Looking back at 2023

Posted Dec 23, 2023 3:55 UTC (Sat) by NYKevin (subscriber, #129325)
In reply to: Looking back at 2023 by rahulsundaram
Parent article: Looking back at 2023

> Sure but my understanding is that after the embargo gets lifted, said patches just get merged in a branch in CentOS stream and not gets split specifically as a security patch anymore.

Let's be clear about what the GPL actually says. When you distribute modified versions of a GPL'd work, you must:

* Provide attribution.
* Provide source code (the "preferred form of the work for making modifications to it").
* Include "prominent notices" stating that the work is under the GPL.
* Include "prominent notices stating that you modified it."
* License the modified version under the GPL.
* Preserve any copyright and other legal notices (e.g. lack of warranty) in the work's UI.
* Also there are extra rules (under GPLv3) if it's sold as an integral part of consumer hardware, but that doesn't apply to RHEL.

There is absolutely nothing, in either version of the GPL, which says you have to separate out patches in a convenient format, so long as the complete corresponding source code is available. For that matter, you're not even required to distribute the source code publicly at all, as long as it is provided to the recipient.

There are lingering questions about whether Red Hat can validly refuse to do business with clients who exercise the full extent of their GPL rights. But that is a separate issue. For GPL purposes, Red Hat is under absolutely no obligation to provide individual patches, even to their clients. The only (relevant) requirement is that the code they give to their clients must correspond to the binaries they give to their clients. They can satisfy that requirement with an opaque tarball, sans Git history.

Looking back at 2023

Posted Dec 23, 2023 12:29 UTC (Sat) by rahulsundaram (subscriber, #21946) [Link]

> Let's be clear about what the GPL actually says.

I am not sure what gave you the impression that any of my questions had anything to do with the licensing obligations. My questions were entirely about the precise nature of the technical changes within CentOS stream

Looking back at 2023

Posted Dec 25, 2023 7:47 UTC (Mon) by Sesse (subscriber, #53779) [Link] (1 responses)

You _could_ argue that the patch series is the preferred form of making modifications to the software, given that Red Hat clearly keeps that internally and prefers it themselves. Whether that argument would actually convince a court is a completely different matter, of course.

Looking back at 2023

Posted Dec 25, 2023 10:50 UTC (Mon) by daenzer (subscriber, #7050) [Link]

> [...] given that Red Hat clearly keeps that internally and prefers it themselves.

Did you read the posts higher up in this thread?

Red Hat employees are using https://gitlab.com/redhat/centos-stream/src for developing RHEL, which is publicly accessible. There is nothing else which is kept internally.

Looking back at 2023

Posted Jan 5, 2024 21:40 UTC (Fri) by Wol (subscriber, #4433) [Link]

> There are lingering questions about whether Red Hat can validly refuse to do business with clients who exercise the full extent of their GPL rights.

It is (for the most part) completely accepted that the law does NOT interfere with relationships between adults (legal persons, or legal fictional persons). If Red Hat does not want to do business with you, that is down to Red Hat, and absolutely nothing to do with the Government or the Courts.

If Red Hat breaks their contract with you (and Red Hat has explicitly reserved the right to walk away from the contract!!!) then THAT is when the Courts can get involved.

Cheers,
Wol