Thursday, January 26, 2006
GPLv3: I'm not alone
In a previous post, I called the GPLv3 "idiotic". sfllaw replied in a comment that I shouldn't say such things without studying copyright law in greater detail.
I wasn't actually referring to the copyright part of the law though. I think he was confused by my earlier statement that I thought the GPLv2 was a bit too viral for my uses. My comment on GPLv3 was unrelated.
I actually dislike the GPLv3 not for the copyright provisions, but the policy choices the FSF has made. I haven't read through the thing, but am only going on what has been reported. The one I was talking about was how the GPLv3 forbids software from containing DRM of any kind. This, of course, really limits where you can use GPL'd software, and will drive a great many corporations AWAY from opensource (Hence my comments about the new GPL hurting opensource).
Apparently, Linus agrees, saying "I think it's insane" when referring to yet another stupid provision that requires people to make their private signing keys available. If I understand what he's referring to, he's right. If you make your private signing keys available because the GPLv3 requires it, ANYBODY can sign stuff with your key. That is worse than not having any keys at all, because it gives a false sense of security when Joe Viruswriter can sign whatever he wants with a GPLv3'd project's key. Great new way to sneak rootkits onto people's linux boxes.
Linus will thankfully not be using the GPLv3 for Linux. Thank goodness, because with the GPLv3, the FSF is trying to push their extremist views onto a world in which it doesn't work.
I wasn't actually referring to the copyright part of the law though. I think he was confused by my earlier statement that I thought the GPLv2 was a bit too viral for my uses. My comment on GPLv3 was unrelated.
I actually dislike the GPLv3 not for the copyright provisions, but the policy choices the FSF has made. I haven't read through the thing, but am only going on what has been reported. The one I was talking about was how the GPLv3 forbids software from containing DRM of any kind. This, of course, really limits where you can use GPL'd software, and will drive a great many corporations AWAY from opensource (Hence my comments about the new GPL hurting opensource).
Apparently, Linus agrees, saying "I think it's insane" when referring to yet another stupid provision that requires people to make their private signing keys available. If I understand what he's referring to, he's right. If you make your private signing keys available because the GPLv3 requires it, ANYBODY can sign stuff with your key. That is worse than not having any keys at all, because it gives a false sense of security when Joe Viruswriter can sign whatever he wants with a GPLv3'd project's key. Great new way to sneak rootkits onto people's linux boxes.
Linus will thankfully not be using the GPLv3 for Linux. Thank goodness, because with the GPLv3, the FSF is trying to push their extremist views onto a world in which it doesn't work.
Comments:
<< Home
Let's not resort to appeals to authority here. Linus may know a lot about writing kernels, but he's not a copyright lawyer. And he is commenting on a draught.
As for your concern about the anti-DRM clause, you should understand that the GPL has never been written for false people, but only for real people. It may hurt the "open source movement" but it won't hurt the "free software movement." Just read the most important sentence:
Regardless of any other provision of this License, no permission is given to distribute covered works that illegally invade users' privacy, nor for modes of distribution that deny users that run covered works the full exercise of the legal rights granted by this License.
As a software developer and a software user, this should be very important to you.
As for your concern about the anti-DRM clause, you should understand that the GPL has never been written for false people, but only for real people. It may hurt the "open source movement" but it won't hurt the "free software movement." Just read the most important sentence:
Regardless of any other provision of this License, no permission is given to distribute covered works that illegally invade users' privacy, nor for modes of distribution that deny users that run covered works the full exercise of the legal rights granted by this License.
As a software developer and a software user, this should be very important to you.
The DRM clause isn't necessarily what it appears to be at first glance. From my understanding, it's basically there to make sure that existing legislation doesn't overrule the freedoms provided by the GPL.
For example, if FOO company releases a DRM system under the GPLv3, they can't sue someone for using a modified version of their software to access the data that their system is "protecting".
This doesn't necessarily exclude releasing DRM software under the GPL, just who you can sue for circumventing it.
I'd recommend reading the fsf's rationale document. It's far more informative than the flamebait that's being spread around the enthusiast sites:
http://gplv3.fsf.org/rationale
For example, if FOO company releases a DRM system under the GPLv3, they can't sue someone for using a modified version of their software to access the data that their system is "protecting".
This doesn't necessarily exclude releasing DRM software under the GPL, just who you can sue for circumventing it.
I'd recommend reading the fsf's rationale document. It's far more informative than the flamebait that's being spread around the enthusiast sites:
http://gplv3.fsf.org/rationale
Linus misrepresented the signing key bit. The way I saw it explained seems to be that what it actually means is that if you build a box (like a Tivo) that uses GPLed software, but won't boot unless you sign the firmware image, then you have to provide a way of letting anyone sign their own image to run on it (either by providing the key you used, or including a mechanism that lets them use their own key).
So basically it keeps people from evading GPL responsibilities by keeping people from hacking on their own hardware.
Post a Comment
So basically it keeps people from evading GPL responsibilities by keeping people from hacking on their own hardware.
<< Home