User: Password:
|
|
Subscribe / Log in / New account

Defence of the GPL realm (The H)

Defence of the GPL realm (The H)

Posted Dec 18, 2012 22:21 UTC (Tue) by dlang (subscriber, #313)
In reply to: Defence of the GPL realm (The H) by cwillu
Parent article: Defence of the GPL realm (The H)

saying that the required build system (that needs to be provided for the GPL) must include access to private servers, or authentication tokens used to publish the result to private servers is being silly at best.

That sort of access was never intended by any license writer (and any developer who thinks they are entitled to such access is foolish)

The problem is that the definition of what the "build system and scripts" are is a bit fuzzy. Many people who automate builds try to minimize all of their work, and this can include purely private things like what version control system the source is checked out of, or what version control system the resulting binaries are checked into. This sort of thing is of no interest to anyone except people trying to break into that company and disrupt it. The reason that the licenses specify "build scripts" is because sometimes logic gets put in there that affects the final binaries (things that arguably should be in the makefiles instead). In cases like this, the build scripts needed to duplicate the binaries from the source are different than the scripts that the company uses to do the builds that also do several other things.

This isn't bad faith or trying to violate the license on the part of the companies. It may be short sighted optimization of things by the admins writing the scripts, but no more than that.


(Log in to post comments)

Defence of the GPL realm (The H)

Posted Dec 19, 2012 0:02 UTC (Wed) by cwillu (guest, #67268) [Link]

I don't disagree; I'm just emphasizing that if your internal build system depends on things you cannot distribute in order to build the thing, it's perfectly reasonable that you be required to provide an alternate build system that you can distribute.

Defence of the GPL realm (The H)

Posted Dec 19, 2012 0:10 UTC (Wed) by armijn (subscriber, #3653) [Link]

Back in the day when the GPLv2 was drafted the "scripts to control compilation and installation" referred to things like the Makefile of a single package on a Unix workstation where you had full access a shell and a compiler and the package was built and installed on that machine.

These days firmwares with tons of free software are built and installed on millions of devices. How these firmwares are built is often a non-trivial process. You need to set up a cross compilation environment (smart people go for standard solutions of course, but there are tons of homebrew things out there), different devices have different layouts of flash or the way firmware upgrades are assembled, and so on. Without the information in the build system, or the build system itself, it is impossible to recreate the firmware, sometimes not even the individual components. So from a software freedom standpoint having the build system, plus the configuration to build the software makes a lot of sense.

Of course, whether or not this could be legally enforced is another question. The argument can certainly be made that a firmware is "mere aggregation" and not a derivative work.

The most valuable part from the build scripts are not the scripts, but the information about things like firmware layouts and configuration options, which I know developers extract and then merge upstream into projects with proper build systems. When I talk to companies I always suggest to ditch the homebrew scripts and go for standard solutions, which make a lot of compliance questions a lot easier.

Defence of the GPL realm (The H)

Posted Dec 19, 2012 0:17 UTC (Wed) by dlang (subscriber, #313) [Link]

all you say is true, but I'll point out that back in the day it was common to require proprietary compilers to compile things for some environments. The requirement was never to include the compilers, even though it was impossible to recreate the binaries without them.

This point is a fairly major split in the community.

One one hand we have people who say that if they can't compile the exact same binary (and install it), the GPL really hasn't been complied with.

On the other hand we have people like Linus that say that if they get the source code, that's all the the GPL requires.

Now, when you get to the point where there is a legal challenge stating that you have not complied, merely producing source and stating that it's what was used is not likely to be good enough. At that point a company could stand on that point and take it to court, or they could work with people like Bradley to convince them that it really is the source, by providing them with whatever help is needed to let the compile the source to get the same binary. It's _far_ cheaper to do that sort of thing than it is to pay lawyers to go to court.

Defence of the GPL realm (The H)

Posted Dec 19, 2012 1:53 UTC (Wed) by JoeBuck (guest, #2330) [Link]

If Linus says this (and I'm not sure he has), he hasn't read the license text. The relevant GPLv2 text states (I added the emphasis)
The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.

Now, in the cases Linus is most concerned about, the standard Linux build system will work fine with the distributor's new code or patch, so he doesn't need a build script, he already has it (so if he said something like this, then perhaps that's what he meant). It is covered in the exception in the last sentence above. But if the code won't build with a simple command or three (e.g. configure, make, make install), then more must be included.

Defence of the GPL realm (The H)

Posted Dec 20, 2012 23:34 UTC (Thu) by zlynx (subscriber, #2285) [Link]

That exception is major though.

It means that if you have the source code for the firmware for a network card, or a hard drive, you don't have to be given the compiler. After all, it is a normally distributed part of the operating system on which the executable runs: in that case, the chip hardware. And to get that special compiler or even the opcode list for the processor might require committing to the purchase of a very expensive dev kit. If the ASIC is completely custom and proprietary you might not be able to get a compiler at all.

Defence of the GPL realm (The H)

Posted Dec 21, 2012 2:09 UTC (Fri) by bkuhn (subscriber, #58642) [Link]

Whether or not the firmware as a whole is derivative or aggregate is unrelated to the issues of scripts to control compilation and installation and/or Installation Information.

The point is that for a given GPL'd program, GPL requires that, upon distribution of a binary of that program, the information on how to build and install a modified version of that particular binary must be provided. This requires knowing how to get a modified binary correctly into a firmware blob. The copyright status of the firmware as a whole is just moot with respect to this issue.

Defence of the GPL realm (The H)

Posted Dec 21, 2012 2:36 UTC (Fri) by dlang (subscriber, #313) [Link]

If it was as simple as you are making it out to be, there would have been no need for the anti-Tivo clause in GPLv3

I know there are people who believe this, but nobody with standing has ever tried to enforce this, so it doesn't seem likely to prevail


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds