While we don't need to all agree, we still need to understand the
various positions in the debate. We need to differentiate between where
people disagree, and where people are misinformed.
a) I think we have already identified one area where there is
disagreement, and that is whether a hardware/software bundle should be
separated into component parts when determining whether the distributor is
in violation of a CopyLeft license or whether the bundle should be
considered as a whole.
This is a legitimate point to disagree on, and where different licenses
should exist to fulfil the needs of different authors, just as a variety
of CopyLeft and non-CopyLeft licenses already exist. This suggests
subclasses of "CopyLeft" licenses for those who believe that the parts
should be considered independently and those who believe the whole must be
BTW: I'm not one of those people overly concerned by license
proliferation. The idea of reducing FLOSS down to 6 licenses like the
Creative Commons started out with always sounded impossible to me, and I
believe I was proven right by the fact that the relatively young (Compared
to the Free Software movement) Creative Commons movement themselves have
already expanded well beyond their original 6 to the point where there is
nothing at all in common between the various licenses beyond the brand
We need different tools for different jobs, and software license
agreements are simply tools to accomplish some specific goal.
Now I'm trying to figure out a comment that Linus made talking about
GPLv3 in relation to security:
Just as a very concrete example, the anti-DRM stance of the GPLv3 is
not only anti-Tivo, it's also anti-security. Exactly because it tries
to make a non-technical stand on a technical issue, one that has very
real impact on real behaviour.
The fact is, that signed binaries are not only a good idea, they are an
integral part of pretty much any security scheme. Every time you do a
"yum upgrade", you tend to be getting a lot of binary packages that
were signed with a key that you are not going to get access to, because
if you had access to that key, the whole security model would break
I don't understand where Linus got the idea that the GPLv3 somehow
prohibits or even discusses signed binaries in the way he did.
This concept was also mentioned in a different way o the
Digital-copyright.ca BLOG, this time in the context of having someone
other than the owner of a computer using a computer and the suggestion
that somehow the GPLv3 forced the owner to give the user their signing
What the GPLv3, second draft, actually says on the key issue is the
The Corresponding Source also includes any encryption or authorization
keys necessary to install and/or execute modified versions from source
code in the recommended or principal context of use, such that they
can implement all the same functionality in the same range of
circumstances. (For instance, if the work is a DVD player and can
play certain DVDs, it must be possible for modified versions to play
those DVDs. If the work communicates with an online service, it must
be possible for modified versions to communicate with the same online
service in the same way such that the service cannot distinguish.) A
key need not be included in cases where use of the work normally
implies the user already has the key and can read and copy it, as in
privacy applications where users generate their own keys. However,
the fact that a key is generated based on the object code of the work
or is present in hardware that limits its use does not alter the
requirement to include it in the Corresponding Source.
In Linus's example of Yum, no private keys are needed as these keys are
not required to "install and/or execute modified versions from
sourcecode". I don't see how Linus' various examples apply at all.
"n8o"'s example from the Digital-copyright.ca site also doesn't apply as
you are not distributing software to someone who is using hardware you
own, and thus none of the clauses of the GPL (any version) apply at all.
The GPL is quite deliberately authored as a "bare license" that does not
invoke contract law, and thus only applies to activities that would
otherwise be a copyright infringement if it were not for the permission
granted in the license.
Can people help me make sense of these objections? I want to transform
things that appear to be a misunderstanding of the license or the law to
things where "reasonable people may disagree". I'm not suggesting that
I'll change my opinion on those areas where people disagree, but for
CLUE's work we need to know where we need to educate and where we may need
to eithor exclude a policy issue (IE: not officially taking sides) or poll
members for what position CLUE should take.
Russell McOrmond, Internet Consultant:
Please help us tell the Canadian Parliament to protect our property
rights as owners of Information Technology. Sign the petition!
"The government, lobbied by legacy copyright holders and hardware
manufacturers, can pry my camcorder, computer, home theatre, or
portable media player from my cold dead hands!"
discuss mailing list