Recommendation: no GPLv3 for Solaris [LWN.net]

Recommendation: no GPLv3 for Solaris

Posted Feb 10, 2007 17:12 UTC (Sat) by sandy_pond (guest, #9734) [Link]

They clearly stated that there was "little, if any, benefit to dual-licensing". So porting code back and forth between OpenSolaris and Linux was "little, if any" value to them. The only benefit they saw was "possible short term good press for the project".

Recommendation: no GPLv3 for Solaris

Posted Feb 10, 2007 17:36 UTC (Sat) by b3timmons (guest, #40286) [Link]

Even granting their guesses about FUD, costs, and benefits, I am having trouble seeing how they can be in much of a position to fail to differentiate OpenSolaris very soon. It's not as if the development of the Linux kernel or even newer kernels were slowing down.

Java, OpenSolaris, and the Redshift vision are not interesting enough to reach the developers that Sun wants. Differentiation must also be nontechnical, and Schwartz et al know it.

Recommendation: no GPLv3 for Solaris

Posted Feb 10, 2007 18:16 UTC (Sat) by notamisfit (guest, #40886) [Link]

If they had switched to GPLv3, they wouldn't be using much Linux code
anyways...

Recommendation: no GPLv3 for Solaris

Posted Feb 10, 2007 18:58 UTC (Sat) by landley (guest, #6789) [Link]

The incompatability between CDDL and GPLv2 is a design goal. They _want_
a license that prevents Linux from using Solaris code. If they wanted to
use Linux, they'd be using Linux. Remember the internal sun politics
yanking Linux from "the java desktop" and replacing it with Solaris?
There's been a 5-way civil war going on inside Sun for years now (which is
more complicated than I want to go into here), and the Solaris faction
just wants to _survive_ at this point.

Linux is eating their lunch, so they want Solaris to copy its' advantages.
But they do NOT just want to contribute the Solaris code to Linux. Open
sourcing was a move to _defend_ Solaris against loss of market share to
Linux. So Solaris MUST be under an incompatible license. (True or not,
this is what motivates their decision-making process.) Sun is trying to
compete against Linux and hold (or even gain) market share against it.

Unfortunately for them, CDDL was seen as "sun community license take 2",
with perhaps a lesson or two learned from the Apple Public License and
IBM's long-ago attempt to do their own license, and external uptake was
close to zero. (Modulo Jorg Schilling, who worships Solaris already.)

GPLv3 is tailor-made for Sun. It's blessed by the FSF and totally
incompatible with Linux. This is EXACTLY what Sun wants, of _course_
they're moving to it. As soon as the Linux developers formally said "we
are never moving to GPLv3" Sun's ears perked up and it joined the FSF in
chanting "my preciousss" towards it...

Recommendation: no GPLv3 for Solaris

Posted Feb 10, 2007 19:12 UTC (Sat) by Arker (guest, #14205) [Link]

Actually Sun has been involved in the GPL v3 process from the beginning, they didn't just jump on it because Linus dislikes it.

I think the fears of Linux borrowing their code are overblown - the basics are so different you can't just yank code from one to the other anyway. The licenses don't have to be compatible for one group to look at how the other one is doing things and then code their own version. But there does seem to be some fear there, and Linus being anti-v3 can only help in terms of Sun using it.

From what I gathered from the blurb, it sounds like many of their current developers are knee-jerking against the idea - this isn't a surprise really. Some people like to be the big fish in the little pond. But if Sun wants to make that a bigger pond, they'll have to attract an audience outside of the group that's happy with things as they are.

Recommendation: no GPLv3 for Solaris

Posted Feb 10, 2007 20:31 UTC (Sat) by sandy_pond (guest, #9734) [Link]

Well OpenSolaris includes "the core kernel, libraries and commands".

Although the Linux kernel will not be GPL v3, I would expect that other parts of the OS will be.

Recommendation: no GPLv3 for Solaris

Posted Feb 10, 2007 21:12 UTC (Sat) by Arker (guest, #14205) [Link]

Well, yeah, GNU will be going v3 for sure. Linux wont' do that soon, if ever. A v3 Solaris would be compatible with GNU, but not Linux, and that's probably their best strategy - if hardware support can be drastically improved, GNU/Solaris could easily replace GNU/Linux as the defacto standard, putting Sun in a great market position.

Recommendation: no GPLv3 for Solaris

Posted Feb 11, 2007 7:50 UTC (Sun) by drag (subscriber, #31333) [Link]

One thing to keep in mind also is that the OpenSolaris folks obviously don't have a problem with the CDDL otherwise they wouldn't be OpenSolaris developers.

So since they have no problem with the CDDl then why would they care about GPLv3?!

It's like asking a dedicated Java developers if they have a problem with Java being propriatory or asking X.org developers if they would want to go GPLv3.

I can pretty much garrentee what sort of response you'd get. It doesn't nessiccarially mean thats what is (or not) the best thing for Sun or Solaris itself though.

Linux is nailing Solaris to the wall in terms of market performance and without GNU it wouldn't be possible.

Gaining built in GNU support and licensing compatability with those developers who currently favor Linux over Solaris is going to provide the best way to move Solaris/OpenSolaris forward. It's just make sense.

Proprietary Java

Posted Feb 11, 2007 10:00 UTC (Sun) by man_ls (subscriber, #15091) [Link]

Yeah, true. I used to troll in a Spanish Java forum; to annoy people there all you had to do was to ask Sun to free their implementation, and then they all repeated like parrots that it had no advantages, that it did not matter to anyone, that Microsoft would make incompatible versions, that the sky would fall upon their heads if they did.

Now, when Sun announced they were going to release Java 7 under the GPL most of them were just astonished and didn't say anything; the rest congratulated Sun on having such a great vision and generosity and warm hearts. It was amazing to watch!

Most people don't care for consistency, they just want a cozy environment. Sad but understandable.

Recommendation: no GPLv3 for Solaris

Posted Feb 11, 2007 17:09 UTC (Sun) by mrshiny (subscriber, #4266) [Link]

I think it's funny that you totally discount the possibility that a user of a system might want it to be open. As a professional java developer, I am thrilled that it will be opened, because this will result in many improvements, including support for under-supported platforms and support for unusual configurations. For example, Sun didn't ship a 64-bit applet plugin for Linux; this is because of the variety of issues with shipping a compiled 64-bit blog to plug into a browser; the problem isn't that hard but Sun didn't want to deal with it. Now that Java is open, this issue will finally be resolved, and similar issues will also be resolved. Also users will finally be able to fix bugs in a more timely manner than Sun. And finally, for embedded developers, there are a range of possibilities when you have the freedom to alter the core platform in a way that suits you.

I mean, you can't say that, just because someone tolerates the status quo, doesn't mean they don't want it to change.

Recommendation: no GPLv3 for Solaris

Posted Feb 12, 2007 0:37 UTC (Mon) by drag (subscriber, #31333) [Link]

""I mean, you can't say that, just because someone tolerates the status quo, doesn't mean they don't want it to change.""

That's right.

But when somebody _chooses_ to join that statis quo, then that is different. It's one thing to get sucked into it, but it's quite another when somebody volenteers for it.

If they had problems with licensing of OpenSolaris then they would be Linux developers, not OpenSolaris developers. :-)

Plus another thing is that CDDL is a Free software license, by FSF/RMS's definition of the word. The question is one of licensing incompatability, not of freedom on the GPLv3 side (OpenSolaris folks probably like that CDDL allows them to use the code in propriatory software, were the GPLv3 would not)

Recommendation: no GPLv3 for Solaris

Posted Feb 12, 2007 15:55 UTC (Mon) by Arker (guest, #14205) [Link]

I don't think the point was that developers in general don't want that, it was that the developers working at any given time on a given project are likely to be the ones that don't have a problem with the license that project is under.

Recommendation: no GPLv3 for Solaris

Posted Feb 10, 2007 22:14 UTC (Sat) by Nelson (subscriber, #21712) [Link]

I can't help but think that they just don't understand open source still.

Basically it comes down to press and FUD and they see the lack of support from any community as a FUD campaign.

I've contributed code to Linux, my name is on it, I wrote some stuff. I can use it regardless of how it ever morphs. There is no such promise with Solaris. I can contribute code, but there is nothing that prevents it from showing up in a product that is licensed such that I can't use it. Unless Sun wants to pay me, I won't be contributing unless they promise that my rights to use the code I produce will never be restricted. Very simple. Buy the code or give me rights, it's free but nothing is free.. That's not FUD, that's not press, that's just a fact, if you play ball with Linux you will never be cut off from your code.

In the grander scheme, they are still pissing in the ocean. Sure, they have some slick technologies and a very fine product but it just seems inevitable that Linux will steam roller over Solaris also at some point. They have to find a way to involve a community, part of that is by setting things free. If there is anything that you can learn from MS and Linux it's that the best technologies aren't always the best technologies, a big part of it is a bet on the future. Is there anything Solaris will be able to do that Linux or one of the BSDs won't match at some point? And then what's the time between now and then really worth? If they just went full on GPL the whole way they could change the game, they can leverage their support. Nobody does business with Sun for Sun's code anyways, it's all of the other aspects of the deal.

Recommendation: no GPLv3 for Solaris

Posted Feb 10, 2007 23:10 UTC (Sat) by b3timmons (guest, #40286) [Link]

That's not FUD, that's not press, that's just a fact, if you play ball with Linux you will never be cut off from your code.

Except in some scenarios involving Tivoization and MS-Novell type of patent agreements. I would expect these scenarios to be on the rise over time.

Recommendation: no GPLv3 for Solaris

Posted Feb 11, 2007 8:04 UTC (Sun) by drag (subscriber, #31333) [Link]

Yes.

Right now people are saying that Microsoft is extracting licensing money from people that are using Linux as long as they promise not redistribute Linux. They are doing this 'under the table'.

Think about that for a second. Microsoft is using patent fud to:
A. charge licensing for Linux.
B. getting people to agree not to redistribute Linux.

Recommendation: no GPLv3 for Solaris

Posted Feb 12, 2007 10:55 UTC (Mon) by jmansion (guest, #36515) [Link]

>They would be the people who were, you know, porting drivers and ideas to and fro from linux

That won't and can't happen even with a modified GPL3 license (as well as CDDL, let's remember that).

Its a question of who matters: Sun have lots of paying customers who pay to matter, and get what they need. If they need binary kernel modules, then that's fine for them. They pay for - and get - stability for themselves and for ISVs. And the pay Sun to exercie its judgement and *control* to achieve that.

Linux is quite different for users and ISVs - and the antipathy towards binary module ISVs (and binary application vendors too from some quarters) means that Solaris *is* differentiated and can continue to be differentiated. Developers are just a minority, and they need to remain that way - and to be an unimportant minority in the overall picture.

I'm quite happy to have a choice between the Solaris model and the Linux model and sometimes I'll favour one or the other, depending on circumstance. I don't want the choice to be threatened though.
(And, yes, I also the value the choice to use W2k3, XP, and Vista when it makes sense for me too)

James

Recommendation: no GPLv3 for Solaris

Posted Feb 10, 2007 19:19 UTC (Sat) by b3timmons (guest, #40286) [Link]

How is the GPLv3 horribly drafted? What are the specifics?

Recommendation: no GPLv3 for Solaris

Posted Feb 10, 2007 20:44 UTC (Sat) by JoeBuck (subscriber, #2330) [Link]

Even if this were true, which it isn't, we don't have the final draft yet.

Recommendation: no GPLv3 for Solaris

Posted Feb 10, 2007 23:25 UTC (Sat) by mmarq (guest, #2332) [Link]

Because it invalitades compatibility with GPLv2.

Because it specifies particular uses (DVD issue)

Because its not in clear words, and i saw many confusion in various posts, and i cannot understand it clearly myself.

Recommendation: no GPLv3 for Solaris

Posted Feb 10, 2007 23:54 UTC (Sat) by khim (subscriber, #9252) [Link]

Because it invalitades compatibility with GPLv2.

That's the whole point, you know. Fix the license to deflect new attacks on freedom. It was known that GPLv3 will not be compatible with GPLv2 many years ago - when the GPLv2 was written.

Because it specifies particular uses (DVD issue)

Have you read the GPLv3 draft?

Because its not in clear words, and i saw many confusion in various posts, and i cannot understand it clearly myself.

Again: have you read the GPLv3 draft? I too saw a lot of strange posts - mostly from the people who never bothered to read the latest draft (or in most cases never read any draft). Sure - it's impossible to understand GPLv3 unless you've read it at least once. That's not GPLv3 fault...

Recommendation: no GPLv3 for Solaris

Posted Feb 11, 2007 0:57 UTC (Sun) by mmarq (guest, #2332) [Link]

Yes i have, it was an old version perhaps, full of strickles on the text. Im not updated and is not my business to be, which dosent invalidated my opinions. Meanwhile here is more confusion:

http://www.groklaw.net/article.php?story=2006072714003881...
http://lkml.org/lkml/2006/9/24/246
http://www.groklaw.net/article.php?story=20060925204515114

A MS specific clause perhaps...

http://www.groklaw.net/article.php?story=20061116103031303

Recommendation: no GPLv3 for Solaris

Posted Feb 11, 2007 0:42 UTC (Sun) by b3timmons (guest, #40286) [Link]

It seems your complaints are against not the drafting of the GPLv3 but against its aims.

Because it invalitades compatibility with GPLv2.

The main aim of the GPL is to protect the four software freedoms which v2 now can no longer do because of loopholes which can make v2-covered code effectively nonfree. Any license compatible with v2 would allow the covered code to be linked and distributed with v2 which would expose the covered code to the same loopholes and thus offer no better protection. Thus, by its very purpose, v3 must be incompatible with v2. In practice, this incompatibility will affect only "v2 only" projects. Moreover, v3 gains compatibility with two important v2-incompatible licenses, Eclipse and Apache.

Because it specifies particular uses (DVD issue)

No version of the GPL has or will ever have to even be accepted for any kinds of uses or modification of the covered code, short of distribution, so you must be referring to not a particular use but a particular form of distribution. I assume you are referring to Tivoization, which is an obvious loophole that v3 must close if the GPL is to fulfill its aim of ensuring that covered code remain free.

Because its not in clear words, and i saw many confusion in various posts, and i cannot understand it clearly myself.

The very same complaints have been made about v2 for over a decade. While v2 has aimed for clarity, it has also had been constrained in several other areas. One way to see this is that it has been by far the most reviewed and negotiated over software license in history. You can definitely understand v3 better by reading transcripts of speeches by RMS and Moglen and rereading the v3 draft. Any clarifications you can then make can still be considered within the next month.

Recommendation: no GPLv3 for Solaris

Posted Feb 11, 2007 0:46 UTC (Sun) by b3timmons (guest, #40286) [Link]

The very same complaints have been made about v2 for over a decade. While v2 has aimed for clarity, it has also had been constrained in several other areas.

Sorry, that should be "While v3 has aimed for clarity...".

Recommendation: no GPLv3 for Solaris

Posted Feb 11, 2007 1:02 UTC (Sun) by mmarq (guest, #2332) [Link]

"" this incompatibility will affect only "v2 only" projects ""

Meanning that a mix of GPLv3 plus GPLv2 code can coexist in the same project
?... awesome

Recommendation: no GPLv3 for Solaris

Posted Feb 11, 2007 1:24 UTC (Sun) by zotz (guest, #26117) [Link]

[ "" this incompatibility will affect only "v2 only" projects ""

Meanning that a mix of GPLv3 plus GPLv2 code can coexist in the same project
?... awesome]

Actually, I think meaning that gplv2 code that is not gplv2 only will automatically become gplv3 code when mixed in with gplv3 code... Or at least the overall program will automatically be gplv3. If I have understood at all. I may not have used the best wording here mind you.

Corrections welcome.

all the best,

drew

Recommendation: no GPLv3 for Solaris

Posted Feb 11, 2007 1:34 UTC (Sun) by b3timmons (guest, #40286) [Link]

Oops, I should have chosen better words. The point is that very few projects are "v2 only". For the many that are v2+, compatibility is not an issue.

Recommendation: no GPLv3 for Solaris

Posted Feb 11, 2007 7:42 UTC (Sun) by kripkenstein (subscriber, #43281) [Link]

Regarding this issue, it seems that the Linux kernel has a lot of v2+ code in it, perhaps as much as half.

http://6thsenseless.blogspot.com/2007/02/how-much-linux-k...

Recommendation: no GPLv3 for Solaris

Posted Feb 12, 2007 1:50 UTC (Mon) by sepreece (subscriber, #19270) [Link]

Note that, regardless of what license is specified in a particular file, if the file is a derivative work of a GPLv2 work, then it could only be distributed under GPLv2...

Recommendation: no GPLv3 for Solaris

Posted Feb 12, 2007 3:24 UTC (Mon) by notamisfit (guest, #40886) [Link]

How much of the modern kernel could be considered a derived work of
Linus's original code?

Recommendation: no GPLv3 for Solaris

Posted Feb 12, 2007 4:36 UTC (Mon) by dlang (✭ supporter ✭, #313) [Link]

he isn't the only one who doesn't want the GPLv3.

Recommendation: no GPLv3 for Solaris

Posted Feb 10, 2007 22:34 UTC (Sat) by mmarq (guest, #2332) [Link]

Following the above, one big question arises :

" ge... those guys wil be making all their contributions only for private systems! "

Hey, but they can already do that in GPLv2,i. e., chance their code in their private systems, but is prone to confusion and abuse.

a) The problem is that when someone starts asking fees for patents in their GPLv2 code, the reaction will be - bla bla bla... ; and the answer - f**k you, pay me!. All developers will be running erasing the patented bits, because they will be easly identifiable, but the patent holder will be smiling to the bank with the money of all the traped users and distributors.

In GPLv3 there should be clearly *explicit* that patented bits in code will be non-fee for **any public acessable GPLv3 repository**, i. e., not mandatory because copyright law cant invalidate patent law, and in private patent holders can do as they please. But mandatory in PUBLIC repositorys because patent law cant invalidate copyright law neither.Its the contract aspect of the beast.

What all vendors must do is contract with their users a non patent litigation clause, therefore assuring the legality of their code base even if they knowingly sale systems with patents in them, that they have cross-licenced or otherwise for private use. GPLv3 should make all this very clear, because what it will do is for developers to make their public repositorys in GPLv3, to guarantee the same thing.(not only IBM/RH/SUN or other big pockets will be doing sales)

GPLv2 SHOULD BE *PERFECTLY COMPATIBLE WITH GPLv3* IF THERE ARENT ANY PATENTS IN THAT GPLv2 CODE.IF THERE ARE, A CLEANING AND OR CHANGE TO GPLv3 WILL DO.

b) The other problem will be when someone starts asking money for the keys of their DRM schemes for their GPLv2 based systems. The reaction / answer can be the same. The most obnoxious outcome is that developers will be prevented from freely using their own contributions, if those happen to get into a system that ask money for the key. If all hard/system vendors get in that spree, then developers making there own distros wont cut the problem, and they will be like in that movie where Hannibal Lector feeds them their own brains.

So in a GPLv3 there should be clearly *explicit* that any DRM protected system/sub-system will have a non-fee public key applyed for code in **any public acessable GPLv3 repository**, i. e., not mandatory because copyright law cant invalidate any DMCA laws of this world, and in private key holders can do as they please. But mandatory in PUBLIC repositories because any DMCA law cant invalidate copyright law neither.Its the contract aspect of the beast again.

If any country mandates that all hardware/systems be selled with a private key, certified by a third part authority, know that GPL is being legally banned from that country, no matter if v2 or v3, and no matter the smiles or campaigns of the politicians. Due to the imense distributed nature of networks, including Internet, immense technical and user protests problems will arise, but nevertheless all cards will be upon the table. Then please dont treat Ma$ter as another vendor, but as the BIG BROTHER powerhouse instead. FUD for FUD the media will always report MS having more than 90% of the market, even if all the administration starts selling CD copys hand to hand at a big discount, in the local market.

What all GPL vendors must do is make sure that there always be enough hardware systems for public GPLv3 OSes repositorys, or else risk destroying the all Open Source movement.I wont contribute a single line of code if i have to pay for a key to run it, much less for run it in a different machine. LinuxBIOS should be considered as an option as an integral part of the Linux systems to asure a mean of protection against abuse.

Contracts of GPL vendors with their users, is their own business, if they make their private keys for private systems non distributables, i. e., dont gain from making a public repository a means of private gain. GPLv3 should make all this very clear, because what it will do is for developers to make their public repositories in GPLv3, to guarantee free acess. But here in a legally GPL banned situation, there will be no guarantees of legally running systems. none. (IBM/RH/SUN or other big pockets will be doing all the sales).

GPLv2 SHOULD BE *PERFECTLY COMPATIBLE WITH GPLv3* IF THERE ARENT ANY PRIVATE KEYS TO SYSTEMS/SUB-SYSTEMS IN THAT GPLv2 CODE. BUT THAT WILL ALWAYS BE THE CASE BECAUSE KEYS ARE APPLAYED "AT POSTERIORI".

"" DRM is a technical solution for a political problem, that with the DMCA makes a technical solution to it illegal. So all the admired and esteemed proponents of a technical solution to it are, i'm affraid, wrong ""

Recommendation: no GPLv3 for Solaris

Posted Feb 11, 2007 2:17 UTC (Sun) by mmarq (guest, #2332) [Link]

"" So in a GPLv3 there should be clearly *explicit* that any DRM protected system/sub-system will have a non-fee public key applyed for code in **any public acessable GPLv3 repository** ""

Should read

"" So in a GPLv3 there should be clearly *explicit* that any DRM protected system/sub-system will have whenever needed a non-fee public key applyable for binarys resulting from code in **any public acessable GPLv3 repository** ""

Recommendation: no GPLv3 for Solaris

Posted Feb 10, 2007 23:18 UTC (Sat) by ernest (subscriber, #2355) [Link]

The trouble many people seem to have with DRM and open source code (GPL)
is apparently more in the direction of if DRM is used to prevent
recompiled GPLed code from a specific device to be loaded again within a
device because of a missing or invalid signature or checksum only present
with the binary produced by the original maker.

Sources can be GPL, be freely distributable, and can be recompiled and
redistributed by anybody for a specific device. But binary code is
useless as the devices searches for and requires a signature serounding
the binary code before it will allow it to run.

GPLv2 cannot prevent this. I understand this is one of the points which
GPLv3 wants to correct.

Ernest ter Kuile.

Recommendation: no GPLv3 for Solaris

Posted Feb 11, 2007 0:07 UTC (Sun) by mmarq (guest, #2332) [Link]

"" GPLv2 cannot prevent this. I understand this is one of the points which
GPLv3 wants to correct. ""

Neither can any GPLv3 guarantee that, because;

"" Sources can be GPL, be freely distributable, and can be recompiled and
redistributed by anybody for a specific device. But binary code is
useless as the devices searches for and requires a signature serounding
the binary code before it will allow it to run. "

the key to make that signature can be guarded in a ROM, accessible only by the original manufactor. Because BIOS are erasable, LinuxBIOS should be an option. Meanwhile what a licence can do is invalidate irself, as in a contract, if a particular hardware system dont provide a mean to make a public GPL OS repository runnable. It cant force the hardware manufactor of anything he dosent contract, but only prevent public abuse, i. e., an OS from a public repository cannot be distributable in that particular hardware system.

Ma$ter is laughing of course, of the so much possibility of pre-intalled Linux systems. But putting all kind of emotions aside, what is clear(at least to me) is that there will be enough hardware systems where private DRM schemes can be by-passed or there will be no Open Source movement. Only the Big Boys cross-licencees, will make contributions to common distributed repositorys... but that wont be Open Source.

Recommendation: no GPLv3 for Solaris

Posted Feb 11, 2007 0:39 UTC (Sun) by ernest (subscriber, #2355) [Link]

hmmm, your story is bit confusing to me.

What I understood from the GPLv3 draft is that hardware maker were not
allowed to distribute any version of the code if everything needed to
make that code run wasn't freely available somehow. So if a private key
was needed to sign and run some GPLv3 code, it must also be available.

Also selective redistribution isn't an option. Either the code is allowed
to run on every system or it may not be distributed at all. This is true
for GPLv2 and 3.

But I guess we are getting way off topic.

Ernest ter Kuile.

Recommendation: no GPLv3 for Solaris

Posted Feb 11, 2007 1:46 UTC (Sun) by mmarq (guest, #2332) [Link]

"" So if a private key was needed to sign and run some GPLv3 code, it must also be available. ""

Suppose i'm a system builder, never read a GPL licence nor care to. My firmware/bios are contracted elsewhere. No public availability is ever mentioned. What is that i'm obligated to make available ?

If i use a GPLv3 OS, and i agree that that is the spirit of it, them i must make available that key or make the DRM feature turned off or else get into an infrigement situation. If i use a GPLv2 OS there is a legal void...

Nevertheless i can use another OS and still make my hardware system distributable... or sell without any OS and still make no key available. Much worst is if that other OS contracts me with the mandatory exclusivity for that key...

"" Also selective redistribution isn't an option. Either the code is allowed to run on every system or it may not be distributed at all. This is true for GPLv2 and 3. ""

That is precisely the point. No licence will deal with the technical hurdles of DRM, and technical solutions are illegal under DMCA. That is, you cant force me to accept GPLv3 or any other, no matter what users try on my machines. I have other options. Its up to you... do or die.

Recommendation: no GPLv3 for Solaris

Posted Feb 11, 2007 3:01 UTC (Sun) by b3timmons (guest, #40286) [Link]

The point you seem to be reiterating is that GPLv3-covered kernels will be unsuitable for those who wish to subjugate users with Tivoization.

Fair enough -- they will have to choose something else, and yet I think the rest of us will somehow find a reason to continue living.

Recommendation: no GPLv3 for Solaris

Posted Feb 11, 2007 5:57 UTC (Sun) by mmarq (guest, #2332) [Link]

"" The point you seem to be reiterating is that GPLv3-covered kernels will be unsuitable for those who wish to subjugate users with Tivoization. ""

Not quite.I happen to have been reading this: http://www.fsfeurope.org/projects/gplv3/drm-and-gplv3.en....

Tivoization will continue in same form or another, simply because any users, looking for alternatives for running in their TIVO boxes, will have to compile with their keys from source code, after modification or not, and install the program, all on their own or handover those keys available to someone that can do that for them.

I belive 99% or more than 90% of users in the low end part of the technical spectrum( the immense majority), for a forseable future, will have to handover those keys.period.

Expect a huge social engineering spree. Crackers can have the most easy walk over in the park ever. DRM can make somehow a system more secure, right, but can make users more suceptible to total attack as in under GPLv3 than in GPLv2. It can make Linux look like horribly insecure when the fault is not of Linux.

TIVO will have a copy of those keys and will be in the business too of course, as the preferred partner. But TIVO wont be making those changes to the code that is not politicly correct for them. Tivoization will continue...

DRM was never about security "per se", was always about control. IMHO, if GPLv3 stated a mandatory private/public key for their public repositorys, it will be easier to pass the message of DRM as a master acess control feature and advice caution against it.

The ideal, and most logic for the low technical users ( the immense majority), will be to make mandatory the turn off of those DRM features if the users will choose so, in any GPLv3 repository, and permit those low technical users to directly install binarys from sources they trust, as they are, on their own peril.( obnoxious these forced paternalistic pseudo-security )

The Hardware System vendors are not the enemy, belive me. They want to sell more, they dont want to kill the WhiteBox paradigma. They prefer if they dont have to choose, because is not any licence GPLv3 or v2 that can force them. Its being in bed with some integrators and BIG BROTHER, that can force them, the ones that are making profit budgets projections on this.

Recommendation: no GPLv3 for Solaris

Posted Feb 11, 2007 6:27 UTC (Sun) by b3timmons (guest, #40286) [Link]

However interesting it may be to speculate about how Tivoization and DRM will play out, the immediate issue is the need for the GPLv3 to serve free software developers. I cannot yet see from your comments, including this interesting one, how the current draft could be improved.

Recommendation: no GPLv3 for Solaris

Posted Feb 11, 2007 6:59 UTC (Sun) by mmarq (guest, #2332) [Link]

??
make mandatory the turn off of those DRM features if the users will choose so, for any binary resulting from a GPLv3 source repository.

Dont think only of software developers by software developers for software developers.

Recommendation: no GPLv3 for Solaris

Posted Feb 11, 2007 10:08 UTC (Sun) by zlynx (subscriber, #2285) [Link]

Tivoization plus GPLv3 is very possible.

Vendor A provides USB keys containing "GNU OS" plus source code, since keys are so big these days. This "GNU OS" is built for PowerPC and has drivers for a Hardware MPEG Decoder Ring.

*Unrelated* vendor B builds boxes that verify by checksum that the code is Vendor A Release 3.14 of GNU OS.

Yet another vendor C sells to customers by having Vendors A and B ship their respective product to the customer, with a booklet explaining how to put it together with the video cables, satellite receiver and USB key.

There's no one for any GPLv3 copyright holder to sue in that scenario. No one is violating the license.

As you see, GPLv3 really can't accomplish what it wants to do here. It can not remain a distribution license and still affect actions of the end user, and many DRM scenarios can be recast as I did above, so that the end user puts the pieces together, keeping vendor's hands free of violating distribution limitations.

Recommendation: no GPLv3 for Solaris

Posted Feb 11, 2007 21:16 UTC (Sun) by khim (subscriber, #9252) [Link]

There's no one for any GPLv3 copyright holder to sue in that scenario. No one is violating the license.

Cartel from Vendors A, B and C is violating the license. If vendor A truly does not know anything about vendors B and C (for example if it's RedHat) then you need to send them letter and ask them to change signature to stop vendor's B and C. If it's not done then you just go to court. End of story.

And Vendor B will have truly hard time trying to explain why he's selling the hardware which is unusable without software from Vendor A: if he does not know about Vendor A - then what he thinks users should do with this hardware, if they know about Vendor A, but have no agreement with Vendor A - then how can they be sure it'll not stop producing "USB keys", if they know about Vendor A and have an agreement with Vendor A - then they together are infringing.

Yes, it's possible to circumvent GPLv3, but it's insanely risky and thus the whole example looks like straw men...

Recommendation: no GPLv3 for Solaris

Posted Feb 11, 2007 6:01 UTC (Sun) by Arker (guest, #14205) [Link]

You could just make the treacherous "feature" disableable.

Want to make slaves of your customers? Fine. Don't use GPL code to do it. Write your own.

Recommendation: no GPLv3 for Solaris

Posted Feb 11, 2007 7:31 UTC (Sun) by mmarq (guest, #2332) [Link]

Ge... that was an example, im not posting on self interest.

I firmely belive that the general hardware manufactor wants to use GPL code, not because of licence, but because of sales... if only they could "wrap" some closed tiny technical sensitive details on it . Some integrators dont.
Funny thing is that the general hardware manufactor rarely do it, and are constantly pressured to lock away their platforms, while many of those "some integrators" that dream of a world without GPL are big on it.

DRM is a bit of a red herring.

Posted Feb 11, 2007 12:46 UTC (Sun) by drag (subscriber, #31333) [Link]

Alright take Tivo, since that is the most famous example.

Right now Tivo has hardware built into every machine they build that detects weither or not the code it's running is the same as they ship from the factory. If the software the machine is trying to run isn't the same as what it ships with or what is updated from Tivo itself then it won't run.

So the reason they do this is for several reasons... To ensure a user experiance, to enforce digital copyright restrictions, to make sure people can't circumvent their channel data subscriptions, etc etc. They do this by prorgamming the software to enforce these restrictions, then making sure that the software can't be changed.

This is against the spirit of the license that RMS and GNU and the FSF folks want. They want you to be able to study, modify, redistribute the software you get, and then redistributed the modified software you made.

Tivo CAN use GPLv3 software if they wanted, too. They would just have to design the DRM slightly differently.

So say they use Linux with GPLv3 userland. They supply keys to allowed modified software to be ran and that won't interfer with any functionality (provided you don't add bugs.)

Right now Tivo uses hardware to capture TV signal, encode that signal into mpeg4, then use more hardware to decode that stream as it gets sent to the TV show. This allows it to use a weak CPU and maximize harddrive capacity.

Well what they could do then is just add a extra step were as the data is being encoded into mpeg4, that it's also encrypted. The files are then saved to the disk and managed by Linux-based userland. Then that same key is used in the decryption.

Then they can also put it into the hardware firmware that it requires a encrypted packet from Tivo to be sent to it by the Linux-userland. If it doesn't get it then it will assume that you've stopped your monthly subscription and would shut off access to their subscription services.

So this way Tivo can use strong DRM to manage their systems and still be completely in compliance with the GPLv3 since it's no longer depends on keeping the userland umodifable.

So GPLv3 can work with DRM if you want it to. You just have to devise a system which allows people to modify the software.

Beleive it or not TiVo DRM and GPLv3 CAN be compatable. Just not in it's current state.

Sure this is inconvient and would be a added expense for Tivo. So it's still bad from Tivo's point of view, but it's not something that is nessicarially going to cause Tivo to avoid GPLv3-licensed software.

So the question isn't weither or not GPLv3 is worth it for you to make what Tivo does illegal, it's weither or not GPLv3 is worth making things much more inconvient for Tivo.
(and the many numerious other companies that are doing this sort of thing. Tivo isn't alone in this)

And who knows. If Tivo opens up the software more it may lead to more possiblities... like downloadable Java-based arcade games for your Tivo and stuff like that. When life hands you lemons, you make lemonade.

DRM is a bit of a red herring.

Posted Feb 11, 2007 20:49 UTC (Sun) by mmarq (guest, #2332) [Link]

"" So the reason they do this is for several reasons... To ensure a user experiance, to enforce digital copyright restrictions, to make sure people can't circumvent their channel data subscriptions, etc etc. They do this by prorgamming the software ""

And firmware and possibly "hardware craved" in the future too..

"" So say they use Linux with GPLv3 userland. They supply keys to allowed modified software to be ran and that won't interfer with any functionality (provided you don't add bugs.) ""

See... they are somehow incompatible. Im a proponent of a modified GPL with no legal holes too, say GPLv3. But GPL is a contract between distributors, lets say as example TIVO, and the a community of sotware developers and other distributors.

No such license can deny TIVO the possibility of freely contract with their own costumers, if they dont break other licences. I dont belive that would be legal either in most of countrys. Lets say TIVO adopts GPLv3:

And they say:- ok here are the keys, you can do as you please, i accept the GPLv3 contract. But... if you remove or change our code, all guaranties are void. Not only that but we have signed our binarys also. The data channel will be looking upon those signatures and if it dosent find them no connection will be allowed.

You say:- hey, i want to be able to use those functionalitys, that is why i bought a TIVO, and i want to be able to run my modifications with them.

Tivo say :- No... we abide by the GPLv3, and here are the keys. But the guaranties and channel are for "private" contract between us and our costumers (the guarantied entity).

I have a great admiration for the work of FSF and RMS. But the illusory part with the big free software push, is that software dont have any guaranties, but hardware and private services, do. And they must be by their intrinsic nature of the "private" kind.

*BUT THIS DONT HAVE TO BE A WAR*

FSF can say :- TIVO, you cant abuse the work of a community for private gain, you must allow us to modify and re-distribute the code you are using.

TIVO say :- OK, here is the full source code and keys to DRM. But you cant force us to trust everybody from Geenland to Antartica, which might happen to be running those modifications, with a guaranty or acess to our services. Run those boxes as second hand whiteboxes without our channel, and or find a service with free acess, but stop bothering us.

The same will happen with those big juicy server vendors.

"" So GPLv3 can work with DRM if you want it to. You just have to devise a system which allows people to modify the software. ""

Oh yes it can... like a bleeding swimmer with a white shark. See, if every kind of box end up beying using DRM in the future, GPLv3 will be pledging and in need of those keys. DRM by the actual IT scenario wont be needing GPL. If the DRM master decide that no key will be given, GPL will die of starvation.

What FSF and GPL can do to avoid abuse, by contract, is saying that if someone dont give the keys or allow the DRM to be turn off, in order to run modifications of the code, the licence is void, and no GPL software can be used.

** THE ONLY SOLUTION TO DRM, WHICH IS NOT EXACTLY OF THE TECHNICAL NATURE, IS TO CO-OPT THE GENERAL HARDWARE INDUSTRY, INTO THE GPL CAMP, CATIVATING THEM BY ALLOWING SOME TINY BINARY MODULES OF THEIR MOST FEARED SECRETS TO RUN WITH GPL KERNELS. GPL KERNELS DONT HAVE TO BE TAINTED IF THOSE ARE WRAPPED AND OR PUSHED TO HYPERVISOR LAND... ALLOWING LINUXBIOS AS AN OPTION **

Ok, i can almost hear the indignation screems from here... and i can say that im not a technical expert.

But the strategy is to give one step back, that will allow to give two steps foward. When the general hardware industry will taste it, they will free, freely, much much more.

One solution might be AGESA:
http://www.linuxbios.org/data/LinuxBIOS%20AMD%202006%20Fi...

DRM is a bit of a red herring.

Posted Feb 12, 2007 0:11 UTC (Mon) by drag (subscriber, #31333) [Link]

"""And they say:- ok here are the keys, you can do as you please, i accept the GPLv3 contract. But... if you remove or change our code, all guaranties are void. Not only that but we have signed our binarys also. The data channel will be looking upon those signatures and if it dosent find them no connection will be allowed."""

Well according to the GPLv3 draft the second part would be invalid. Running cannot automaticly result in a decline of the functionality of the system.

In other words it's against the license to disable functionality if it detects modified code. In the GPlv3 draft they gave two examples, one example was online services.

However it's perfectly valid, according to the license, that mofidying the code would void warrentees and garrentees. It's not reasonable at all to blame broken software you made on the hardware vendor you got the machine from.

They are trying to make a distinction between practical functionality software-as-a-tool and stuff like warrentees and such.

DRM is a bit of a red herring.

Posted Feb 12, 2007 1:43 UTC (Mon) by sepreece (subscriber, #19270) [Link]

This is in highly speculative territory.

I personally doubt that a court would find that the distribution license could limit the distributor's right to make contracts with its customers, including contracts that bound the customers to NOT do things the license would allow them to do. But IANAL.

Beyond that, even under a broad reading of the license terms, the service presumably IS allowed to authenticate the proprietary software that it works with (in the TiVo-like case, the software that runs on top of Linux). The system may be designed so that software can work with the hardware without relying on (or trusting) the GPLed software. Then the system can allow the GPL software to be replaced without actually opening up the system's interesting functionality.

Also, the license only requires providing keys; there is no basis for figuring out what happens if the means of authenticating the software isn't "a key". If the service or proprietary software calculates a checksum, for instance, that is not a key.

And, of course, virtualization may be the ultimate way to allow using the GPL software for untrusted functions and using only authenticated software for things the system needs to trust (like interaction with remote services).

DRM is a bit of a red herring.

Posted Feb 12, 2007 16:04 UTC (Mon) by Arker (guest, #14205) [Link]

You may doubt it, but you're wrong.

Under copyright law, they have no right whatsoever to use the code. If they don't like the terms it's offered under, their remedy is not to use it. Simple as that.

DRM is a bit of a red herring.

Posted Feb 12, 2007 17:19 UTC (Mon) by sepreece (subscriber, #19270) [Link]

You're oversimplifying.

The distribution of the software is controlled by the software license. Selling you a box with the software in it is subject to the terms of the license. I'm assuming you can buy the device without buying the service.

Buying service (whether for a TiVo, cable box, or cell phone) is a separate arrangement. Assuming you buy the device, and get to keep it regardless of whether you get the service, there's no interaction with the license terms. The contract terms for the service could require using a specific version of the software and that requirement would have nothing to do with the distribution licensing.

A possible refinement of this would be to have the device provider provide only core, GPL software. The service provider could then provide the proprietary client software that enables use of the service. That software could then tie to a specific version of the GPL software. For instance, a DVR vendor could ship boxes with DVR functionality based on Linux and MythTV, and TiVo could ship their proprietary software to run on top of the Linux, replacing the software that shipped with the device.

DRM is a bit of a red herring.

Posted Feb 12, 2007 17:47 UTC (Mon) by drag (subscriber, #31333) [Link]

Ya.. that could be possible. As long as that propriatory bit of code being sent by Tivo isn't violating the GPL (which I assume is not violating it) when they sent it.

The GPL has absolutely no restrictions on the sort of stuff people do to it themselves, it never has and hopefully never will. If end users want to add propriatory code to impliment some sort of DRM then that would be valid and without conflict with GPLv3.

(although that sort of drm would be almost certainly be trivially easy to crack)

DRM is a bit of a red herring.

Posted Feb 12, 2007 2:57 UTC (Mon) by mmarq (guest, #2332) [Link]

"" In other words it's against the license to disable functionality if it detects modified code. In the GPlv3 draft they gave two examples, one example was online services. ""

Confess i havent read those. But it dosent. At least from the client side, from that TIVO box it never will. If you have only somehow unrestricted acess to Online Services, you will never have acess problems from your modified TIVO box.

GPL v3 can say that no license will hold, if the covered code is used to restrict functionality upon modification.

But nevertheless i cant see how the GPL can impose legally on Online Services Providers an authentication method. If those acesses require a token in the form of a DRM checksum, simply by modifying the code it will generate a different checksum... TIVO will say that is not their fault... i dont know but it seems complicated...

Specialy because that DRM token restricting funcionality, will not be most probably generated from any v3 covered code, but from the BIOS level. Watch next bios capable of playing online games while you load an online OS ftp://download.intel.com/technology/efi/docs/pdfs/IDF04li...

DRM is not about security, is about control, and protected by the DMCA. If that security BS message is passed sooner or later there will be huge FUD campaingns stating that because all the source code must be available, GPLv2 or V3 makes systems easely crackables, in fouling an Online Service, by any expert "kid".

In the general matter i'm on the side of FSF and RMS, but i belive the rug has been pulled out off their feet on this, and i cant see clearly how they gonna prevent this legally by means of a licence !...

That is why i sugest the provision of making those DRM features turn off upon user whish, that is, mandatory as an optional feature because v3 holds also for every "online" binary covered... but would that be DMCA legal ?... and inclusion of LinuxBIOS as an integral part of a Linux System... would vendors buy it ?

DRM is a bit of a red herring.

Posted Feb 12, 2007 17:37 UTC (Mon) by drag (subscriber, #31333) [Link]

"""GPL v3 can say that no license will hold, if the covered code is used to restrict functionality upon modification.

I don't understand everything your aiming at.

But if you want to use GPLv3 in a machine you want to sell to people that you want to impliment DRM then bypassing the userland and going straight to firmware is a perfectly valid way to do it and it wouldn't conflict with the GPLv3. Also running non-GPlv3 code along side GPlv3 code in order to impliment DRM is valid also.

The goal of the GPlv3 here isn't to eliminate DRM or make GPlv3 software incompatable with DRM, it's just to make sure that people don't use DRM to circumvent the GPL license and limit 'four freedoms' that are suppose to be garrenteed for Free software.

As long as a paticular form of DRM does not require that software be unmodifiable to work then there isn't any problem with it being used with GPLv3 as far as the license goes.

DRM is a bit of a red herring.

Posted Feb 12, 2007 23:50 UTC (Mon) by mmarq (guest, #2332) [Link]

"" I don't understand everything your aiming at. ""

.-Means tivoization will continue

.-It will be possible to disable functionality, if modified code is detected, most notorious on Online services, because those most logicly, not implementing the specific restrictions by using GPLv3 code, are not bond to the distribution licence terms... IANAL, but it seems logic to me.

But though, im getting confused myself. 3 pertinent questions arise on these tivoization and functionality clause:

Why isnt installing or replacing a binary program, or a binary derivative (plugin, library...) also be considered a modification upon the original program, which must be allowed to run ?

Just following the precedent question here providing key for "in sito" compilation and signature is completely wortless, as is i belive, transfer that key and source code to a 3th capable part without transfering the machine which that key is exclusively attributed ?

DRM is a bit of a red herring.

Posted Feb 11, 2007 22:02 UTC (Sun) by dlang (✭ supporter ✭, #313) [Link]

1. Tivo already gives you the full source for everything under the GPLv2 on the box.

2. people are already writing various tweaks and tools to run on the tivo. this 'evil company that's useing DRM' isn't preventing it. I have over a TB of shows that I've copied off of my tivo

what tivo isn't doing is making it trivial for people to load their own software on the tivo.

DRM is a bit of a red herring.

Posted Feb 11, 2007 22:28 UTC (Sun) by b3timmons (guest, #40286) [Link]

2. people are already writing various tweaks and tools to run on the tivo. this 'evil company that's useing DRM' isn't preventing it. I have over a TB of shows that I've copied off of my tivo

Of course, this is all illegal under the DMCA and no consolation if you want to be lawful, even with such repulsive, stupid laws. This only strengthens the case for GPLv3.

DRM is a bit of a red herring.

Posted Feb 12, 2007 0:30 UTC (Mon) by drag (subscriber, #31333) [Link]

I agree with that statement.

No form of 'DRM' is practical at all, when your goal is to control what people do with their own hardware and software. (you encrypt the data to 'protect it', but you have to give them the keys, hardware, and software nessicary to decrypt it, but depend on secrets to control their usage of it.)

The only way it works is through legal enforcement. With out DMCA then it would be profitable for businesses crack DRM and sell software and devices to do that.. the more stronger the DRM the more profitable cracking it would be. It would be so weak that invensting large amounts of money into it would garrentee business failure.

In the long run cracks and such will almost certainly always be aviable. Once those cracks are codified into redistributable software then it's trivial for people to use them..

but by breaking the law it's pretty much useless to people that want legetimant uses of their hardware and software that they do own themselves.

DRM is a bit of a red herring.

Posted Feb 12, 2007 1:45 UTC (Mon) by sepreece (subscriber, #19270) [Link]

"Of course, this is all illegal under the DMCA and no consolation if you want to be lawful, even with such repulsive, stupid laws. This only strengthens the case for GPLv3."

Note, though, that the GPL cannot make legal what the DMCA makes illegal...

DRM is a bit of a red herring.

Posted Feb 12, 2007 16:09 UTC (Mon) by Arker (guest, #14205) [Link]

In this case, it can, actually. Just as v2 hacked copyright law for freedom, v3 is hacking the DMCA for freedom. The moment a vendor like Tivo, assuming they use GPL v3 code, attempts to assert a DMCA claim, they are in violation of their license and lose their permission to use that software.

DRM is a bit of a red herring.

Posted Feb 12, 2007 17:23 UTC (Mon) by sepreece (subscriber, #19270) [Link]

If TiVo made such a claim, they might be in violation of their license. If the MPAA made such a claim, the user would still potentially face criminal prosecution.

Also, of course, the clause only applies to "the covered work". They're still free to prosecute if you try to hack any associated proprietary software or services.

Theft is a bit of a red herring

Posted Feb 11, 2007 22:18 UTC (Sun) by b3timmons (guest, #40286) [Link]

With such logic I could ask whether or not a car alarm system is worth it to inconvenience thieves.

I have read nothing about the GPLv3 making any conceivable form of Tivoization impossible, and, indeed, another poster recently posited an example involving a possible three-way vendor circumvention. What matters is not how we feel about DRM but being able to choose a license that best suits one's purpose, and if that purpose is to protect software freedom, then the GPLv3 will be the best choice, at least until something like a GPLv4. If Microsoft released an MSPL license that protected software freedom better than the GPLv3, then I would choose that.

Theft is a bit of a red herring

Posted Feb 12, 2007 3:12 UTC (Mon) by k8to (subscriber, #15413) [Link]

Perhaps unfair, but the answer is no. Car alarms are not worth it to inconvenience thieves. They do not seem to have significant theft reduction benefits. That is, the kind which makes noise etc. The lojack kind which simply track your car so after it is stolen you can have lojack tell the police the current location of the car work well. But the "inconvenience" sort do not generally inconvenience thieves, they only inconvenience your neighbors.

They do, however, have significant insurance benefits.

Recommendation: no GPLv3 for Solaris

Posted Feb 12, 2007 21:59 UTC (Mon) by rfunk (subscriber, #4054) [Link]

"But I guess we are getting way off topic."

It's amazing, yet reliable: just mention GPLv3, and the comments section explodes with
GPL controversy, regardless of the primary topic.