Trials, tribulations, and trademarks
Fedora's policies are not normally forgiving of packagers who want to bundle their own versions of libraries. Having multiple copies of libraries bloats the size of the distribution and makes it hard to fix any security problems in those libraries. This policy has, at times, made life difficult for packagers trying to get a new program (with a bundled library) into the distribution; such packagers are usually required to make the program work with the system's core libraries. There are exceptions, though, with Mozilla-based packages (Firefox, Thunderbird, and xulrunner) being at the top of the list.
Mozilla, in turn, is adamant about its right to bundle its own libraries. The project's recent rejection of a patch allowing the use of a system's version of libvpx was the immediate cause of the discussion in the Fedora community. Mozilla developer Chris Pearce justified the decision this way:
Firefox is free software; Fedora is free to modify its build to make Firefox use Fedora's own libvpx. The catch, of course, is the trademark policy: if Fedora makes this kind of change, it can no longer call the browser "Firefox." That is a restriction which rubs some developers the wrong way. Some users have gone as far as to claim that trademark restrictions make the software non-free:
Such users have been calling on Fedora to drop Firefox and take the iceweasel route. It is worth noting that the people asking for this change are not the people who would have to do the work. And it seems that the amount of work would be considerable. In fact, we're told that Fedora's maintainers cannot really keep up with Firefox etc. now; they have little appetite for taking on more work to get away from the trademark policy. As Rahul Sundaram put it:
In fact, according to Adam Williamson, Fedora's policy with regard to Firefox is not driven by the trademark policy anyway:
This claim was not accepted by all members of the Fedora community. Toshio Kuratomi responded:
One suspects that, in the absence of the trademark issue, there would be more pressure within Fedora to simply fix the bundled library issue in Fedora. But nobody wants to take on the extra burden that would be imposed by forking Firefox - even if it's a fork which simply tracks upstream with a few added changes.
Beyond that, it has been noted that Fedora, itself, has a similar trademark policy in place. Maintaining that policy while protesting Mozilla's seems a little inconsistent.
Trademarks often seem at odds with the ideals of free software; they may not place restrictions on what can be done with the code, but they do restrict the combination of the code and a name. Many people in the community (and here at LWN) have worried that this control could be used to restrict the community's freedom in unwelcome ways. Clearly, some people not only fear that it could happen, but that it is happening now.
That said, we now have roughly ten years of experience with the combination
of trademarks and free software. That experience has certainly proved
irritating at times. But it has not proved disastrous. In the end, the
power of a name is not as strong as the power behind the freedom to fork.
Losing the XFree86 name did not hinder X.org, and the OpenOffice.org
trademark has not stopped LibreOffice. After this much time, it is
tempting to conclude that free software and trademarks can live with each
other - or, more exactly, separating the two is done easily enough when the
need arises. Obnoxious trademark policies are still worth protesting, but
we need not fear that they threaten free software as a whole.
(Log in to post comments)
Trials, tribulations, and trademarks
Posted Oct 7, 2010 2:36 UTC (Thu) by pranith (subscriber, #53092) [Link]
Iceweasel straight from Debian, right?
Trials, tribulations, and trademarks
Posted Oct 7, 2010 2:57 UTC (Thu) by rahulsundaram (subscriber, #21946) [Link]
Trials, tribulations, and trademarks
Posted Oct 8, 2010 0:09 UTC (Fri) by giraffedata (guest, #1954) [Link]
Iceweasel follows Debian requirements and release cycles. Simply taking it and using it won't necessarily work according to Fedora requirements.
Does Firefox follow Fedora requirements and release cycles better than Iceweasel? I don't see an obvious reason that it would.
Trials, tribulations, and trademarks
Posted Oct 8, 2010 5:34 UTC (Fri) by rahulsundaram (subscriber, #21946) [Link]
Trials, tribulations, and trademarks
Posted Oct 7, 2010 8:51 UTC (Thu) by jond (subscriber, #37669) [Link]
Trials, tribulations, and trademarks
Posted Oct 7, 2010 9:08 UTC (Thu) by rahulsundaram (subscriber, #21946) [Link]
Trials, tribulations, and trademarks
Posted Oct 7, 2010 11:21 UTC (Thu) by epa (subscriber, #39769) [Link]
It would, however, put an end to these discussions, and let the question of splitting out libraries (or any other change) be decided on technical grounds. Or, if you prefer, it would avoid trademark issues being used as an excuse, and focus discussion on the real reasons why it might be a bad idea to diverge from upstream.
Trials, tribulations, and trademarks
Posted Oct 7, 2010 11:24 UTC (Thu) by rahulsundaram (subscriber, #21946) [Link]
Trials, tribulations, and trademarks
Posted Oct 7, 2010 12:33 UTC (Thu) by mjthayer (guest, #39183) [Link]
If Mozilla are happy have a switch to disable the branding, can't they also have a switch to disable the bundled libraries that also forces disabling of the branding? I can see why they wouldn't want to, but I was also surprised that they do the branding thing, and perhaps they would be good for more surprises.
Trials, tribulations, and trademarks
Posted Oct 7, 2010 14:47 UTC (Thu) by pjones (subscriber, #31722) [Link]
Trials, tribulations, and trademarks
Posted Oct 7, 2010 16:37 UTC (Thu) by ewan (subscriber, #5533) [Link]
The Firefox maintainers in Fedora do not consider trademarks to be the real issue.That doesn't seem to address the point that was being made. Whether or not the trademarks are the real issue, they do keep getting brought up in discussions about whether or not to patch Firefox, and are explicitly the reason for not opening up the ACLs in the normal manner.
What 'epa' seems to be suggesting is that simply flipping the branding switch does not, in itself, add significant maintenance effort, and would allow discussions of unbundling, security patching, KDE integration etc. to take place on purely technical grounds without anyone bringing trademarks up as an argument, 'real' or otherwise.
It may also allow an increase in the amount of effort that can be spent on Firefox by allowing it to be opened to the whole of the proven packagers group.
Trials, tribulations, and trademarks
Posted Oct 7, 2010 16:54 UTC (Thu) by iabervon (subscriber, #722) [Link]
Trials, tribulations, and trademarks
Posted Oct 8, 2010 0:46 UTC (Fri) by ras (subscriber, #33059) [Link]
BTW, the argument elsewhere that iceweasle don't keep up with Fedora / Ubuntu is simply wrong. There is always a fairly modern version of it in Debian - be it experimental, unstable or testing. All the Linux distro's have to do is decide to pull together and use it. Doing so would reduce the workload for everyone.
Trials, tribulations, and trademarks
Posted Oct 8, 2010 2:09 UTC (Fri) by iabervon (subscriber, #722) [Link]
Mozilla would probably welcome an iceweasel project which would maintain a codebase with a workflow that's suitable for packaging for distributions. But it's not their model and not something they'd want to run (and they wouldn't do a good job of it if they tried). Distros could switch to iceweasel if there were a group maintaining it, but it doesn't really work to have a project whose whole community is the package maintainers for it for different distributions without anyone to act as the upstream maintainer and without any developers.
Trials, tribulations, and trademarks
Posted Oct 7, 2010 4:12 UTC (Thu) by alankila (guest, #47141) [Link]
Trials, tribulations, and trademarks
Posted Oct 7, 2010 4:34 UTC (Thu) by rahulsundaram (subscriber, #21946) [Link]
Trials, tribulations, and trademarks
Posted Oct 7, 2010 11:22 UTC (Thu) by sorpigal (subscriber, #36106) [Link]
Who cares about brand recognition? Just bless any Gecko-based browser as the default one and let users who want it download Firefox from Mozilla. Kazehakase and Galeon may not be Firefox but they're good enough for a bundled browser.
Trials, tribulations, and trademarks
Posted Oct 7, 2010 11:31 UTC (Thu) by rahulsundaram (subscriber, #21946) [Link]
In the real world? Lots and lots of users. Besides the user interface for some of the other browsers like Galeon are really tailored towards power users and not a good fit for the default.
Trials, tribulations, and trademarks
Posted Oct 7, 2010 12:43 UTC (Thu) by cortana (subscriber, #24596) [Link]
Trials, tribulations, and trademarks
Posted Oct 8, 2010 0:11 UTC (Fri) by vonbrand (guest, #4458) [Link]
epiphany has fallen in serious disrepair...
Trials, tribulations, and trademarks
Posted Oct 8, 2010 2:58 UTC (Fri) by mfedyk (guest, #55303) [Link]
and it feels as clunky and bass ackwards as spacial gnome.
Trials, tribulations, and trademarks
Posted Oct 8, 2010 9:45 UTC (Fri) by cortana (subscriber, #24596) [Link]
Epiphany has a clean, simple and functional UI that integrates correctly with the rest of GNOME.
If you can constructively explain why you think it feels clunky and "back asswards" then I invite you to do so on <http://bugzilla.gnome.org/>.
Trials, tribulations, and trademarks
Posted Oct 8, 2010 10:12 UTC (Fri) by rahulsundaram (subscriber, #21946) [Link]
Trials, tribulations, and trademarks
Posted Oct 8, 2010 11:23 UTC (Fri) by wookey (guest, #5501) [Link]
I don't know what you mean about 'hiding URLs by default'. The adress bar works you way you expect, with auto-google searching for not-URLs and auto-history display when typing, and it shows the URL when you are looking at one. It's simpler than firefox in that there is no distinction between the 'address bar' and the 'search bar' (which can be a little annoying, but mostly is great). The tab layout is actually better than default firefox - although no doubt I could find an extension to fix that.
So actually I think many users wouldn't even notice if you gave them epiphany as a default browser. Not that I necessarily advocate this as a fix for the issue of system libraries/internal libraries.
I am very uncomfortable about the way various large apps are shipping their own libs. I really don't think it's right or good in the long term, but then I'm not maintaining any of this stuff...
Trials, tribulations, and trademarks
Posted Oct 14, 2010 11:05 UTC (Thu) by sorpigal (subscriber, #36106) [Link]
People on lwn are probably not most people. I could not, personally, see myself switching to any non-XUL browser to which I cannot apply my collection of favorite extensions, nor could I use any browser which does not allow me to set certain options according to my preferences (tab behavior, link expiration time, etc.) An adequate default browser is all most people require or will ever need, the rest of us can download Firefox manually.
Trials, tribulations, and trademarks
Posted Oct 14, 2010 11:07 UTC (Thu) by rahulsundaram (subscriber, #21946) [Link]
Perhaps true a few years back. Now a lot of users have used and heard about Firefox and Chrome. These brands have very significant value.
Trials, tribulations, and trademarks
Posted Oct 7, 2010 13:55 UTC (Thu) by mrshiny (subscriber, #4266) [Link]
Trials, tribulations, and trademarks
Posted Oct 8, 2010 21:58 UTC (Fri) by droundy (subscriber, #4559) [Link]
Trials, tribulations, and trademarks
Posted Oct 7, 2010 17:09 UTC (Thu) by iabervon (subscriber, #722) [Link]
The distro package management system for leaf packages really isn't worthwhile if the distro doesn't have the resources to maintain the package beyond passing on updates and the upstream project doesn't have the packager community interaction style to make it easy.
Trials, tribulations, and trademarks
Posted Oct 8, 2010 4:17 UTC (Fri) by alankila (guest, #47141) [Link]
The world doesn't really want or need bunch of firefox/iceweasel/what-have-you variants, bunch of chromium variants etc. It just needs the official codebase, and a policy that allows that component to be updated when necessary, and the distro is absolutely blameless if the browser not part of the distro results in takeover of user's system.
Trials, tribulations, and trademarks
Posted Oct 7, 2010 4:53 UTC (Thu) by gmaxwell (guest, #30048) [Link]
As part of the upstream team on some of the libraries Firefox is bundling, and a Fedora user myself, I found this comment on the FESCo trac to be well informed:In any case, this is just 'good system development practices' being the opposite of 'good application development practices'. Once both the system and applications get to a certain size I do wonder what we gain from a hardline stance here, as we're explicitly asking local maintainers to do things that are *bad* practice for the upstream application.
If the people clamouring for firefox unbundling (which has happened every couple of months for some time now) users would have been exposed to security vulnerabilities and instabilities in fedora on several occasions.
The common argument "but the fixes need to be in the main distribution too!" is invalid on two grounds: In some cases the security vulnerabilities have come from new API/ABI promises (e.g. "It's safe to call this function with a null pointer" when the API previously disallowed that) provided for Firefox which no other application should yet depend on things which exists because Firefox is collaborating with upstream and because Fedora itself just isn't diligent about picking up important fixes from upstream projects at a pace compatible with Firefox's development speed and wide exposure: The fixes are there as patches in Moziila's SCM and often in upstream's SCM, free for the taking but Fedora isn't taking them.
Not that it's easy it isn't. But unbundling the libraries from firefox wouldn't make the problem go away. Nothing Mozilla is doing prevents Fedora from taking these changes on their own. It's just an existence proof that Fedora is currently unable to do that job.
Mozilla simply has a greater focus and more resources on this area than Fedora does. On some of the libraries Mozilla employees and community members contribute upstream on these libraries, Fedora's packagers do not. Mozilla is making the right decisions for Firefox and by extension all the Firefox users on Fedora.
Then there is the issue that Mozilla is shipping patches to libpng that Fedora's upstream for that library will not take. Unbundling would cripple an advertised feature of Firefox (and break all the animated parts of the trademarked UI elements anyways). Fedora could patch the libpng that it is currently shipping but it hasn't done so yet. Nothing Mozilla is doing could prevent this. Again, Fedora just doesn't appear to be up to the challenge.
If Fedora could do and chose to do the work required to provide a stable and secure Firefox without the bundling including pushing along the relevant upstreams to get out releases with the fixes then switching to iceweasel might not harm Fedora users but there would be little reason to switch because the libraries would no longer need to be bundled.
Trials, tribulations, and trademarks
Posted Oct 7, 2010 12:57 UTC (Thu) by foom (subscriber, #14868) [Link]
Yeah, Mozilla should just stop doing that. It's clear by now that APNG is not going to be accepted upstream. Nobody actually uses it anyways, so just drop the patch. The UI elements (plural? really? isn't it only the throbber?) could certainly just switch to using multiple separate images...
Trials, tribulations, and trademarks
Posted Oct 7, 2010 18:57 UTC (Thu) by MaxSt (guest, #70509) [Link]
Oh, people use it. In fact, they want more APNG support. See the #1 most popular request here:
Trials, tribulations, and trademarks
Posted Oct 7, 2010 22:06 UTC (Thu) by foom (subscriber, #14868) [Link]
Trials, tribulations, and trademarks
Posted Oct 8, 2010 7:04 UTC (Fri) by MaxSt (guest, #70509) [Link]
Trials, tribulations, and trademarks
Posted Oct 7, 2010 13:03 UTC (Thu) by foom (subscriber, #14868) [Link]
Did anyone make a CVE entry for the bug in the upstream library? If so, Fedora isn't doing their job. If not, it seems like Mozilla isn't doing their job of reporting vulnerabilities properly so distros can take the fixes for the necessary upstream libs. They certainly ought to be doing this if they're made aware of such a bug, so that other clients of the library can get the fix.
> including pushing along the relevant upstreams to get out releases with the fixes
Shouldn't this be *Mozilla*'s job? If they want to depend on a new feature in a library, why aren't they the ones pushing for upstream to make a new release with the necessary features?
Trials, tribulations, and trademarks
Posted Oct 8, 2010 0:39 UTC (Fri) by ras (subscriber, #33059) [Link]
It looks to me like Firefox insists in bundling all its libraries because that is how its largest distro does it, that distro being Windows. Windows requires you to ship and maintain all the libraries you use. Since Firefox is forced to do it that way for Windows it is convenient for them to treat everything else the same way.
It may be convenient for them, but it sure as hell isn't convenient for the open source distro's. As pointed out elsewhere, there are very good technical reasons for maintaining just one copy of each library on the system. One particularly good one is security. The consequence of everyone shipping their own copies of libraries is when a security hole is found in a library, it often hangs around for years because vendors don't update their copy of it. I suspect if open source distro's were forced to do it the Windows way everywhere they would collapse. Even a distro the size of Debian could not cope with the burden of maintaining security patches if its repository contained 1000's of copies of each library (there are 22K packages in Debian).
The bottom line is Firefox is doing its damnedest to force the Linux distro's to adopt the what most of us see as a technically worse way of doing things. It happens to be the Windows way. This is a galling situation for free software advocates to find ourselves in.
Trials, tribulations, and trademarks
Posted Oct 8, 2010 2:59 UTC (Fri) by gmaxwell (guest, #30048) [Link]
It looks to me like Firefox insists in bundling all its libraries
Out of the over a hundred libraries Firefox is using on my system they are only bundling something like 5 of them. Debian on the other hand isn't even shipping the version of Firefox under discussion at all, what they are shipping in sid is seriously outdated, and even in experimental doesn't appear to have unbundeled the media libraries in the iceweasel that they are shipping!
Firefox is doing its damnedest
Mozilla has been entirely passive in this as far as I can tell, save one comment on a bug-tracker, I assume that they're too busy working on getting Firefox 4 out the door. Did you message contain even a single statement of fact which wasn't incorrect?
Regardless of the trademark situation Fedora would have to do _something_ inside the distribution about the differences with the bundled libraries and yet they are doing _nothing_. The barrier here isn't Mozilla it's the lack of time or disinterest of the Fedora packagers.
The only people doing their damnedest here are some whiners affiliated who are far more concerned with checking off a box on a conformance list than taking care of their users needs. But I guess it's a lot easier to call Mozilla evil than take the time to even understand the issues much less fix something.
As part of one of the bundled upstreams I haven't heard a _word_ from any of the firefox packagers interested in getting this resolved which tells me just about everything I need to know about the real motivations here. I at least feel we have a working relationship with debian folks. This response from Fedora is beginning to feel like Canonical's pushy attempts to get free software projects to synchronize with their release schedule. I wish the Fedora community would police itself better.
Trials, tribulations, and trademarks
Posted Oct 8, 2010 5:18 UTC (Fri) by rahulsundaram (subscriber, #21946) [Link]
What is that something you refer to? Be more specific. If you have a suggested course of action, let's hear it, preferably in the devel list.
"This response from Fedora is beginning to feel like Canonical's pushy attempts to get free software projects to synchronize with their release schedule. I wish the Fedora community would police itself better."
There isn't any particular response from Fedora yet. People are discussing options and there isn't any consensus on the right approach yet and I am not sure why we need to police anything if the discussions remain civil and focussed on the technical problems and solutions.
Trials, tribulations, and trademarks
Posted Oct 8, 2010 6:11 UTC (Fri) by gmaxwell (guest, #30048) [Link]
What is that something you refer to? Be more specific. If you have a suggested course of action, let's hear it, preferably in the devel list.
This devel list? Or the one where I drew attention to the bundled multimedia libraries 8 months ago, or am I confusing it with the time I pointed it out on LWN almost a year ago?
From my perspective this is a minuscule technical issue which Fedora has been studiously ignoring for the last year. I've quietly pointed it out a few times since I was made aware that fedora supposedly cares about it and I've done what I could do to help: I've wrangled patches upstream where and when I could. I hope you can forgive my frustration at this suddenly being treated as an urgent matter deserving accusation laden debate.
In all this time, and especially during this most recent discussion I haven't seen any real focus on technical problems and solutions from the Fedora camp. Most attention seems to be on pointing fingers at Mozilla but from my perspective it is the Fedora side which is failing to act and has been failing to act since at least December 2009.
In this recent discussion my efforts to draw attention in the direction of the technical has failed it lost in the noise of discussion about everything except the technical substance.
As far as I can tell I am the only person actually moving things forward in any concrete way.
I have no idea why people are willing to spend so much time throwing accusations in public but can't take a few minutes to do some simple patch wrangling. I hope I'm misreading all of this, because I'm very disappointed in the Fedora community right now.
Trials, tribulations, and trademarks
Posted Oct 8, 2010 6:33 UTC (Fri) by rahulsundaram (subscriber, #21946) [Link]
I would say Mozilla is responsible for filing CVE and making sure that security issues are known to upstream and other distributions and it is not merely a question of bundling libraries at that point. If indeed there are security issues that can be exploited then it becomes a far more urgent issue.
Why is Firefox in the wrong?
Posted Oct 7, 2010 9:32 UTC (Thu) by NRArnot (subscriber, #3033) [Link]
In contrast the penalty for Firefox not being able to push out a big-fix for a library but having to wait on that library's maintainer and then on the distribution could be catastrophic for the owner of the system. Firefox is almost inevitably going to come into contact with hostile or subverted web content sooner or later.
Seems to me that Firefox are making the right trade-off. Unless I've missed something?
Why is Firefox in the wrong?
Posted Oct 7, 2010 12:53 UTC (Thu) by mjthayer (guest, #39183) [Link]
You beat me to that one. There has been quite a bit of discussion of bundled libraries recently and some questioning of FLOSS distribution orthodoxy, and that has made me wonder about some things too. And start to picture an alternative world where most applications would bundle most libraries, and just a core set of widely used libraries that people agree on in the core distribution (this needn't be all or nothing - something like Qt, or for that matter Gtk+, would be better as an "optional core" element, maybe as part of a larger "core building block package").
This would simplify the rather brittle and rather micro-managed packaging system in use on current Linux-based systems (yes it normally works well, but at the price of how much effort), and the effort which goes into maintaining that today could be used for finding a way of tracking if the bundled libraries in a package are up-to-date from a security point of view. I'm sure that that problem could be solved with at most the same effort.
Before anyone tells me, I know this is idle talk. If I ever have time I may try pushing things that way (though I have no idea how I would start, as if everyone else disagreed I could work forever without moving anything); as I don't just now I am pushing it out for anyone (if at all) who might be interested and be active in that area.
Why is Firefox in the wrong?
Posted Oct 7, 2010 13:43 UTC (Thu) by foom (subscriber, #14868) [Link]
If everyone starts bundling all their dependencies, every piece of software will bundle a different version. And they may or may not even work with the latest version (how could you even tell, since nobody's running it like that, afterall). So when there's a security problem in a library, now, you don't just patch it once and release it, or even patch it once and release it 100 times (once for each app it's embedded into), you're going to have to patch it separately for every single separate version of the library embedded into each app.
I don't see how that's possibly going to be less effort, and furthermore, it pushes the effort into the place where it's least able to be afforded: into the security response team.
Why is Firefox in the wrong?
Posted Oct 7, 2010 13:55 UTC (Thu) by mjthayer (guest, #39183) [Link]
I might just point out that bundling libraries with an application doesn't necessarily mean that the source of the library is bundled with the source of the application. You can still build the bundled application packages from a more fine-grained source repository. This is still an improvement in maintainability, as the packaging only has to be right and consistent on the system (which may well be a small chroot environment or something) where the package is built and not on every system it is deployed on.
Why is Firefox in the wrong?
Posted Oct 15, 2010 4:28 UTC (Fri) by jamesh (guest, #1159) [Link]
Due to this experience, most distros have adopted policies to use the system copy of libraries. If an application is using the system version of a library, then it will benefit from any security updates to that library rather than needing a new release itself.
The price of RAM doesn't really come into the argument.
Trials, tribulations, and trademarks
Posted Oct 7, 2010 9:58 UTC (Thu) by mjr (guest, #6979) [Link]
Sorry, we won't take this. We prefer to ship our own copies of the media libraries, as if necessary we can cherry-pick a critical security fix and push out a release quickly, rather than relying on the distros to update their libraries. We can guarantee the safety and stability of our libraries this way.
It seems to me that Mozilla hasn't actually thought this through very well.
Mozilla could still use bundled versions in their distribution process just fine (as would still be the default case). As for GNU/Linux distributions, the distros need to be relied on anyway to ship the fixes, whether internal or external to Firefox. All Mozilla's insistence does here is make sure there are multiple places where it'll have to be done.
Rejecting a feature on the grounds of not being able to make guarantees which wouldn't exist in the first place even without the feature simply does not make sense.
Making extra work for the editors
Posted Oct 7, 2010 10:34 UTC (Thu) by alex (subscriber, #1355) [Link]
Making extra work for the editors
Posted Oct 7, 2010 11:32 UTC (Thu) by busterb (subscriber, #560) [Link]
I can empathize with Firefox. They simply want to be responsible for the security and stability of their product. Browsers can represent 90% of the average user's time on a desktop machine, and thus likely receive a disproportional number of the bug reports.
Reproducing bugs where browser version X crashes while doing thing Z is hard enough. Adding 'while linked to version Y of the library, on distribution D, which adds its own random patches A and B' would make it almost impossible, and a waste of time. The solutions in this case (if Firefox used system libraries) would be:
1. If distro is supported, triage problem with system library, urge distro to fix (which may or may not break other system applications that rely on the bug)
2. If distro is unsupported, bundle the library with the browser, attempt to work around it somehow (which may break distros that have working libraries), or tell the user he's out of luck.
I have the sense that other upstream packages would do the same if they simply had the clout or the user-base to justify it. So, the 'if you break it, you buy it' mentality makes sense.
Both sides have a point. And bundled libraries == NORMAL in Java
Posted Oct 7, 2010 16:15 UTC (Thu) by dwheeler (guest, #1216) [Link]
I'm sympathetic to both sides of the "bundled libraries" vs. "use the system libraries" debate; both sides have a point. Perhaps it'd be best to make it even easier to do *either*. The basic mechanisms are in place, but often it's hard to do one or the other when you look at the entire development and distribution process.
I should note that in practice, having libraries bundled into an application is NORMAL in applications developed in Java. Indeed, it can be very difficult to tease the libraries back out.
Trials, tribulations, and trademarks
Posted Oct 7, 2010 12:56 UTC (Thu) by mjthayer (guest, #39183) [Link]
Doesn't free software normally refer to the actual bits? What about the parts of the GPL which make clear that they think the recipients of modified software should be clearly aware of the fact? Isn't that roughly what is happening here?
Trials, tribulations, and trademarks
Posted Oct 8, 2010 0:21 UTC (Fri) by giraffedata (guest, #1954) [Link]
What about the parts of the GPL which make clear that they think the recipients of modified software should be clearly aware of the fact [that it's modified]?
I guess I don't konw what parts of the GPL those are -- I rarely see modified GPL software clearly labelled; it seems normal for two Linux distributions and an upstream package to have three slightly different versions of the package, with no outwardly visible distinguishing marks.
But assuming it's there in GPL, that really doesn't stop someone from saying the Firefox trademark restriction makes Firefox non-free, because GPL isn't the definition of free - just one important interpretation of it.
Trials, tribulations, and trademarks
Posted Oct 8, 2010 10:51 UTC (Fri) by mpr22 (subscriber, #60784) [Link]
GPLv2 2.a:
You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change.
From this, it's clearly intended that your modified versions should be readily distinguishable from the upstream version.
Trials, tribulations, and trademarks
Posted Oct 8, 2010 10:58 UTC (Fri) by dlang (guest, #313) [Link]
Trials, tribulations, and trademarks
Posted Oct 8, 2010 16:51 UTC (Fri) by gerv (guest, #3376) [Link]
https://bugzilla.mozilla.org/show_bug.cgi?id=577653
but has also posted a comment about how and why we take decisions about this:
https://bugzilla.mozilla.org/show_bug.cgi?id=577653#c9
Gerv
Trials, tribulations, and trademarks
Posted Oct 11, 2010 19:25 UTC (Mon) by lacostej (guest, #2760) [Link]
Mozilla fixing a security problem in a reused external library ? That security issue isn't theirs to start with. Yes they need to rebuild and distribute Firefox (for users of binary versions), but they also need to warn upstream and downstream properly. Downstream (distributions) should be able to decide to pick Firefox's fixed library or patch it themselves.
There could be some restrictions in the Firefox trademark battle saying that a few technical changes are allowed (e.g. reusing an external library is allowed, it's not a modification of Firefox per se). This could be solved at a technical level (i.e. making the build a bit more modular).
Trials, tribulations, and trademarks
Posted Oct 13, 2010 5:32 UTC (Wed) by mfedyk (guest, #55303) [Link]
adding loopholes for linux distros while also protecting against bundled malware is a hard problem.
Just ignoring Mozilla?
Posted Oct 14, 2010 22:07 UTC (Thu) by ummmwhat (guest, #54087) [Link]
What is Mozilla going to do?
Are they _really_ going to sue a free software distribution?
Also, can they really enforce the trademark in that way?
How about arguing in court that since it is free/open source software, it is commonplace to use the original name to refer to modified versions? (esp. if the changes are trivial and the result intended to work identically)
Also, does the Mozilla copyright license allow this?
Could it be possible to argue that Mozilla is violating third-party copyrights in their codebase by imposing this additional restriction?
Would it be possible to get the FSF or OSI to declare Mozilla non-free and not open source due to this unreasonable restriction?
Finally, it is ridiculous to argue that Mozilla can better ensure the security and compatibility of libraries with Firefox.
The whole job of a Linux distribution is to properly update the system and keep it working, and thus almost surely they can do that better than anyone else, unless they suck as a distribution.
Or perhaps push for some kind of middle ground, like having a policy that allows Fedora to call the browser "Fedora Firefox" but not just "Firefox"?
Regarding the spyware issue, just have a policy that prohibits features damaging to the user, or alternatively whitelist well-known distributors to ship their own changes.