Re: Free Software Foundation Files Suit Against Cisco For GPL Violations
On Fri, Dec 12, 2008 at 10:27:52PM -0800, Edward Cherlin wrote: Interesting. I have never received a Linux system with either the source code or a written offer of source code. Oh? That's not supposed to happen. If a hardware vendor provides a system with Linux on it, that is distribution, and they are certainly obliged to provide the source code or offer. If you received the system as hardware only and you obtained the software yourself, then the hardware vendor has no such obligation. I expect that if faced with this question directly, governments would uniformly assert that they are the consumers, and that no court in their countries would disagree, since the government paid for the equipment. Inasmuch as the government becomes the hardware vendor, the act of distribution is by them, to their end-users. For that use-case, OLPC would merely need to support the provision of source by that hardware vendor. -- James Cameronmailto:qu...@us.netrek.org http://quozl.netrek.org/ ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Free Software Foundation Files Suit Against Cisco For GPL Violations
On Sat, Dec 13, 2008 at 10:07, James Cameron qu...@laptop.org wrote: On Fri, Dec 12, 2008 at 10:27:52PM -0800, Edward Cherlin wrote: Interesting. I have never received a Linux system with either the source code or a written offer of source code. Oh? That's not supposed to happen. If a hardware vendor provides a system with Linux on it, that is distribution, and they are certainly obliged to provide the source code or offer. If you received the system as hardware only and you obtained the software yourself, then the hardware vendor has no such obligation. Small print on the back of the printed cover of the latest Ubuntu CD provided by shipit includes: Source code for Ubuntu can be downloaded from archive.ubuntu.com or can be ordered from Canonical at the cost of the media and shipping. This has been on every Ubuntu release since I can remember - since 5.10 (the oldest cover I could quickly find) at least. Regards Morgan ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Free Software Foundation Files Suit Against Cisco For GPL Violations
Hi, On Saturday 13 December 2008 03:04, da...@lang.hm wrote: for the record I believe that the google G1 phone is open, the various other android based phones are locked down. actually not true: http://laforge.gnumonks.org/weblog/2008/12/09#20081209-google_htc_android_g1 there seems to be a developer edition, which isnt locked down, but the default is locked. regards, Holger btw: thanks to John for caring about complying with the licences. pgpC4loBgeFGp.pgp Description: PGP signature ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Free Software Foundation Files Suit Against Cisco For GPL Violations
Are there any places where Sugar is in violation of its licenses? -walter On Fri, Dec 12, 2008 at 2:14 PM, John Gilmore g...@toad.com wrote: OLPC is at risk of similar action unless it gets its act together. The project and its customers have skated by on GPL compliance, figuring that we're the good guys, and make halfhearted attempts every once in a while, so we won't get sued. That didn't work for Cisco. Even a public *allegation* by FSF that OLPC is not compliant would have an effect similar to the We're going Microsoft debacle, further alienating the free software development community who OLPC depends deeply upon. OLPC has, by distributing binaries under DRM, without source code, and with minimal notice, hung a sword over its head that just about anybody could unleash. John From: Brett Smith br...@fsf.org To: info-pr...@gnu.org, info-...@gnu.org, info-...@gnu.org Date: Thu, 11 Dec 2008 12:10:50 -0500 List-Archive: http://lists.gnu.org/pipermail/info-gnu ## Free Software Foundation Files Suit Against Cisco For GPL Violations BOSTON, Massachusetts, USA -- Thursday, December 11, 2008 -- The Free Software Foundation (FSF) today announced that it has filed a copyright infringement lawsuit against Cisco. The FSF's complaint alleges that in the course of distributing various products under the Linksys brand Cisco has violated the licenses of many programs on which the FSF holds copyright, including GCC, binutils, and the GNU C Library. In doing so, Cisco has denied its users their right to share and modify the software. Most of these programs are licensed under the GNU General Public License (GPL), and the rest are under the GNU Lesser General Public License (LGPL). Both these licenses encourage everyone, including companies like Cisco, to modify the software as they see fit and then share it with others, under certain conditions. One of those conditions says that anyone who redistributes the software must also provide their recipients with the source code to that program. The FSF has documented many instances where Cisco has distributed licensed software but failed to provide its customers with the corresponding source code. Our licenses are designed to ensure that everyone who uses the software can change it, said Richard Stallman, president and founder of the FSF. In order to exercise that right, people need the source code, and that's why our licenses require distributors to provide it. We are enforcing our licenses to protect the rights that everyone should have with all software: to use it, share it, and modify it as they see fit. We began working with Cisco in 2003 to help them establish a process for complying with our software licenses, and the initial changes were very promising, explained Brett Smith, licensing compliance engineer at the FSF. Unfortunately, they never put in the effort that was necessary to finish the process, and now five years later we have still not seen a plan for compliance. As a result, we believe that legal action is the best way to restore the rights we grant to all users of our software. Free software developers entrust their copyrights to the FSF so we can make sure that their work is always redistributed in ways that respect user freedom, said Peter Brown, executive director of the FSF. In the fifteen years we've spent enforcing our licenses, we've never gone to court before. We have always managed to get the companies we have worked with to take their obligations seriously. But at the end of the day, we're also willing to take the legal action necessary to ensure users have the rights that our licenses guarantee. The complaint was filed this morning in United States District Court for the Southern District of New York by the Software Freedom Law Center, which is providing representation to the FSF in this case. The case is number 08-CV-10764 and will be heard by Judge Paul G. Gardephe. A copy of the complaint is available at http://www.fsf.org/licensing/complaint-2008-12-11.pdf. ### About the FSF The Free Software Foundation, founded in 1985, is dedicated to promoting computer users' right to use, study, copy, modify, and redistribute computer programs. The FSF promotes the development and use of free (as in freedom) software -- particularly the GNU operating system and its GNU/Linux variants -- and free documentation for free software. The FSF also helps to spread awareness of the ethical and political issues of freedom in the use of software, and its Web sites, located at fsf.org and gnu.org, are an important source of information about GNU/Linux. Donations to support the FSF's work can be made at http://donate.fsf.org. Its headquarters are in Boston, MA, USA. ### About the GNU General Public License (GNU GPL) The GNU General Public License (GPL) is a license for software. When a program is released under its terms, every user will have the freedom to
Re: Free Software Foundation Files Suit Against Cisco For GPL Violations
On Fri, Dec 12, 2008 at 11:14 AM, John Gilmore g...@toad.com wrote: OLPC is at risk of similar action unless it gets its act together. The project and its customers have skated by on GPL compliance, figuring that we're the good guys, and make halfhearted attempts every once in a while, so we won't get sued. That didn't work for Cisco. Even a public *allegation* by FSF that OLPC is not compliant would have an effect similar to the We're going Microsoft debacle, further alienating the free software development community who OLPC depends deeply upon. OLPC has, by distributing binaries under DRM, without source code, and with minimal notice, hung a sword over its head that just about anybody could unleash. John Some of us are new to one or another part of this issue, and need a bit more background. o Can you list the offending binaries and explain their faults? o Can you explain how that puts us afoul of the GPL or any other specific license? Or are you just talking about PR effects if we claim to distribute only Free Software, and somebody can say we ship something else in addition, as happened with rms and tdr over the Marvell code on the wireless chip and some other code in ROM? -- Silent Thunder (默雷/धर्ममेघशब्दगर्ज/دھرممیگھشبدگر ج) is my name And Children are my nation. The Cosmos is my dwelling place, The Truth my destination. http://wiki.sugarlabs.org/go/User:Mokurai ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Free Software Foundation Files Suit Against Cisco For GPL Violations
On Fri, Dec 12, 2008 at 11:52:54AM -0800, Edward Cherlin wrote: On Fri, Dec 12, 2008 at 11:14 AM, John Gilmore g...@toad.com wrote: OLPC is at risk of similar action unless it gets its act together. The project and its customers have skated by on GPL compliance, figuring that we're the good guys, and make halfhearted attempts every once in a while, so we won't get sued. That didn't work for Cisco. Even a public *allegation* by FSF that OLPC is not compliant would have an effect similar to the We're going Microsoft debacle, further alienating the free software development community who OLPC depends deeply upon. OLPC has, by distributing binaries under DRM, without source code, and with minimal notice, hung a sword over its head that just about anybody could unleash. John Some of us are new to one or another part of this issue, and need a bit more background. For some basic background, please see http://dev.laptop.org/ticket/4265 http://dev.laptop.org/ticket/4268 Thanks, Michael ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Free Software Foundation Files Suit Against Cisco For GPL Violations
On Fri, Dec 12, 2008 at 12:22 PM, Michael Stone mich...@laptop.org wrote: On Fri, Dec 12, 2008 at 11:52:54AM -0800, Edward Cherlin wrote: On Fri, Dec 12, 2008 at 11:14 AM, John Gilmore g...@toad.com wrote: OLPC is at risk of similar action unless it gets its act together. The project and its customers have skated by on GPL compliance, figuring that we're the good guys, and make halfhearted attempts every once in a while, so we won't get sued. That didn't work for Cisco. Even a public *allegation* by FSF that OLPC is not compliant would have an effect similar to the We're going Microsoft debacle, further alienating the free software development community who OLPC depends deeply upon. OLPC has, by distributing binaries under DRM, without source code, and with minimal notice, hung a sword over its head that just about anybody could unleash. John Some of us are new to one or another part of this issue, and need a bit more background. For some basic background, please see http://dev.laptop.org/ticket/4265 Thanks. That explains about source code and notice. Is there anything about DRMed binaries? http://dev.laptop.org/ticket/4268 That's a lost cursor bug. I assume you meant some other one. Thanks, Michael -- Silent Thunder (默雷/धर्ममेघशब्दगर्ज/دھرممیگھشبدگر ج) is my name And Children are my nation. The Cosmos is my dwelling place, The Truth my destination. http://wiki.sugarlabs.org/go/User:Mokurai ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Free Software Foundation Files Suit Against Cisco For GPL Violations
On Fri, Dec 12, 2008 at 12:34:18PM -0800, Edward Cherlin wrote: On Fri, Dec 12, 2008 at 12:22 PM, Michael Stone mich...@laptop.org wrote: On Fri, Dec 12, 2008 at 11:52:54AM -0800, Edward Cherlin wrote: http://dev.laptop.org/ticket/4268 That's a lost cursor bug. I assume you meant some other one. Yes, http://dev.laptop.org/ticket/4286, thanks. Sorry for the confusion, Michael ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Free Software Foundation Files Suit Against Cisco For GPL Violations
From http://dev.laptop.org/ticket/4265 (To be effective when shipping hundreds of thousands of units to non-English speakers, a translation of the license should be provided as well.) Does FSF have approved translations of their licenses? That sounds like something lawyers could get very picky about. -- These are my opinions, not necessarily my employer's. I hate spam. ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Free Software Foundation Files Suit Against Cisco For GPL Violations
Walter asked: Are there any places where Sugar is in violation of its licenses? Sugar is licensed under the GPLv2, and its source code seems to be provided. (Because it's written in an interpreted language, it never ships binaries -- I think. There may be some small parts that are written in C or C++ to be called from Python, which, if they exist, would have to be looked at. If they're tiny, the easiest thing would be to just include the tiny source code in the binary release.) Sugar before 8.2.0 violated the notice part of the GPL, because running it never told its users of the license, or about what rights they have. I filed this bug (http://dev.laptop.org/ticket/6929) and eventually also wrote the initial changes to fix it, which DSD put (in improved form) into 8.2.0. The GPL requires modified versions to be identified as such, so that users will know they aren't running the stock version released by the mainline author. This GPL requirement is honored largely in the breach by most distros (they patch GPL'd programs all the time, without modifying the version string that is printed by the program). Development versions of Sugar may violate this requirement, if the version-string support in Sugar doesn't notice that it's in between formal releases. In Sugar's case, the main copyright owner is OLPC, so OLPC is unlikely to sue itself over violations. Sugar may contain contributions by others who have not assigned their copyrights to OLPC, which would give those contributors standing to object (or sue). Some of the activities that the Sugar team maintains may not fully comply with the GPL. Ticket http://dev.laptop.org/ticket/6930 tracks that issue. Several such activities have been improved (many were missing a copy of the GPL, or a copyright notice in their source code). John ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Free Software Foundation Files Suit Against Cisco For GPL Violations
Some of us are new to one or another part of this issue, and need a bit more background. o Can you list the offending binaries and explain their faults? Sure. For example, ls is part of the Coreutils. In 8.2.0, it's licensed under GPLv3+ (try ls --version); in earlier releases, it's licensed under GPLv2+. In both cases, OLPC is shipping binary copies of ls on the flash media of laptops. This means that it must ensure that every recipient has either the actual source code of ls, or has both a written offer of such source code and ready access to redeem that offer for the actual code. One of the original ideas at OLPC was that all the source code would be put on the school servers and every school would have a server and so the kids would all have access to the sources. See http://dev.laptop.org/ticket/4286#comment:8 . That didn't work in practice, because many laptops go to places that have no school servers. It didn't work for G1G1 either. See also http://dev.laptop.org/ticket/4417 . There are also some packages for which OLPC doesn't seem to have SRPM's that match its RPM's: http://dev.laptop.org/ticket/4835 . In addition, there's a bigger problem with the packages that are licensed under GPLv3 (24 packages in 8.2.0, and growing). GPLv3 bans TiVoization which is the way that the TiVo company figured out how to cheat the GPLv2. They used a ton of GPL software to build a product, flashed the binaries into a physical product, and provide all the matching source code -- but the firmware in the physical product will never let you reflash the binaries. This means you are free to modify the source code and recompile it, but you can never actually modify it IN THE PRODUCT. GPLv3 bans this, for products designed for household or consumer use. If the vendor themselves has the power to reflash the binaries, then the consumer must be provided the keys and instructions required to do so. OLPC follows exactly the TiVo model. It comes with DRM that prevents the kids from reflashing their own laptops, even though OLPC can reflash them with new versions. The DRM directly affects modified versions of the kernel and initrd, which do not contain software licensed under GPLv3. Coreutils (ls) is GPLv3 though. Normally, to modify ls you wouldn't need to reflash; you could just log in as root and install the new version on top of the old version (with rpm or yum or cp). But some of the countries who distribute OLPC laptops want even more control -- they have disabled root access completely for the kids. This means the kids can't just login as root; they'd need to reflash to install a modified version of ls, and they can't. This violates GPLv3. In addition, one of the key deliverables for the 9.1 release is limited-time leases that would make the laptop refuse to boot, if some third party who has OLPC connections doesn't issue it a new lease periodically. Part of the implementation strategy was/is to avoid cheating by denying every laptop user the ability to reset the laptop's clock. This can only be enforced if root access is removed. Thus Uruguay's mistake is scheduled to be spread into every country as of the 9.1 release. This violates GPLv3. OLPC has a complicated process for getting the keys that would enable you to reflash your laptop, get past the lease crap, (or merely to boot software, such as the Fedora 10 release, that isn't signed by OLPC's secret keys). This is the developer key process, which requires Internet access, a 24-hour arbitrary delay imposed by OLPC, and a lot of hand-holding and instructions. Many kids in the mountains of Peru and Uruguay do not have Internet access. There's supposedly a way to send a postcard to OLPC, but I think it has never been tried (it neglects to tell the kids to include their serial number and UUID, which are required; and it would require that the kids correctly type in a long string of random letters and digits. The Support Gang has had lots of trouble with *adults* with email and telephones being unable to do such things.) It may also be that the rootless Uruguayan laptops have also removed the instructions on how to get a developer key (I haven't seen their distro; is there a copy of it anywhere publicly accessible?). Even in OLPC's mainstream software releases, it is never clearly explained what restrictions are built into the product, what a developer key is, why OLPC is required to offer you one, why you might want it, why your laptop won't boot a Fedora SD card or an Ubuntu release, etc. That info is scattered around the wiki. The last suggestion I heard from OLPC along these lines was that the kids aren't actually the owners of the XO laptops, so it doesn't matter what we do to the kids. The *schools* own the laptops and we can give *them* the keys to the DRM. This kind of legal sophistry, besides being exactly opposite the OLPC party line (the kids own the laptops, they take them home every night, they teach them to their
Re: Free Software Foundation Files Suit Against Cisco For GPL Violations
On Fri, 12 Dec 2008, John Gilmore wrote: anything -- without permission from the manufacturer. The OLPC comes with DRM, like the TiVo, the iPhone, and the Google G1 phone. While I for the record I believe that the google G1 phone is open, the various other android based phones are locked down. David Lang ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Free Software Foundation Files Suit Against Cisco For GPL Violations
On Fri, Dec 12, 2008 at 10:53 PM, John Gilmore g...@toad.com wrote: The last suggestion I heard from OLPC along these lines was that the We had a _private_ conversation in which I carefully said that I was _not_ speaking for OLPC, and had no say or authority over laptop stuff. I look after the server and we both agreed that the server does the right thing at every corner. I am surprised that you'd misrepresent that private discussion in this way. To clarify for the rest of list, I mentioned in a much wider discussion that from my legal training in software licensing (2 papers, masters level) I observed that I suspect (but do now know fora fact) that in deployment countries kids are _not_ allowed to sell the laptops for profit while they are in school, so perhaps they don't own them in the legal sense until they finish school. Kids have the laptops to themselves in a practical everyday sense, they take them home and use them freely. But the fact that the school restricts their sale (and other things, like, oh, removing the sw that makes them useful in school) hints at where the legal ownership resides. Again -- this is my personal understanding. I don't speak for OLPC in these matters, and I am _not_ a lawyer. My _personal_ suspicion is that GPLv3 doesn't have a strong anti-tivolisation case here, ask a competent lawyer. cheers, m -- martin.langh...@gmail.com mar...@laptop.org -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: Free Software Foundation Files Suit Against Cisco For GPL Violations
On Fri, Dec 12, 2008 at 4:53 PM, John Gilmore g...@toad.com wrote: Some of us are new to one or another part of this issue, and need a bit more background. o Can you list the offending binaries and explain their faults? Sure. For example, ls is part of the Coreutils. In 8.2.0, it's licensed under GPLv3+ (try ls --version); in earlier releases, it's licensed under GPLv2+. In both cases, OLPC is shipping binary copies of ls on the flash media of laptops. This means that it must ensure that every recipient has either the actual source code of ls, or has both a written offer of such source code and ready access to redeem that offer for the actual code. Interesting. I have never received a Linux system with either the source code or a written offer of source code. I certainly know where to download it. One of the original ideas at OLPC was that all the source code would be put on the school servers and every school would have a server and so the kids would all have access to the sources. See http://dev.laptop.org/ticket/4286#comment:8 . That didn't work in practice, because many laptops go to places that have no school servers. It didn't work for G1G1 either. See also http://dev.laptop.org/ticket/4417 . Presumably we could have included a CD, regardless of whether recipients had drives. There are also some packages for which OLPC doesn't seem to have SRPM's that match its RPM's: http://dev.laptop.org/ticket/4835 . Wouldn't surprise me. Who is supposed to take care of this stuff? In addition, there's a bigger problem with the packages that are licensed under GPLv3 (24 packages in 8.2.0, and growing). GPLv3 bans TiVoization which is the way that the TiVo company figured out how to cheat the GPLv2. They used a ton of GPL software to build a product, flashed the binaries into a physical product, and provide all the matching source code -- but the firmware in the physical product will never let you reflash the binaries. This means you are free to modify the source code and recompile it, but you can never actually modify it IN THE PRODUCT. GPLv3 bans this, for products designed for household or consumer use. If the vendor themselves has the power to reflash the binaries, then the consumer must be provided the keys and instructions required to do so. OK, now I know what you are talking about. Yes, I would prefer children to have complete software freedom. I don't see it happening. I expect that if faced with this question directly, governments would uniformly assert that they are the consumers, and that no court in their countries would disagree, since the government paid for the equipment. I also see no way that a US court would hold any of this to be a license violation, given that the source code is delivered to the governments. OLPC follows exactly the TiVo model. It comes with DRM that prevents the kids from reflashing their own laptops, even though OLPC can reflash them with new versions. The DRM directly affects modified versions of the kernel and initrd, which do not contain software licensed under GPLv3. Coreutils (ls) is GPLv3 though. Normally, to modify ls you wouldn't need to reflash; you could just log in as root and install the new version on top of the old version (with rpm or yum or cp). But some of the countries who distribute OLPC laptops want even more control -- they have disabled root access completely for the kids. This means the kids can't just login as root; they'd need to reflash to install a modified version of ls, and they can't. This violates GPLv3. In addition, one of the key deliverables for the 9.1 release is limited-time leases that would make the laptop refuse to boot, if some third party who has OLPC connections doesn't issue it a new lease periodically. Part of the implementation strategy was/is to avoid cheating by denying every laptop user the ability to reset the laptop's clock. This can only be enforced if root access is removed. Thus Uruguay's mistake is scheduled to be spread into every country as of the 9.1 release. This violates GPLv3. OLPC has a complicated process for getting the keys that would enable you to reflash your laptop, get past the lease crap, (or merely to boot software, such as the Fedora 10 release, that isn't signed by OLPC's secret keys). This is the developer key process, which requires Internet access, a 24-hour arbitrary delay imposed by OLPC, and a lot of hand-holding and instructions. Many kids in the mountains of Peru and Uruguay do not have Internet access. There's supposedly a way to send a postcard to OLPC, but I think it has never been tried (it neglects to tell the kids to include their serial number and UUID, which are required; and it would require that the kids correctly type in a long string of random letters and digits. The Support Gang has had lots of trouble with *adults* with email and telephones being unable to do such things.) It may
