My biggest problem with the GPL (any variant) is that I don't believe that any organization that exists today (including the SF Conservancy and the Linux Foundation) is capable of enforcing it to the degree desired by the software freedom die-hards. I say this as a software freedom die-hard myself.
In theory, you can cook up any license terms you want, but in practice, you need money and resources and the will fight in court if you actually want to enforce it. If you can't or won't enforce it, your silly terms may as well not exist.
Unfortunately, the nature of how proprietary software is distributed makes discovery of a violation inordinately difficult, and even when you do discover a violation, challenges are rare, and victories in court even moreso.
I don't see the point of debating the minutia of what you think the GPLv2 requires in one very specific instance, when there are probably 2-5 orders of magnitude more violators than anybody's best estimate.
Who cares what you think the letter of the license requires when it takes you ten years to get one company to make a passive-aggressive change to a now obsolete product, when thousands of violators don't even follow the spirit of the license?
This feels like such a wasted effort. Get your priorities in order.
Commercial users still take copyright issues pretty seriously because of the remedies available to copyright holders under title 17.
Even if an author doesn't register the copyright until they want to begin the suit (you lose statutory damages and attorneys fees this way), they can get an injunction against further distribution and disgorgement of profits from the infringing work, so if you get caught, your product is dead and has made (you) no money. This is also why the FSF/SFLC has like a 100% success rate when it comes to extracting highly favorable settlements.
Without a doubt people still infringe, but it's not a complete free for all.
The bigger problem is that outside of the FSF and Conservancy, large amounts of the Linux developer community and several ostensibly Free Software companies/organisations do not want the GPL to be enforced at all.
> I don't believe that any organization ... is capable of enforcing
Big companies are very capable, and often happy, to sue each other for reasons including breach of patent, copyright, trademark and much more. This includes GPL breaches.
The point of GPL is to build an ecosystem and create "herd immunity" against bad actors.
Protecting the rights of a lone developer VS a large corporation can be expensive and difficult - not because of the GPL - but because of how the legal system works in most parts of the world.
But that is besides the point.
What matters is building an ecosystem where 99% of the important entities do not systematically violate the license, and this is already happening.
A minority of rich companies with lawyers to spare violate the GPL on some occasions without consequences. A fact you want to quantify by just making up a number and your conclusion is that based on your guess its not working and we ought to do what exactly? Reduce the barrier to nothing based on you not feeling actual enforcement would be too expensive or hard to obtain? You didn't really say.
To be fair, if you listen to Eben Moglen and some of the other big minds behind gpl(v3), it becomes readily apparent they have been working to build up strong methods to deal with this very problem by using a delaying tactic.
I think they might be onto something.
Regardless, Eben is such a mind you owe it to yourself to listen to some of his talks.
The original Tivo land-line modem would die, making it impossible to dial out to get guide data.
Interesting though there was a card edge connector on the mother board. Some enterprising person made an adapter that allowed an ISA ethernet card to be plugged in, and then the Tivo would use the network instead of the modem.
Further Tivo not only allowed this, but tacitly encouraged it by including the network driver needed to make this happen on tivo firmware upgrades.
I'm surprised to see that installation is a requirement of the GPLv2. Does this mean that Android phones with bootloaders that can't be unlocked violate the GPL?
Yes, but given that most of the copyright owners of Linux do not believe GPLv2 to have such a requirement (and explicitly abhor the idea that v3 adds one, even though it didn't add it) I doubt anyone with standing is interested in enforcing said requirement.
According to the article, the main difference between GPLv2 and GPLv3 is that having the Secure Boot unlocking process wipe the disk, and therefore destroy the proprietary software installation is kosher under the GPLv2, while v3 requires the proprietary software needs to continue working.
I would argue v2 is even better, because it forces unlocked phones to use alternatives to Android (that is, the proprietary Google Servics), like Lineage, while avoiding turning billions of phones into bricks.
For those not interested in reading this long arguement the actual license simply says you must release the source code to your application
"Complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable."
This is relatively routine.
The major new claim here is that releasing source code requires folks to unlock secure boot / root of trust / DRM type implementation on HARDWARE they sell. So release a complete work no longer (as plain language would read) means releasing the source code - but now ALSO requires that developers add various features to HARDWARE to bypass root of trust security measures which may include things around power limits or management on equipment or for things like phones sold on installment plans with a vendor lock would let folks pick up the phone on plan, root it to avoid vendor lock and then stop paying on phone.
> phones sold on installment plans with a vendor lock would let folks pick up the phone on plan, root it to avoid vendor lock and then stop paying on phone.
To be fair, the fact that they signed a contract saying they would pay for the phone is what's supposed to be what keeps them paying for the phone. There's already laws around paying for things you buy, so the whole "well, people wouldn't pay for their phones" argument is completely invalid.
> phones sold on installment plans with a vendor lock would let folks pick up the phone on plan, root it to avoid vendor lock and then stop paying on phone.
You realize that bootloader unlocking and carrier unlocking are totally separate, orthogonal things, right?
Per the article and its citation of decade+ old precedent, that is not a new claim. Whether these requirements of the license are reasonable or not is irrelevant. If OEM's don't like the license terms then they can buy/build something else.
"scripts used to control compilation and installation of the executable"
If the installer source code is missing the bit that enables installation of the GPL binaries on your device, then I guess it's not in compliance. The fact that the scope of these codes also include device keys seems somewhat irrelevant.
> or for things like phones sold on installment plans with a vendor lock would let folks pick up the phone on plan, root it to avoid vendor lock and then stop paying on phone
The solution is simple: develop your own OS, make it bulletproof, then do whatever you want. Nobody will ask to open source code of Symbian device, because it's not a GPL'ed OS.
Apple has explicitly chosen to stay away from anything GPLv3. It's the reason Bash and other tools bundled with macOS are so old (they're the last version that were still GPLv2), and why they chose to switch to Zsh as a default.
That's shot them in the foot many times over the years. Especially when they tried to replace Samba with their own SMB implementation in I believe 10.7 Lion?
Aside from that stuff it is hard to use Mac seriously as a unix anymore after they started wiping out /etc/ changes every update (with insecure ssh defaults like password authentication).
> As I was completing drafting on this article, the Linux Foundation sent me a rejection letter for my talk about this issue at their annual Open Source Summit (taking place this September 2021), and simultaneously announced McCoy will speak on this matter instead. I invite McCoy to not take the easy way out of presenting his work unquestioned to a friendly audience. I would be glad to come to the Open Source Summit in September and debate McCoy publicly on this issue during this session. I believe the audience would benefit from hearing more than just the anti-software-repair view of this issue.
Bash and readline are both gpl-3. In theory, in some cases, you can force the company to give you the option to replace them with your version. Cleaning up gpl-3 is not fun.
Just by reading the first paragraph I can see how unbiased this article will be.
The gplv3 has been an utter failure. Trying to rewrite history so the gplv2 works like the gplv3 is pathetic and will be the last nail in the coffin of the GPL.
God - the GPLv3 folks basically totally lost the debate on tivoisation - and now are trying to retrofit this war into GPLv2.
Are they serious??
Many OSS developers always want to get a copy of the software and mods back, but are OK if others USE that software in diverse ways, including making locked down hardware that is rented, radios that are power limited and more. In this way the GPL preserves everyone's freedom to do what they want with the software. The GPLv2 has served a wide range of needs, from Linus and Linux to plenty of industry efforts.
Linus was asked about this in a talk and he said he a)gets value in terms of forcing vendors to release code even from players like Tivo and b) is not interested in setting lots of additional restrictions on how folks use the code.
The FSF / Conservancy keep on re-assuring folks that encryption keys don't have to be released. Ubuntu went through an analysis and basic result was that this is a lie, lots of things may force secure boot key disclosures, so they avoided that by avoiding GPLv3.
Can we just leave GPLv2 as it has been. If the FSF or whomever wants another bite at the GPLv3 apple create a GPLv4 and let folks adopt it if they want.
> In this way the GPL preserves everyone's freedom to do what they want with the software.
Except the freedom of the people who bought a TiVo and want to modify Linux on it.
> Ubuntu went through an analysis and basic result was that this is a lie, lots of things may force secure boot key disclosures, so they avoided that by avoiding GPLv3.
Why have Linus and company not embraced some version of AGPL based on GPLv2? I really don't understand why such a license doesn't exists. It sounds like it'd be right up their alley.
Companies use and modify his code, building their businesses on them, and then are not distributing their changes back. Arguably the whole cloud revolution has been built on this. Better make a SaaS and freeload on other people's work than make client side software and be forced to share your work (and technical advantage)
[+] [-] ohazi|4 years ago|reply
In theory, you can cook up any license terms you want, but in practice, you need money and resources and the will fight in court if you actually want to enforce it. If you can't or won't enforce it, your silly terms may as well not exist.
Unfortunately, the nature of how proprietary software is distributed makes discovery of a violation inordinately difficult, and even when you do discover a violation, challenges are rare, and victories in court even moreso.
I don't see the point of debating the minutia of what you think the GPLv2 requires in one very specific instance, when there are probably 2-5 orders of magnitude more violators than anybody's best estimate.
Who cares what you think the letter of the license requires when it takes you ten years to get one company to make a passive-aggressive change to a now obsolete product, when thousands of violators don't even follow the spirit of the license?
This feels like such a wasted effort. Get your priorities in order.
[+] [-] lakecresva|4 years ago|reply
Without a doubt people still infringe, but it's not a complete free for all.
[+] [-] pabs3|4 years ago|reply
https://sfconservancy.org/copyleft-compliance/firmware-liber...
The bigger problem is that outside of the FSF and Conservancy, large amounts of the Linux developer community and several ostensibly Free Software companies/organisations do not want the GPL to be enforced at all.
[+] [-] goodpoint|4 years ago|reply
Big companies are very capable, and often happy, to sue each other for reasons including breach of patent, copyright, trademark and much more. This includes GPL breaches.
The point of GPL is to build an ecosystem and create "herd immunity" against bad actors.
Protecting the rights of a lone developer VS a large corporation can be expensive and difficult - not because of the GPL - but because of how the legal system works in most parts of the world.
But that is besides the point.
What matters is building an ecosystem where 99% of the important entities do not systematically violate the license, and this is already happening.
[+] [-] michaelmrose|4 years ago|reply
[+] [-] arminiusreturns|4 years ago|reply
I think they might be onto something.
Regardless, Eben is such a mind you owe it to yourself to listen to some of his talks.
[+] [-] ajklsdhfniuwehf|4 years ago|reply
> gpl is too difficult to enforce. throw hands up in the air
riiiigth.
[+] [-] bb88|4 years ago|reply
Interesting though there was a card edge connector on the mother board. Some enterprising person made an adapter that allowed an ISA ethernet card to be plugged in, and then the Tivo would use the network instead of the modem.
Further Tivo not only allowed this, but tacitly encouraged it by including the network driver needed to make this happen on tivo firmware upgrades.
https://www.samba.org/~tridge/tivo-ethernet/
[+] [-] bkallus|4 years ago|reply
[+] [-] kmeisthax|4 years ago|reply
[+] [-] JetSpiegel|4 years ago|reply
I would argue v2 is even better, because it forces unlocked phones to use alternatives to Android (that is, the proprietary Google Servics), like Lineage, while avoiding turning billions of phones into bricks.
[+] [-] singpolyma3|4 years ago|reply
[+] [-] whoknowswhat11|4 years ago|reply
"Complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable."
This is relatively routine.
The major new claim here is that releasing source code requires folks to unlock secure boot / root of trust / DRM type implementation on HARDWARE they sell. So release a complete work no longer (as plain language would read) means releasing the source code - but now ALSO requires that developers add various features to HARDWARE to bypass root of trust security measures which may include things around power limits or management on equipment or for things like phones sold on installment plans with a vendor lock would let folks pick up the phone on plan, root it to avoid vendor lock and then stop paying on phone.
[+] [-] RHSeeger|4 years ago|reply
To be fair, the fact that they signed a contract saying they would pay for the phone is what's supposed to be what keeps them paying for the phone. There's already laws around paying for things you buy, so the whole "well, people wouldn't pay for their phones" argument is completely invalid.
[+] [-] josephcsible|4 years ago|reply
You realize that bootloader unlocking and carrier unlocking are totally separate, orthogonal things, right?
[+] [-] ineedasername|4 years ago|reply
Per the article and its citation of decade+ old precedent, that is not a new claim. Whether these requirements of the license are reasonable or not is irrelevant. If OEM's don't like the license terms then they can buy/build something else.
[+] [-] infogulch|4 years ago|reply
"scripts used to control compilation and installation of the executable"
If the installer source code is missing the bit that enables installation of the GPL binaries on your device, then I guess it's not in compliance. The fact that the scope of these codes also include device keys seems somewhat irrelevant.
[+] [-] drran|4 years ago|reply
The solution is simple: develop your own OS, make it bulletproof, then do whatever you want. Nobody will ask to open source code of Symbian device, because it's not a GPL'ed OS.
[+] [-] unknown|4 years ago|reply
[deleted]
[+] [-] AceJohnny2|4 years ago|reply
[+] [-] swiley|4 years ago|reply
[+] [-] IntelMiner|4 years ago|reply
[+] [-] varajelle|4 years ago|reply
[+] [-] cma|4 years ago|reply
[+] [-] bumblebritches5|4 years ago|reply
[deleted]
[+] [-] JetSpiegel|4 years ago|reply
> As I was completing drafting on this article, the Linux Foundation sent me a rejection letter for my talk about this issue at their annual Open Source Summit (taking place this September 2021), and simultaneously announced McCoy will speak on this matter instead. I invite McCoy to not take the easy way out of presenting his work unquestioned to a friendly audience. I would be glad to come to the Open Source Summit in September and debate McCoy publicly on this issue during this session. I believe the audience would benefit from hearing more than just the anti-software-repair view of this issue.
[+] [-] reflexe|4 years ago|reply
[+] [-] FounderBurr|4 years ago|reply
[+] [-] jsbdk|4 years ago|reply
The gplv3 has been an utter failure. Trying to rewrite history so the gplv2 works like the gplv3 is pathetic and will be the last nail in the coffin of the GPL.
[+] [-] selfhoster11|4 years ago|reply
[+] [-] pabs3|4 years ago|reply
[+] [-] whoknowswhat11|4 years ago|reply
Are they serious??
Many OSS developers always want to get a copy of the software and mods back, but are OK if others USE that software in diverse ways, including making locked down hardware that is rented, radios that are power limited and more. In this way the GPL preserves everyone's freedom to do what they want with the software. The GPLv2 has served a wide range of needs, from Linus and Linux to plenty of industry efforts.
Linus was asked about this in a talk and he said he a)gets value in terms of forcing vendors to release code even from players like Tivo and b) is not interested in setting lots of additional restrictions on how folks use the code.
The FSF / Conservancy keep on re-assuring folks that encryption keys don't have to be released. Ubuntu went through an analysis and basic result was that this is a lie, lots of things may force secure boot key disclosures, so they avoided that by avoiding GPLv3.
Can we just leave GPLv2 as it has been. If the FSF or whomever wants another bite at the GPLv3 apple create a GPLv4 and let folks adopt it if they want.
[+] [-] josephcsible|4 years ago|reply
Except the freedom of the people who bought a TiVo and want to modify Linux on it.
> Ubuntu went through an analysis and basic result was that this is a lie, lots of things may force secure boot key disclosures, so they avoided that by avoiding GPLv3.
Can you link to a source for this?
[+] [-] geokon|4 years ago|reply
Companies use and modify his code, building their businesses on them, and then are not distributing their changes back. Arguably the whole cloud revolution has been built on this. Better make a SaaS and freeload on other people's work than make client side software and be forced to share your work (and technical advantage)