|
|
Subscribe / Log in / New account

The third GPLv3 draft

The third GPLv3 draft

Posted Mar 28, 2007 15:45 UTC (Wed) by gdt (subscriber, #6284)
In reply to: The third GPLv3 draft by alexbk
Parent article: The third GPLv3 draft

Since people may want an example, I'll give one.

Most mainframes are sold with significantly more hardware than is enabled. If you want an "upgrade" then the vendor calls in and does a "screwdriver free upgrade" of the hardware by flicking a few bits. These bits are increasingly protected by DRM technologies.

Both the vendor and the customer would prefer that the DRM not be subverted by software licenses. The vendor's preference is obvious. The customer's preference is that they would like the ability to "dial" more capacity to remain, since the alternative is to receive the hardware actually ordered, to organise hardware upgrades, and to suffer the scheduled downtime associated with those.

to post comments

The third GPLv3 draft

Posted Mar 28, 2007 19:35 UTC (Wed) by khim (subscriber, #9252) [Link] (1 responses)

How the hell GPL is related to this ? I can think quite a few cases where DRM is sensible (your sample is quite convincing) but I'm yet to see the situation where you need to lock up huge mass of code (typical Linux+GNU distribution plus KDE and Firefox). It's just not workable! There are will be security holes, buffer overflows, etc: you'll only succeed in making life for lawful user miserable while crackers will have the ability to circumvent DRM-protection anyway... To make any sense you need small, simple, auditable piece of code - and if this code should be written from scratch without GPL components - then so be it.

The third GPLv3 draft

Posted Mar 28, 2007 20:48 UTC (Wed) by drag (guest, #31333) [Link]

Well ya.

That's the problem with depending on things like TPM/checksumming for your security. Sure it can be used to check for rootkits when you reboot your server it can't realy do anything for exploits in running code.

Not at least until you get to the point were things like in-memory checksums for executable parts of program or something bizzare like that. It'll be a few more years before we get stuff like that aviable on the PC.

mainframe exception

Posted Mar 29, 2007 4:24 UTC (Thu) by rfunk (subscriber, #4054) [Link] (7 responses)

This is insane. The FSF wants to allow this mainframe exception, but
instead of writing it as a mainframe exception (or whatever) as intended,
it's written to be targeted toward these "user products".

Hey FSF, please say what you mean, rather than attempting to work with a
negation of your interpretation of the inverse set. English doesn't work
the same way code does.

I'm with the other commenter who said just add "unless you waive that
right" instead.

mainframe exception

Posted Mar 29, 2007 5:59 UTC (Thu) by dlang (guest, #313) [Link] (6 responses)

so how long before people start requireing you to waive your rights to arbatrary sections of the GPL as a condition of selling the product to you?

mainframe exception

Posted Mar 30, 2007 16:38 UTC (Fri) by sbergman27 (guest, #10767) [Link] (5 responses)

Wouldn't work. The license to distribute the code comes from the copyright holder.

The user's right to use the code comes from the same source.

The end user has no right to waive anything in the copyright holder's license.

waiving of GPL rights

Posted Mar 30, 2007 21:14 UTC (Fri) by giraffedata (guest, #1954) [Link] (4 responses)

The user's right to use the code comes from the same source.

The end user has no right to waive anything in the copyright holder's license.

We're talking about the license from the copyright holder hypothetically saying, "unless the recipient waives those rights."

And giving that sort of freedom to the recipient means stating the rights at all is a waste of paper and there is no GPL.

waiving of GPL rights

Posted Mar 31, 2007 14:38 UTC (Sat) by sepreece (guest, #19270) [Link] (3 responses)

The user arguably has a right under contract law to waive any right granted to her by the license. The license doesn't require you to exercise your rights, it simply offers them to you.

Now, the GPL has additional clauses that attempt to make it harder for the distributer to offer you such a deal. I think it's a wide-open question whether that aspect of the GPL would hold up in court. I'm not even sure how it would get to court, unless a distributor penalized a customer for exercising GPL rights after agreeing not to do so. Courts tend to give people a lot of scope to make contracts. [IANAL]

waiving of GPL rights

Posted Mar 31, 2007 17:25 UTC (Sat) by giraffedata (guest, #1954) [Link] (2 responses)

The user arguably has a right under contract law to waive any right granted to her by the license.

Yes, but once she does, the license no longer exists, so the distributor can't give her the code, so the right effectively doesn't exist.

the GPL has additional clauses that attempt to make it harder for the distributer to offer you such a deal. I think it's a wide-open question whether that aspect of the GPL would hold up in court.

That isn't just a minor aspect of GPL -- it's the essence of GPL. If such a license condition is not enforceable, there is no GPL; everyone can just use BSD.

Though I'm not a copyright lawyer, I remember when GPL was new some people arguing that such conditions are not enforceable, much like many contract terms are not (e.g. an employee can't agree not to work for anyone else in the field for the rest of his life). I have not heard that argument in years, and of all the open source copyright disputes with all the IP attorneys involved, I can't think of one where the distributor argued that his recipient traded away his GPL rights.

So I'm going with the idea that GPL works.

I'm not even sure how it would get to court, unless a distributor penalized a customer for exercising GPL rights after agreeing not to do so.

Yeah, that's one way, and perfectly expectable. A more direct way would be where rather than penalize the customer, the distributor just refused to cooperate. E.g. customer asks for the key to make his router run his modifications, and Linksys says, "you agreed when you bought the router you couldn't have one," and the customer asks a court to compel Linksys to give up the key anyhow. (And assuming Linksys wins, Harald Welte points out that he gave Linksys permission to distribute his code in the router on the condition that Linksys make the keys available to every customer, and therefore asks a court to award him damages from Linksys for copyright infringement).

waiving of GPL rights

Posted Mar 31, 2007 20:41 UTC (Sat) by sepreece (guest, #19270) [Link] (1 responses)

"but once she does, the license no longer exists,"

No, the license is granted to the distributor, not the end user (though the end user gets it, too). The end user's behavior cannot affect the distributor's right to distribute and once the software has been conveyed under that license, the end user has a right to use the software as long as she does not violate the terms of the license, which yielding her rights would not do.

Again, imagine the case where the consumer buys the phone, with GPLed software and then, *after* the conveying of the software in the phone, the user separately contracts with a third party for cellular service on the phone tied to a particular version of the software. The GPL cannot affect whether such a contract is possible or enforceable.

I don't think the example you present would occur. The customer could have the keys needed to modify the software, but as soon as she installed a new version the service contract would terminate service under the terms of the service contract.

waiving of GPL rights

Posted Mar 31, 2007 22:49 UTC (Sat) by giraffedata (guest, #1954) [Link]

The end user's behavior cannot affect the distributor's right to distribute and once the software has been conveyed under that license,

Ah, but it's not the end user's behavior after the software has been conveyed (technically, after the copy has been made). It's the distributor's behavior as he makes the copy: He fails to make an irrevocable promise to the end user to make keys available.

That the distributor didn't make the promise because the end user asked him not to is irrelevant.

I don't think the example you present would occur.

I believe we were talking about what's legally possible and what GPL proponents want to prevent, so it's about what could occur, not what would. If no distributor would do that, there's no need for any key language in GPL, and probably not much need for keys.

The customer could have the keys needed to modify the software, but as soon as she installed a new version the service contract would terminate service under the terms of the service contract.

OK, then, aside from the legal question, would a distributor do what I proposed (sell a router without keys needed to modify the software), when he could do just what you say instead? I see great interest among distributors in doing it my way. Tivo could simply say if you modify the box, your warranty and any service contract is void. It could even put some kind of seal on it to keep you from cheating. But it doesn't. It engineers the box to make it impossible for you to modify it. Many other embedded device manufactures do that too.

I can think of several reasons a manufacturer might not to want the user to modify the box at all. But that's straying too far from this "can a recipient waive his GPL rights?" topic.

The third GPLv3 draft

Posted Mar 29, 2007 17:42 UTC (Thu) by stevenj (guest, #421) [Link] (2 responses)

Both the vendor and the customer would prefer that the DRM not be subverted by software licenses. The vendor's preference is obvious. The customer's preference is that they would like the ability to "dial" more capacity to remain, since the alternative is to receive the hardware actually ordered, to organise hardware upgrades, and to suffer the scheduled downtime associated with those.

I still don't understand this example. Even previous drafts of the GPLv3 didn't force the user to employ the DRM keys, any more than GPLv2 forces the user to employ the source code. The GPL should just say that that the manufacturer/distributor must make the keys available to recipients upon request.

I can fully understand that some users may prefer not to use (or even see) the DRM keys. I can also fully understand that a distributor may offer a warranty only on the condition that you don't use/request the DRM keys (in the same way that with GPLv2 you can offer a warranty only on unmodified binaries if you choose). I don't understand why the old GPLv3 draft was a problem for this case, however, or why they had to remove even the option of getting the keys.

The third GPLv3 draft

Posted Mar 30, 2007 11:46 UTC (Fri) by alexbk (subscriber, #37839) [Link]

I don't get this either. The condition that the customer can't get the keys to fiddle/tinker can be
specified in the support contract; if the customer really wants, he can obtain the keys via the GPL
provisions but then he loses all support. Why complicate the software license instead of laying it out
in the support contracts where it belongs?

The third GPLv3 draft

Posted Mar 30, 2007 12:09 UTC (Fri) by alexbk (subscriber, #37839) [Link]

Looks like we both are thinking the same thing :)

http://gplv3.fsf.org/comments/rt/readsay.html?filename=gp...
http://gplv3.fsf.org/comments/rt/readsay.html?filename=gp...


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds