1. vagabondo
      Meh

      re EUPL

      The EUPL is fine for the user, or if you are distributing non-derivative work or you are a government. However the legal warranty requirement is onerous for distributors and developers who use imported libraries, and makes large collaborative projects such as Linux infeasible.

      1. p-e.schmitz

        EUPL

        EUPL warranty requirements are quite limited: if you contribute to the covered code, you have to guarantee that your contribution is written by you (you have copyright on it) or that it was licensed to you (for example, you are recipient of this code covered by the BSD license). This warranty is limited to copyright (you do not have to guarantee patents or other IPR). It is the minimal guarantee that any contributor agreement should impose: for example, if one of your contributors copies proprietary code in a collaborative project, this may compromise the whole project. Therefore I do not understand why you feel that such warranty requirement makes large collaborative projects unfeasible. At the contrary. Or do I miss something?

    2. Vic

      Re: EUPL

      > GPL 2 is fairly free but carries the notorious "infection" risk

      However, a reading of the licence, rather than the FUD that typically permeates such discussion, would show that that risk exists in notoriety, not in reality...

      Vic.

      1. heyrick Silver badge
        Mushroom

        @ Vic

        I am not a lawyer, however I quote GPL v2 section 2.b:

        b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License.

        My interpretation of this is that if I have a program written under <x> licence, and I use *one* *single* *function* from GPL code, the GPL licence requires itself be applied to my program as a whole. But it is worse. I don't even need to use GPL source, just linking with a GPL module (unless licenced LGPL) would imply the same. Perhaps there are clever ways to circumvent this, or to rely on what some specific jurisdiction considers a "work" to be defined as. For me, as far as I'm concerned, I eschew GPL code. It might be worth reading the EUPL and observing the difference between "intended to be free" and "hyped to make you think it is free".

        Big-Explosion icon because I'm daring to question the sainted GPL. ;-)

    3. p-e.schmitz

      EUPL

      EUPL is targeted to protect covered code (by copyleft provisions) while being compatible with other copyleft licenses (including the Gnu GPLv2 and even - quite indirectly and when needed - the GPL v3). Details are provided in the EUPL compatibility matrix published on OSOR.eu: http://www.osor.eu/eupl/matrix-of-eupl-compatible-licenses

  21. flibbertigibbet

    GPLv3 - a curates egg

    Yes the anti patent clauses and all sorts of other things the FSF is noisily pointing to are very nice. In those areas the GPL V3 is much better than GPL V2.

    But they neglect to mention it is incompatible with one aspect of modern platforms - the App Store. You can't bring a piece of GPL V3 code near the Android or iOS app stores, even if you had a "press this button to download the source" on them. Without an app store controlling what can and can not run on the phone, the reality is many carriers simply won't allow those phones on their network. Unlike what the clause is aimed at, TiVo, this isn't driven by some attempt to control the customer, it is to shield them from malware. It is the classic case of good intentions causing huge amounts of collateral damage.

    There are other licenses out there that as good as the GPL V3 on the patent front, but don't have that problematic anti tivo'ation clause in them. The Eclipse Public License is one. Unfortunately it isn't compatible with the GPL, so the world remains full of compromises.

    In the mean time, the FSF saying the GPL V3 is a saviour of modern software eco-systems like Android is a lie. It is not a saviour. It is fundamentally incompatible with them. If you want to release free software that can be used by your average person on them, you must NOT use the GPL V3.

    1. mangobrain
      FAIL

      Whoosh

      Walled garden application stores are exactly the kind of thing the "anti-tivoisation" clause is aimed at. If I create a program or library and release it as open-source software, I may not wish it to end up in use on devices which don't permit end users of those devices - myself included - to modify the in-use version. Accordingly, I may release it under the GPLv3. If you don't like that, don't use my software.

      The GPLv3 is incompatible with the App Store because the App Store is a closed system. Many would argue this is a failing of the App Store, not the GPLv3.

    2. Anonymous Coward
      Anonymous Coward

      What?

      "Without an app store controlling what can and can not run on the phone"

      Have you ever actually _used_ Android? Yes there's a market, but there's also an option to install from any source, the Market does not control what can and can not run on the phone. Can't recall any telcos complaining about it either!

      But then, I've just spotted your name, and we know what a flibbertigibbet does so perhaps I've just had a sense of humour failure! If so, I commend you for trolling under a name with such an appropriate definition!

  22. Tom 7

    Saviour?

    Like Androids like really struggling man?

    I should have jumped thread at the first mention of Mueller in his jam ridden corner.

This topic is closed for new posts.

Other stories you might like