Re: freebox possible GPL violation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Emmanuel Fleury wrote:

Helge Hafting wrote:
If I make a business out of lending windows boxes, then I have to pay
licences
on each box.  If I lend customers linux boxes, I should lend them the
source too if they
requests it.  Remember, even if the average customer doesn't know what
software
is in the box, they still have the right to make a copy of the linux
kernel, because you
cannot take away that right.

You got an extremely good point here. At least it shows why this way of
doing is not "moral", but, looking at the GPL text, there is nothing
stating any obligation to "pay" in any manner (money or contributions)
to use and/or modify GPLed softwares.

Just to illustrate my point, in the case of an webserver, if the
webmaster patch the code of his own webserver to provides his customers
with a new service. Has he the obligation to redistribute this code ?
No, because he didn't distribute any binary code.
Namely, his patched webserver will never get distributed. The only
interaction between the customers and his webserver will be through
exchanges of HTML files.
Correct, so only the licence on the html files (if any) will matter.

Therefore, it would be nice from the webmaster to contribute with his
patch, but I do think that it is his own choice to do so.
Indeed, because he didn't distribute the webserver binary
in any way. He still only got his own single (modified) copy.
So he has choice.  But if he starts selling "improved webserver boxes"
then the GPL kicks in.  Source too - the price of getting the sw for
no money in the first place.

Note: Originally, the redistribution of the code was mainly to avoid
customers or companies to get stuck with a "no more maintained"
binaries. In the case we are looking now, as the hardware is not
belonging to the customers, there is no such risk. So the protection
seems to be against something else... but what ?
The point is forced open source.  If you can do business using
open-source stuff, then you shall be unable to prevent others from
doing the same.  This is the "price" of open source, and keeps the
sw prices way down.  Nobody can charge much for the open software
component, because the source must be available for free so
anybody capable of compiling it can create their own product.

Competition and the ability to make money then, is not about
having the best sw (because it is forcibly not secret) but in
providing the best service and hardware.

There have at least been cases where companies were selling
linux-powered products, and were told that they had to
provide the sources.  I don't know if any of them bothered
going to court, simply making the source available (on a cd
or webserver) is so much cheaper than that.

LinkSys is an example. But the customers were owning the machine with
everything in it (including the OS). Again, the clause on distributing
the sources help to not get stuck with a piece of hardware that you own
with no possibility of upgrade (remembers me the famous story of RMS and
the laser printer).
Not getting stuck is one thing.  Not needing to reinvent the wheel
is another.  Nobody need to make another linux kernel from scratch, they
can instead grab the existing one and build on that.  In the long run, this
saves a lot of reimplementation cost for society.  Instead, whe can focus on
improving the software further.

An interesting thing about the GPL is that it talks about
"distributing copies", not about "selling or otherwise changing ownership".

"Distributing" a linux kernel embedded in a product owned by the
company doesn't change that.  Where the binary kernel go, the
source should go too (if requested).

Fortunately, this licencing term is so easy to satisfy that it'd be silly
to try to fight it. Stick the source on a webserver somewhere.  Provide
the URL in the accompagnying paper (or a README file if appropriate.)
If distributing cd's, consider sticking a tarball there.

Well, I'm really sorry to play the Devil Advocate once time more, but as
far as I know all these DSL companies have big secrets because of
weaknesses in their security. Being hacked at the Internet level is one
thing, being hacked at the DSLAM level means a lot. Try to imagine if
anybody could upload to you his own modified kernel, this means that you
can tape all the internet traffic, all the phone calls, all the TV
programs that you are looking at, and also probably having an easy way
in to your local network (wired and wifi).
Well, then they need to secure their DSLAM setup.  If it is at all
vulnerable this way, then they need to fix it.  Most users may be
"computer dummies", but there are enough experts among them too.
It only takes one leak, breakin, or reverse engineering session to
break through security-by-obscurity.  And when the cat is out of the
bag, it is out forever.

The internet level is secure enough, when set up by competent people.
Surely the same can be done at DSLAM level.  This reminds me of ethernet
many years ago, when people realized the possibilities of a hacked network
driver.  (A simple way to sniff all traffic, and inject spoofed traffic.)
Easy to do these days, with a open-source kernel.
But these problems are solved - mostly with encryption to protect
what must not be sniffed, and firewall routers preventing the routing
of spoofed packets. With a good setup, spoofing is limited to
spoof other machines on the same network, and then the local
admin can set things straight.

Bad security is not an excuse for disobeying the GPL.  The GPL itself states
that there are no exceptions. If "other concerns" means you can't obey
the GPL to the letter, then you _must_ refrain from distributing the
GPLed software altogether. In such cases, the open software is not a legal option.

Very similiar to a company that cannot afford to pay licences - in that case
proprietary sw is not an option.  They can't just pirate anyway and get away
with it because "otherwise their business model won't work and result in bankrupcy". If you can't take the "cost" of open sw, then don't use it. Fortunately, the cost is usually low. And they _can_ keep a linux device driver secret, they merely have to offer
the source for the rest of the kernel.

Helge Hafting
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux