Well the wild ride that was August appears to have tapered off a bit as the month drew to a close, so Linux bloggers have finally had a few days to stop and catch their breath.
Bartenders throughout the blogosphere have had a chance to restock their supplies, and conversations have, for the most part, returned to normal volumes.
The one exception in that last respect, however, has been a debate that’s actually been gaining momentum over the past few weeks since the Free Software Foundation’s Brett Smith published a little piece entitled, “Android GPLv2 termination worries: one more reason to upgrade to GPLv3.”
‘Make the Switch to GPLv3’
“When we wrote GPLv2 in 1991, we didn’t imagine that a free software project might have hundreds of copyright holders, making it so difficult to get a violator’s rights restored,” Smith wrote.
“We want it to be easy for a former violator to know that they’re still allowed to change and share the software; if they stop distribution because of legal uncertainty, fewer people will have free software in the long run,” he explained. “Hence, we created new termination provisions for GPLv3. These terms offer violators a simple method to earn back the rights they had.”
Because of that and for other reasons, “we urge developers who are releasing projects under GPLv2 to upgrade to GPLv3,” Smith concluded. “Companies that sell products that use Android can help out by encouraging the developers of Linux to make the switch to GPLv3.”
‘Is It Fair to Use FUD?’
Smith’s piece sat quietly for several days before Linux bloggers noticed it. Once they did, however, there was no stopping them.
“FSF uses unproven compliance issue to promote GPLv3,” was the charge over at ITworld, for example. “Is it fair to use FUD to promote GPLv3 over GPLv2?”
“New GPL licence touted as saviour of Linux, Android,” was the wry observation at The Register.
Linux Girl’s Debate-o-Meter started screaming soon afterward, so she headed straight for the blogosphere’s Punchy Penguin Saloon to learn more.
“GPLv3 Linux for Android? That’s so bad it’s not even wrong!” began Barbara Hudson, a blogger on Slashdot who goes by “Tom” on the site.
“Mobile phone manufacturers don’t make different silicon for each market — instead, they customize the device’s software so that the phone can be type-approved by each country individually,” Hudson explained.
A GPLv3 Android phone, however, “with all the decryption keys available to any user on demand, is just inviting abuse,” Hudson opined. “No manufacturer would make such an insecure-by-design device, and no telco would put the stability of their network at such risk.”
‘You Automatically Receive a New License’
In addition, “despite the article’s claim of ‘permanent termination,’ it’s very easy to get a new license to redistribute a GPLv2 program — just download or otherwise get a new copy, as per section 6 of the GPLv2, and you automatically receive a new license grant, which is valid as long as you are in compliance,” Hudson pointed out.
“While this doesn’t ‘whitewash’ any problems that arose under the old license grant, it’s clear that the new license cannot have additional restrictions, such as a past license termination, imposed on it,” she added.
Hudson actually went so far as to contact Smith, the article’s author, to point out “these and other issues,” she told Linux Girl. “He insists that once a license is terminated, that’s it.
“However, the law is clear: in all ‘take-it-or-leave-it’ contracts such as the GPL, the contract must be interpreted in the recipient’s favor (contra proferentem),” Hudson pointed out. “Companies in compliance have the legal right to rely on the grant provided by section 6 of the GPL.”
‘People Acting Like the GNUstapo’
Ultimately, “this is not about Android and Linux licensing, but about pushing an agenda,” Hudson concluded. “The usual suspects have made Android and Linux licensing a hot issue. The last thing we need is people acting like the GNUstapo and adding fuel to the fire.”
Meanwhile, “it’s a safe bet Google is working on a BSD-hosted version of Android as a fallback,” she added. “If I were them, that’s what I’d be doing.”
Roberto Lim, a lawyer and blogger on Mobile Raptor, saw a different problem with GPLv3.
The Anti-Tivoization Effect
“I do not see anything wrong with the new termination clauses in GPLv3,” Lim told Linux Girl, “but there is one issue in GPL version 3 which I think should be considered seriously.”
Namely, whereas companies that make devices running GPL software “can use digital rights management technologies to make sure that the device will only function with its official software” — known as “Tivoization” — “GPLv3 wants to prevent Tivoization and force Mr. Manufacturer to allow end users to modify the software installed on the appliance or device for their own purposes without restriction,” Lim pointed out.
“This is effected by requiring that the source code be accompanied by any activation keys or methods which would allow the end user to run modified software on his device,” he added.
‘GPLv3 Will Place Them at Risk’
“Maybe a few years ago that would have been a good idea — that was back when we would pay full price on our hardware,” Lim suggested. “But we are moving into an area where manufacturers are now also service providers. Like Amazon’s coming tablet, they might subsidize the cost of new hardware in exchange for the profits they expect to make from after-sales profits from software and services.”
GPLv3, then, “will place them at risk of having their subsidized hardware used for purposes other than intended and may make Linux adoption harder,” he asserted.
“Is the point of GPL to allow others to build on your achievement and make entirely new things, or is it to allow users to tinker with the devices themselves? I think it is the former,” Lim concluded, “and GPLv3 benefits a very small, but very noisy, segment.”
‘Simply Too Much Work’
Consultant and Slashdot blogger Gerhard Mack saw yet another problem.
“The FSF forgets that for many cases, changing the existing license is impossible,” Mack said.
“To switch the license, each contributor with code still in the project must agree to a change, and some projects are now so large that it’s difficult to find everyone,” he pointed out. “Replacing the code of everyone who can’t be found is simply too much work. In the case of some projects, some of the original authors are even dead.”
Chris Travers, a Slashdot blogger who works on the LedgerSMB project, didn’t see anything new in the FSF’s pro-GPLv3 effort.
“They have been doing this since the GPLv3 came out,” he explained. “Anyone who bought the FSF’s line has probably already switched. Those of us who don’t like things in the GPLv3 will stick with the GPLv2 and ignore them.”
‘They Better Hope Oracle Wins’
For Slashdot blogger hairyfeet, however, the FSF’s effort is too little and too late, he told Linux Girl.
“The FSF and even Torvalds don’t own FOSS anymore — Google does,” hairyfeet explained.
“If Google were to fork the kernel tomorrow, how many developers do you think would follow it?” he asked. “Sadly, as much as FOSS users like to go, ‘boo hiss’ at Oracle, they better hope Oracle wins against Google.
“If they lose? Well, it’s not a mystery why Google doesn’t allow GPLv3 anywhere near Android,” he added. “As one of the guys at Google said, ‘Android is open FOR OEMS’; the unspoken part of that is, ‘and not for you, silly user!'”
‘FSF Is Right to Push for GPLv3’
Indeed, “one of the few differences I have with Google and Android/Linux is the crummy license Google chose,” blogger Robert Pogson told Linux Girl. “They could have dashed off a typical platform of GNU/Linux with the GPL but chose other software just to avoid the GPL.
“Now look what’s happened: They’ve closed a lot of the source on Android 3.x and no one knows where they stand,” Pogson explained. “Can Samsung trust Google now that Google’s bought Motorola? How open is the Open Handset Alliance now that some of the code is closed? This is a huge mistake, and FSF is right to push for GPLv3 or better.”
In fact, “we should be making software and hardware, not fighting over the code,” Pogson opined. “By forking Linux and closing the code, Google is making the old guard look good. At least they were consistent.”
Pogson “can forgive Google for not thinking this through from the beginning,” he added. “Who knew how big Android/Linux would get?
“The world needs good IT, but this is not the way to do it,” Pogson concluded. “Being consistent and sticking with FLOSS would have prevented so many problems no one needs.”
I’m pretty sure google shares source with it’s OEM’s under a NDA even though the source isn’t public.
Also as far as keys, it’s not clear that it’s any more of a security risk than including a dev mode. Eliptical curve Key encryption allows for per-device keys, which could be printed somewhere on the phone, or delivered via mail upon request.
I can spot two bigger issues with the GPL-3 as far as a mobile manufacturer would be concerned.
The first is the anti-DMCA clause. Which would make it diffucult or impossible to get certain types of media delivered to your device.
"When you convey a covered work, you waive any legal power to forbid circumvention of technological measures to the extent such circumvention is effected by exercising rights under this License with respect to the covered work, and you disclaim any intention to limit operation or modification of the work as a means of enforcing, against the work’s users, your or third parties’ legal rights to forbid circumvention of technological measures."
The second is the Patent clauses. In some cases the GPL v.3 (and even v.2) greatly weaken some sorts of patents claims under certain conditions, and with patent wars ever escalating, some companies are hesitant to holster any of their guns in this fight.
That might still allow one to use GPL V3 although IANAL, but with regards to DMCA style DRM one could do that in hardware. With today’s hardware having firmware I see no reason why the OS couldn’t simply hand off to the hardware and let the hardware take care of keys. This shouldn’t violate GPL as plenty of distros allow non free firmware and even though RMS may not like it from the looks of things the firmware will ALWAYS stay locked and I for one understand why.
Look at the HD4830 and HD4850 for instance. it is only firmware and a $100 price point at launch that separate the two. Now imagine if it was trivial for anyone to simply load a Linux that flipped the bit? they’d have to go to burning traces like Intel does which raises costs that WOULD be passed on to the consumer. Personally i like knowing that if I feel brave i can attempt to hack the firmware without needing a soldering iron.
As for patents? Again if your patents are tied in hardware no problem, and if you are tying your patents to software that is GPLed….what are you, nuts? GPL and software patents go together about as well as candy and rotten meat! RMS has been and frankly always WILL BE against ANY real form of patents and copyrights, which is why he calls the GPL copyleft. if you want to play with software patents frankly you would be better off talking to MSFT about WinPhone or using another proprietary OS.
That said most Android devices are made in China, where they don’t care about patents or copyrights anyway! if you share your patented tech with a country known for "keeping it real fake" and knockoff, just to save a few bucks? then you deserve to lose because you are a moran.