This is why I drink: a discussion of Fedora's legal state
In the old days, Callaway said, Red Hat made Red Hat Linux, entirely in-house. What the company didn't make was any money; sales of hats generated more profit than sales of Red Hat box sets, which apparently were sold at a loss. It was felt that this plan wouldn't work out in the long term, so Red Hat changed to making Enterprise Linux. It didn't want to stop doing a hobbyist Linux, however, so Fedora Core was launched. Red Hat also wanted the community to have input into what Fedora was, and how it looked, but the company couldn't just drop the reins and let the community take over, because it was still legally the distributor.
![[Tom Callaway]](https://static.lwn.net/images/2017/fosdem-callaway-sm.jpg "Tom Callaway")
So someone — no one now remembers who — created the FE-LEGAL tag in bugzilla, which was applied to any issue that people thought might cause legal problems when Fedora shipped. Because, in the old in-house Red Hat Linux days, legal issues were well monitored, everyone assumed that someone was dealing with these FE-LEGAL-tagged issues. Unfortunately that wasn't true, and when this was realized, Callaway got volunteered to handle them. With a little encouragement from Red Hat's legal team, he made three simple rules.
First, everything needed to be free software. He considered "open source", but quickly discovered that all the open source stuff that was in Fedora was either also free software, or under some questionable license. Requiring that everything be free dealt with that; it was a popular and well-received move, but it broke everyone's WiFi, because (at least at that time) just about every WiFi driver in the world required the loading of a binary firmware blob into the hardware. No one was keen to see Fedora become known as "the distro everyone used to use until they needed WiFi", so he changed the requirement to "must be free software, except for firmware needed to make free software work". This has not been a universally popular move, particularly with the Free Software Foundation, and indeed Callaway would love it if WiFi makers changed their business practices so that the exception could go away without breaking everyone's WiFi.
Second, everything needed to be safe for Red Hat to distribute. That meant being compliant with US laws, "crazy and wacky and stupid as they are". It also meant not infringing known US patents. That didn't mean doing some kind of exhaustive patent search on everything that goes into Fedora, but deliberately infringing a known US patent is a pretty good way to get Red Hat's headquarters litigated into impoverished, glowing embers. That meant no MP3 support, at least at that time.
Third, it had to respect Red Hat's trademarks. It was decided that the easiest way to do that was to respect everyone's trademarks, and in any case, that was the honorable thing to do.
Licensing was the next problem. Red Hat Linux used to have a "contrib" repository, where people put all sorts of stuff that had been built against Red Hat Linux so that it could be more widely used. When Fedora opened up, busy volunteers took nearly everything in contrib and threw it into Fedora. Unfortunately, much of this effort happened with no particular concern for licenses. There was a "license" field in the database of packages, but instead of "GPLv3" or "MIT", it often said things like "distributable", or in one memorable case, simply "ok". Callaway went through Fedora and found over 350 different licenses, including 16 BSD variants and 34 MIT variants (there were still more of those, but he stopped counting at 34).
The fix here was a contributor license agreement, but it was not well received. Some corporate contributors not only refused to sign it, but refused to say why; unofficial research eventually suggested that people were afraid it was a copyright assignment, even though it wasn't supposed to be one. So the Fedora Project Contributor Agreement was adopted, which starts off by clarifying that it isn't a copyright assignment, and goes on in fairly simple terms to say that anything you create and put in Fedora which you do not otherwise give a free license to will be under a default free license (MIT for code, CC-BY-SA for other content).
That pretty much got us to where we are today. Callaway ran through a number of achievements the project has had in clarifying and fixing licenses. It fixed the SGI FreeB license, which finally made X.Org free; it persuaded Sun (and later Oracle) to drop the clause in the Java license forbidding its use in nuclear submarines, thus making it free; it persuaded many CPAN contributors to relicense CPAN modules which were Artistic-1.0-only, and dropped from Fedora those that they could not fix that way, this latter project alone took him six months. The project worked with TeXLive to identify, then remove, all the non-free components.
The greater community's recognition that Fedora was serious about free licensing started to attract smaller projects that sought advice about being properly free; part of the advice given was on the inadvisability of writing their own license. The project found that fonts, in particular, were often in common use but non-free; the creators generally had no problem with freeing them, but in most cases they had simply never been asked.
MP3 decoding is now in Fedora because the patents have expired, though encoding remains encumbered, and the patents are being enforced by the rights holders. Elliptic curve cryptography is now in Fedora, after a six-year wait for the base functionality, and a ten-year wait for the curves currently used. Callaway revealed that he has a desktop calendar full of patent expiry dates: some mornings he wakes up, the calendar goes "bing!", and he spends the day putting something into Fedora that could not previously have shipped. The patent on S3 texture compression expires on October 2, 2017, so Steam games might work better on Fedora after that date.
If a big company with deep pockets is going to run a distribution with high community involvement, someone is going to have to attend to the legal issues. Since free-software people often communicate with lawyers about as well as dolphins communicate with dogs, someone is going to have to stand between the groups, talking to each in their own language. That person will have to help the free-software people understand legal issues, and the lawyers understand the people who want to give everything away. Callaway does this, which is why he drinks, he said, and it is why I, as a Fedora user these many years, would be happy to buy him a beer.
[Thanks to the Linux Foundation, LWN's travel sponsor, for making this
article possible.]
| Index entries for this article | |
|---|---|
| GuestArticles | Yates, Tom |
| Conference | FOSDEM/2017 |
Posted Feb 15, 2017 17:54 UTC (Wed)
by jhoblitt (subscriber, #77733)
[Link] (18 responses)
Posted Feb 15, 2017 18:09 UTC (Wed)
by alonz (subscriber, #815)
[Link] (17 responses)
Posted Feb 15, 2017 20:35 UTC (Wed)
by jhoblitt (subscriber, #77733)
[Link]
Posted Feb 15, 2017 20:55 UTC (Wed)
by jzb (editor, #7867)
[Link]
Posted Feb 15, 2017 20:59 UTC (Wed)
by spot (guest, #15640)
[Link] (14 responses)
I happily accept "thank you" drinks.
Posted Feb 15, 2017 23:19 UTC (Wed)
by mspevack (subscriber, #36977)
[Link]
Posted Feb 16, 2017 0:14 UTC (Thu)
by eternaleye (guest, #67051)
[Link] (7 responses)
Let's be real, I doubt I'm the only one who'd find that FAR more useful (and interesting) than "US Holidays" or whatever other people's calendar software tends to throw in! (This despite that I do, in fact, live in the US.)
Posted Feb 16, 2017 0:16 UTC (Thu)
by jhoblitt (subscriber, #77733)
[Link] (6 responses)
Posted Feb 16, 2017 9:59 UTC (Thu)
by vxIjhjYG (guest, #110420)
[Link] (5 responses)
Posted Feb 16, 2017 11:13 UTC (Thu)
by farnz (subscriber, #17727)
[Link]
I'd guess that it's more prosaic; the calendar is effectively a nice way to present legal advice that could be trivially rewritten as "Red Hat's legal team believe that there are no patents affecting $thing after $date". Given that it's legal advice, you run into the usual "this isn't legal advice and I'm not your lawyer" issues - from Red Hat's point of view, it's simpler to not publish the calendar at all (in any form) than to publish it, have to keep it updated, deal with problems caused when they update it on the basis of new information but you don't get the update etc.
Posted Feb 16, 2017 19:43 UTC (Thu)
by niner (subscriber, #26151)
[Link] (3 responses)
Posted Feb 16, 2017 19:47 UTC (Thu)
by sfeam (subscriber, #2841)
[Link] (2 responses)
Posted Feb 16, 2017 20:32 UTC (Thu)
by pizza (subscriber, #46)
[Link] (1 responses)
"Willful infringement" is a legal definition, which may or may not bear any semblance to common sense.
Posted Feb 25, 2017 18:57 UTC (Sat)
by Wol (subscriber, #4433)
[Link]
Cheers,
Posted Feb 16, 2017 3:56 UTC (Thu)
by mcatanzaro (subscriber, #93033)
[Link]
*Drinks*
Posted Feb 21, 2017 16:07 UTC (Tue)
by KAMiKAZOW (guest, #107958)
[Link] (3 responses)
Posted Feb 21, 2017 16:19 UTC (Tue)
by rahulsundaram (subscriber, #21946)
[Link]
Posted Mar 14, 2017 16:21 UTC (Tue)
by JanC_ (guest, #34940)
[Link] (1 responses)
My guess is it's obsolete, unless you have some antique Video CDs you recorded somewhere in the Middle Ages… ☺
Posted Mar 21, 2017 22:26 UTC (Tue)
by flussence (guest, #85566)
[Link]
Posted Feb 15, 2017 19:07 UTC (Wed)
by karkhaz (subscriber, #99844)
[Link] (10 responses)
> You also agree that you will not use these products for any purposes prohibited by United States law, including, without limitation, the development, design, manufacture or production of nuclear, missiles, or chemical or biological weapons
does anybody have a good idea what this is for? A couple of people on the interwebs say that for the Java case specifically, it's to prevent people using a garbage-collected language for real-time applications, but that sounds like speculation and doesn't explain why there's similar language limiting how you can use your music library program.
Also, I don't understand why licenses make you agree to not do illegal stuff more generally. Doesn't the law already prohibit you from doing illegal stuff, whether you use that software or otherwise?
Posted Feb 15, 2017 19:26 UTC (Wed)
by AdamW (subscriber, #48457)
[Link] (1 responses)
I don't know the ins and outs and whether the clauses are actually necessary and make any sense, but that's ultimately where it's coming from, AIUI. For more details, ask a lawyer. I am not one, and this is not legal advice.
Posted Feb 18, 2017 11:54 UTC (Sat)
by intgr (subscriber, #39733)
[Link]
> Earlier this month, Bruce Blair, president of the Center for Defense Information, a nonprofit military research organization based in Washington, D.C., wrote that Russian nuclear scientists last year found a bug in Microsoft's SQL Server database software that threatened the security not only of Russian nuclear weapons materials, but also of U.S. nuclear materials.
Posted Feb 15, 2017 20:12 UTC (Wed)
by Cyberax (✭ supporter ✭, #52523)
[Link] (4 responses)
By specifying this clause Apple says that if a rogue government decides to use iPads to develop a doomsday weapon, then Apple will sue them into the ground for the license violation.
After all, it'll be copyright violation, not some insignificant stuff like genocide or war crimes.
Posted Feb 16, 2017 13:13 UTC (Thu)
by robbe (guest, #16131)
[Link] (3 responses)
Aaand the Berne Convention has more signatories than any non-proliferation treaties, including (the mind boggles) North Korea.
Iran is missing from the list, though, so they can listen to (copied?) music via an unlicensed iTunes while the centrifuges keep spinning...
Posted Feb 16, 2017 13:33 UTC (Thu)
by karkhaz (subscriber, #99844)
[Link]
Changelog
Posted Feb 23, 2017 19:57 UTC (Thu)
by unilynx (guest, #114305)
[Link]
It would be a brilliant quote to (re)use, but Berne's 171 signatures don't seem to beat the NPT's 190.
Posted Mar 14, 2017 16:25 UTC (Tue)
by JanC_ (guest, #34940)
[Link]
Posted Feb 16, 2017 0:17 UTC (Thu)
by rgmoore (✭ supporter ✭, #75)
[Link]
My best guess for that part is that a company like Apple it's a matter of simplicity. For a company that doesn't care about abstract issues like software freedom, it does no harm to include a license term forbidding people from using the software to design nuclear weapons or engage in some other nefarious activity. Nobody is going to complain about a license term telling them they mayn't do something that's either impossible or forbidden. If it's impossible, the restriction is irrelevant, and if it's illegal then the people who were going to do it anyway aren't going to let a license term stop them.
To the lawyers who draft the licenses, though, including the term is a definite benefit. On the one hand, it means they only have to have one license, the one that includes those terms, rather than multiple licenses tailored to the capabilities of the programs they're applied to. On the other hand, it means nobody has to sit down and figure out which license applies to any piece of software. That's not only tedious, but nobody wants to be in the position of getting it wrong and exposing the company to liability because they left out a restriction they should have included.
Posted Feb 16, 2017 4:58 UTC (Thu)
by gdt (subscriber, #6284)
[Link]
There's two reasons, usually intermingled and combined with legal inertia. Firstly, there are risks who's outcomes are so large as to be uninsurable. You could imagine a program which melts down a reactor and not only kills a fair number of New York's residents but also makes uninhabitable some of the most expensive and litigious real estate in the world. What should a company which sells software do to reduce its exposure to third-party damages? One possible response is to inhibit the programs use in these uninsurable situations and then take out insurance for the remaining insurable situations. You then copy the list of exclusions from your insurance policy into your software license or contract. Secondly there is the Wassenaar Arrangement and its friends. These prevent the export of dual-use technologies. How do you prevent your average program from being tainted as a dual-use technology, which may then fall under the laws enabling this Arrangement? Using the same approach as above, you prevent the use of your program in fields of endeavour which may incorporate your program into a dual-use technology. Now your lawyer leans back in their chair satisfied at a day's work well done, every 6 minutes billed out. But does this legal cleverness work in practice? Well have you ever seen a software license updated due to a change in insurance policy exclusions? So we're already fraying at the edges. And if you do contaminate large chunks of Manhattan, aren't the legal fees alone going to doom your company, especially since the insurer won't be helping pay them. There really is no practical legal protection offered, you're going to have to rely upon legislative limits. The military-industrial complex has done its bit too. The export rules for dual-use technologies are far clearer than they used to be. After looking up some tables you can determine if your software is dual-use or not. If it is dual-use then its dual-use whether it has been used in a dual-use application or not: there is no theory of 'contamination'. Moreover there's a separate documentation dealing with exports -- the end-user certificate -- so there's no need to repeat all that in the software license or contract: the certificate itself can be your warranty from the exporter that they won't re-export the software. That allows the same license for exportable, dual-use and controlled technologies.
Posted Feb 16, 2017 17:40 UTC (Thu)
by Gladrim (subscriber, #45751)
[Link]
Interviewer: Your plans to take over the world failed. How were you stopped? Was it James Bond? The Avengers? Sherlock Holmes...?
Dr Evil (sobbing): No, I read the EULA...
Posted Feb 15, 2017 19:37 UTC (Wed)
by MarkVandenBorre (subscriber, #26071)
[Link]
Posted Feb 15, 2017 20:36 UTC (Wed)
by cyperpunks (subscriber, #39406)
[Link]
Posted Feb 15, 2017 22:47 UTC (Wed)
by bfields (subscriber, #19510)
[Link] (2 responses)
Posted Feb 15, 2017 23:58 UTC (Wed)
by cjwatson (subscriber, #7322)
[Link] (1 responses)
Posted Feb 21, 2017 16:04 UTC (Tue)
by KAMiKAZOW (guest, #107958)
[Link]
Posted Feb 16, 2017 2:00 UTC (Thu)
by adam820 (subscriber, #101353)
[Link] (2 responses)
Great talk!
Posted Feb 17, 2017 19:42 UTC (Fri)
by intgr (subscriber, #39733)
[Link] (1 responses)
Posted Feb 27, 2017 21:14 UTC (Mon)
by ceplm (subscriber, #41334)
[Link]
Posted Feb 16, 2017 6:10 UTC (Thu)
by hifi (guest, #109741)
[Link] (4 responses)
I was a Debian user for quite some time but switched to Fedora for unrelated reasons and I have never looked back yet. It did, however, bother me that the Debian guidelines force (binary) firmware into the non-free repository. It's not that I don't understand the reason but it's one of those things that makes everything harder than it should be for the end user. You also get "exposed" to actual non-free software by enabling the non-free repository.
My personal belief is that hardware shouldn't be treated any differently if a firmware is uploaded as a binary file compared to being burned to a physical ROM on the board. It gives false impression of "freedomness" when older hardware with ROM firmware is compliant but modern that needs the uploaded blob isn't even though both use non-free firmware to operate in the end.
There are projects like nouveau trying to implement their own and that's of course a good thing but it's probably an endless road of pain as the generation of hardware moves faster than you can RE a firmware. Then NVIDIA started requiring firmware signing on the hardware so that ended abruptly.
Long term hardware that will be used for many years to come like the Raspberry Pi are probably the best targets for such effort as it doesn't get obsoleted as fast as PC GPUs and such.
Posted Feb 16, 2017 12:46 UTC (Thu)
by pizza (subscriber, #46)
[Link]
You left out a third case -- "stored in flash on the device". If the user lacks the ability to update the device firmware, the hardware is somehow "more free" than someone figures out how to update the stored firmware.
This is one of my personal beefs, and one of the very few areas where I strongly disagree with the FSF. I can understand the legal argument for why they draw the line where it is, but it's hard to see how arguing for a worse user experience is somehow a more moral stance, especially when the "uploaded as a blob" at least provides a path towards the possibility of truly Free Firmware being developed one day.
This isn't a theoretical argument; back in the day I was responsible for the drivers for the prism2 802.11b devices -- which started as non-user-updatable flash, became user-updateable due to horrible bugs in older firmware, and eventually lost onboard flash altogether as a cost-saving mechanism. Despite the ones lacking onboard firmware actually providing (by far) the best user experience, they were somehow the worst ones from a "freedom" perspective given that the proprietary firmware blob was completely identical.
(To this day, the firmware blobs I host on my personal website are downloaded about 4000 times a month, nearly entirely by Debian users..)
Posted Feb 16, 2017 12:58 UTC (Thu)
by cesarb (subscriber, #6266)
[Link] (1 responses)
For the hardware, it doesn't make a difference, but in the firmware upload case, your distribution is distributing non-free software, while in the ROM case, your distribution isn't distributing anything (since you already have it).
Ideological reasons aside, this means that in the firmware upload case, the distribution has to worry about the license for the firmware files.
Posted Feb 16, 2017 16:49 UTC (Thu)
by hifi (guest, #109741)
[Link]
I'm not arguing we should start packaging extracted firmware without consent from hardware vendors but when we do have that it should be a no-brainer to include them within distributions.
Posted Feb 16, 2017 16:33 UTC (Thu)
by jcrawfordor (guest, #114167)
[Link]
https://cdimage.debian.org/cdimage/unofficial/non-free/cd...
They're just "unofficial" and you have to do some digging to find them. This way I can do a netinstall on my laptop without having to sit by the ethernet jack.
Posted Feb 16, 2017 9:39 UTC (Thu)
by nim-nim (subscriber, #34454)
[Link]
Posted Feb 16, 2017 14:42 UTC (Thu)
by davecb (subscriber, #1574)
[Link] (1 responses)
The US FCC have asked for comments (and got them from Dave Taht and Vint Cerf!) about how to keep software open versus not letting people triviually misconfigure their wi-fi to mess up things like airport weather rader. The paper is at http://huchra.bufferbloat.net/~d/fcc_saner_software_pract...
I was an editor on the Dave-and-Vint comment, and would love to chat, here or in email, in particular about whether wi-fi vendors are using the Linux networking team's cryptographically signed configurations for radio devices, the Central Regulatory Domain Agent (CRDA, at https://wireless.wiki.kernel.org/en/developers/regulatory)
Or something else cool!
--dave
Posted Feb 17, 2017 1:52 UTC (Fri)
by pabs (subscriber, #43278)
[Link]
I've noticed some WiFi devices ship with completely the wrong regulatory information for where they are being shipped to, especially when that is not the USA. I think the only way to get correct regulatory info is to manually configure it.
Posted Feb 18, 2017 18:26 UTC (Sat)
by marcH (subscriber, #57642)
[Link] (2 responses)
Wow, time flies. Now I need a drink too.
(not like I care any longer about MP3 thanks to... <troll>DRM'ed</troll> streaming)
Posted Feb 18, 2017 19:32 UTC (Sat)
by tao (subscriber, #17563)
[Link] (1 responses)
Posted Feb 19, 2017 8:12 UTC (Sun)
by marcH (subscriber, #57642)
[Link]
Posted Feb 20, 2017 21:20 UTC (Mon)
by elopio (guest, #76663)
[Link]
This is why I drink: a discussion of Fedora's legal state
Why are you trying to ruin his liver?
This is why I drink: a discussion of Fedora's legal state
This is why I drink: a discussion of Fedora's legal state
This is why I drink: a discussion of Fedora's legal state
This is why I drink: a discussion of Fedora's legal state
This is why I drink: a discussion of Fedora's legal state
This is why I drink: a discussion of Fedora's legal state
This is why I drink: a discussion of Fedora's legal state
This is why I drink: a discussion of Fedora's legal state
This is why I drink: a discussion of Fedora's legal state
This is why I drink: a discussion of Fedora's legal state
That makes no sense. If a patent is on the calendar, that means they knew about it and avoided using it . Pretty much the opposite of willful infringement.
This is why I drink: a discussion of Fedora's legal state
This is why I drink: a discussion of Fedora's legal state
This is why I drink: a discussion of Fedora's legal state
Wol
This is why I drink: a discussion of Fedora's legal state
This is why I drink: a discussion of Fedora's legal state
This is why I drink: a discussion of Fedora's legal state
This is why I drink: a discussion of Fedora's legal state
This is why I drink: a discussion of Fedora's legal state
This is why I drink: a discussion of Fedora's legal state
This is why I drink: a discussion of Fedora's legal state
This is why I drink: a discussion of Fedora's legal state
This is why I drink: a discussion of Fedora's legal state
This is why I drink: a discussion of Fedora's legal state
This is why I drink: a discussion of Fedora's legal state
---------------
As well as QuickTime Player and Safari, your iTunes now comes with a gratuitous copy of Stuxnet.
This is why I drink: a discussion of Fedora's legal state
This is why I drink: a discussion of Fedora's legal state
This is why I drink: a discussion of Fedora's legal state
and doesn't explain why there's similar language limiting how you can use your music library program.
This is why I drink: a discussion of Fedora's legal state
This is why I drink: a discussion of Fedora's legal state
This is why I drink: a discussion of Fedora's legal state
This is why I drink: a discussion of Fedora's legal state
Anyone know when spot's calenda goes "bing" for mp3 encoding?
It's a minor annoyance, I'd rather use ogg, but when I'm sending somebody something that doesn't always seem to work, alas.
mp3 patents
mp3 patents
mp3 patents
This is why I drink: a discussion of Fedora's legal state
This is why I drink: a discussion of Fedora's legal state
This is why I drink: a discussion of Fedora's legal state
This is why I drink: a discussion of Fedora's legal state
This is why I drink: a discussion of Fedora's legal state
This is why I drink: a discussion of Fedora's legal state
This is why I drink: a discussion of Fedora's legal state
This is why I drink: a discussion of Fedora's legal state
This is why I drink: a discussion of Fedora's legal state
A side question re wiFi and the FCC
davecb@spamcop.net
A side question re wiFi and the FCC
This is why I drink: a discussion of Fedora's legal state
This is why I drink: a discussion of Fedora's legal state
This is why I drink: a discussion of Fedora's legal state
This is why I drink: a discussion of Fedora's legal state