This project is suspicious
This project is suspicious
Posted Dec 6, 2024 11:45 UTC (Fri) by coriordan (guest, #7544)In reply to: This project is suspicious by randomguy3
Parent article: Apertis v2024 released
I'm not sure they can say that.
If they're working on a system to help people avoid contributing to free software projects, and they say it's for regulatory compliance, then it's difficult to also claim that they have no opinion on whether it's really necessary for said regulatory compliance.
It's a project whose most obvious purpose is to weaken our ecosystem. They're doing what Apple and Google do when they want to sell free software while also blocking the use of those freedoms. If Apertis might spread this model then we should hope Apertis fails.
GPLv3 was specifically drafted to allow medical devices to be locked down. The tivoisation clause is only for consumer products and smart home systems.
Posted Dec 6, 2024 12:32 UTC (Fri)
by ballombe (subscriber, #9523)
[Link] (5 responses)
Posted Dec 6, 2024 13:02 UTC (Fri)
by epa (subscriber, #39769)
[Link] (2 responses)
Posted Dec 6, 2024 14:32 UTC (Fri)
by coriordan (guest, #7544)
[Link] (1 responses)
The GNU utilities underline that giving people freedom is always good. There's no point being made that working around licences is always good. It depends on the goal.
The Unix implementations that were released under, for example, a BSD licence, were often modified by vendors and then the source code wasn't provided for the modified version. Same for X Windows / xfree86. So they were free software when published by the developers, but weren't free software when used by the users.
Richard invented the GPL licences to fix this problem and ensure that users received the freedoms.
Apertis is the opposite. They're looking for clever ways to help companies *not* give freedoms to users.
Posted Dec 6, 2024 16:24 UTC (Fri)
by a-wai (subscriber, #126817)
[Link]
This claim doesn't acknowledge the reality that GPL-2 software (such as e.g. systemd or the Linux kernel) is an important part of Apertis and won't go away anytime soon. That's still GPL, just not the latest version.
The fact that rust-coreutils is MIT is completely orthogonal: it would still be the best choice for Apertis if it were licensed under the GPL-2, for example.
(note: I'm a Collabora employee and have worked on Apertis in the past, including the rust-coreutils transition)
Posted Dec 6, 2024 13:10 UTC (Fri)
by mwelchuk (subscriber, #85200)
[Link] (1 responses)
Who's saying that they're inferior? The fact they're written in a memory safe language is a big plus.
Posted Dec 6, 2024 20:10 UTC (Fri)
by ballombe (subscriber, #9523)
[Link]
Posted Dec 6, 2024 12:57 UTC (Fri)
by swilmet (subscriber, #98424)
[Link]
But it comes up with a technical solution for something related to licenses and legal stuff. Instead, I would have preferred first a solution coming from lawyers, legal advice, finding arrangements with customers. Seeing if the GPLv3 is truly unacceptable for some customers.
Has the lawyer route been tried before, even if it's not the expertise of Collabora? Or are the customers too powerful to bend their decisions and their "fear" for the GPLv3?
Posted Dec 6, 2024 13:05 UTC (Fri)
by mwelchuk (subscriber, #85200)
[Link] (4 responses)
Both rust-coreutils and rust-findutils are existing MIT licensed projects. I'm not aware of any alternative implementations of components being used that aren't licensed under a FOSS license.
> It's a project whose most obvious purpose is to weaken our ecosystem. They're doing what Apple and Google do when they want to sell free software while also blocking the use of those freedoms. If Apertis might spread this model then we should hope Apertis fails.
That is not the purpose. The purpose is as stated, "to increase the adoption of modern, maintained OSS solutions in markets where this has historically been a challenge".
> GPLv3 was specifically drafted to allow medical devices to be locked down. The tivoisation clause is only for consumer products and smart home systems.
Apertis targets consumer products, like cars. Where in many jurisdictions there are regulatory constraints ,which many (including lawyers in the automotive world) would argue such clauses would be problematic.
(For transparency: I have worked on the Apertis project.)
Posted Dec 6, 2024 14:58 UTC (Fri)
by coriordan (guest, #7544)
[Link] (3 responses)
They're all FOSS, yes, but Apertis didn't say "Hey, rust-coreutils is memory safety!" Instead, it seems they're saying, "Hey, here's a GNU/Linux system that we've modified such that you don't have GPLv3's requirements to ensure the users can modify that software!" The choice of package seems to be motivated by weakening obligations for companies to contribute back or to avoid that their customers get the intended freedoms.
> The purpose is as stated
They say they're removing GPLv3 as a means to solve a problem, but the problem is barely described. And when the solution is so harmful, a bit of justification should be expected.
> Apertis targets consumer products, like cars.
Cars, like medical devices, are (IIRC) not in the "consumer products" definition ("any tangible personal property which is normally used for personal, family, or household purposes"). I don't remember the details, it was many ago that I last looked into that. There are probably some good docs available. The GPL FAQ gives just two examples of consumer products: portable music players and digital video recorders.
Posted Dec 6, 2024 16:49 UTC (Fri)
by mwelchuk (subscriber, #85200)
[Link]
One of the selling points for Apertis is it's ability to be used in places where the GPLv3 would be problematic. The fact that rust-coreutils and other such packages are written in a memory safe language was definitely seen as a positive, however it's not the main focus of Apertis.
Collabora is a consultancy. We strongly believe in open source and work with a number of large companies, promoting and helping them to make use of open source, including frequently submitting improvements upstream. For instance, if you look back at the development statistics for previous kernels on this site, you will see Collabora come up in the most active list from time to time. This is a result of the work we do with our clients.
We will make pragmatic choices (as we have in the case of package selection in Apertis) to enable our clients to use open source, whilst ensuring that we honour the licensing terms for the projects that we choose / are able to use in the given circumstances.
> They say they're removing GPLv3 as a means to solve a problem, but the problem is barely described. And when the solution is so harmful, a bit of justification should be expected.
The problem is that clauses, such as the anti-tivoization clause in the GPLv3, make it impossible for a company looking to ship a consumer focused device, specifically one that needs to comply with strict regulations (typically requiring the manufacturer to ensure that unsanctioned changes can't be made to the software), to use software under that license. This is not a new issue, it's been known about since before the GPLv3 was finalised and is why the Linux kernel still ships under the GPLv2 license.
We're honouring the licensing terms as chosen by the projects involved. As a result the freedoms of each projects users are being maintained as requested by their authors. I agree, there are projects that grant more freedoms to their users, however for the reason described above we avoid using those projects so as not to violate the freedoms they wish to provide their users. There is a pragmatic balance that sometimes needs to be made here in certain circumstances.
In using a Linux based OS on a device, there are still large portions of that OS that are licensed in a way that require source to be shared, but do not require the device to be modifiable. For example kernel support where, unlike a mature low level utility, there is likely to be some support added (and such support is typically upstreamed as we prefer to avoid heavily modified downstream vendor kernels or carrying out-of-mainline patches in Apertis), which can broadly benefit the FOSS community in providing improved access to support for the SoC, functionality in SoCs using similar/identical IP cores or other ancillary components that may well be used in other devices. A common alternative is a proprietary OS such as VxWorks or QNX is used instead, where no such advantage for the FOSS community exists.
> Cars, like medical devices, are (IIRC) not in the "consumer products" definition ("any tangible personal property which is normally used for personal, family, or household purposes"). I don't remember the details, it was many ago that I last looked into that. There are probably some good docs available. The GPL FAQ gives just two examples of consumer products: portable music players and digital video recorders.
I don't know what to say. I personally own a car that's used for personal, family, and household purposes. They're classed as consumer goods, hence the issue.
Posted Dec 8, 2024 19:09 UTC (Sun)
by sammythesnake (guest, #17693)
[Link]
I'm a little confused how you think that definition doesn't cover cars. It sure as hell includes *my* car! Even my van, which is *mostly* used for business purposes is also used for daily domestic stuff...
Posted Dec 8, 2024 19:29 UTC (Sun)
by Wol (subscriber, #4433)
[Link]
I think the problem is extremely obvious. It's called a "lost opportunity". As in "if we don't do this we will get locked out of the market".
And while the GPL fanatics don't seem to care about whether FLOSS is actually used or not, so long as they can live in their digital cave, some of us would actually like to see FLOSS make a difference in the real world. I'm actually rather gutted that my company would rather pay for OpenQM, than use the GPL2 ScarletDME.
If I write NEW code for Scarlet, I'll almost certainly MPL it, with the *deliberate* intention that the owners of OpenQM can incorporate it. I don't particularly like the idea, but imho the alternative is worse.
Cheers,
Posted Dec 6, 2024 13:17 UTC (Fri)
by jjs (guest, #10315)
[Link]
Where do they say others can't use & contribute to GPL3 projects? Nowhere that I can see. Nor are they saying those that use their project CANNOT use or contribute to GPL3 software. However, they are saying that some organizations don't want to use software licensed under those terms, so they are providing software licensed other other F/LOSS licenses (https://github.com/uutils/coreutils/blob/main/LICENSE for coreutils). It's not my favorite (which is GPL2), but it's F/LOSS, same as BSD. I personally won't disparage people for using a BSD OS instead of linux. It's still F/LOSS.
>they say it's for regulatory compliance, then it's difficult to also claim that they have no opinion on whether it's really necessary for said regulatory compliance.
No, they claim their customers say its for regulatory compliance. See mwelchuk's comment on that.
Posted Dec 6, 2024 17:14 UTC (Fri)
by randomguy3 (subscriber, #71063)
[Link]
This project is suspicious
Instead of presenting rust-coreutils on its merit as an implementation of coreutils in a safer language, it is presented as a way to work around coreutils license, that is as an inferior solution whose only purpose is to satisfy some beancounter.
This project is suspicious
This project is suspicious
This project is suspicious
This project is suspicious
This project is suspicious
This project is suspicious
This project is suspicious
This project is suspicious
This project is suspicious
This project is suspicious
This project is suspicious
Wol
This project is suspicious
This project is suspicious