GPLv3 — Nice Answers LT !

Reading debate between proses to build and drafting the GPLv3 was very interesting, i following some forum that Linus has been desperate with the new version of GPL. I just confusing of some changes in 61 Document of GPLv3. But when i read comment of Linus on forum i can understand why. Find new document on fsf.org or see the news on http://www.infoberita.com.

So this is the core of Linus answer at that forum :

I happen to believe that politeness (especially on the internet) is somewhat overrated, since it’s too damn easy for people to misunderstand each other anyway, and a bit of bluntness can often punch through the more superficial issues. But hey, it’s your forum and your rules, and you have the right yp (and should) enforce your own rules 😉

So to answer your post:

First, the GPL wasn’t written just for Linux. It was written for everybody, including end users, so it’s simply not true that developers should get a louder voice. Linux is one GPL entity, but it isn’t they only one, by a long shot. So Linux uses the GPL, not the other way around.

Hey, I have no problem with that. I do have a gripe when people (very much including the FSF) then think that I should apparently mindlessly agree with a new version, even though I have made it very clear that I think the new version is much worse.

I’m telling it like I see it. The GPLv2 was a wonderful license. The GPLv3 is a total disaster. I’ve explained why I feel that way, and I don’t see why you even argue against me. Are you saying that I don’t have the right to choose my own license, especially one that has been very much a success, and that thousands of people (and hundreds of companies) have signed off on?

If somebody else wants to use the GPLv3 for a project they wrote, that’s obviously their choice, but wouldn’t it be good if they were first educated about why at least one big project maintainer decided it was a bad idea? The kernel is staying with v2, and I’m trying to tell people why. And yes, I’m upset when I get whining about the license on the project I started and still maintain. I’m sorry PJ, but you simply don’t have the moral right to complain about another persons choice of license for his work, and neither does anybody else.

(Btw, this cuts both ways. It’s why I don’t complain about companies that think they should use the BSD license or keep their source code proprietary. Microsoft is obviously perfectly within its rights not believing in open source, and nobody should complain about them over that)

Finally, I believe you are repeating your misunderstanding about binary drivers. Really. You need to stop saying that about security. There is nothing in the GPLv3 that I’ve seen that says you have to provide the keys to the binaries.

Sorry, but you are just wrong. Maybe you don’t understand the technical points, but let me quote the GPLv3 draft for you:

The Corresponding Source also includes any encryption or authorization keys necessary to install and/or execute modified versions from source code in the recommended or principal context of use, such that they can implement all the same functionality in the same range of circumstances.

And the thing is, that’s exactly what requries a company like Tivo to give out the keys that they use for signing the binaries they trust. It’s also something the DVD consortium would use to give out keys to the people they trust.

You seem to think that’s a capital idea to make it illegal to use these things with open source, because you think Tivo is doing something bad. But what you don’t realize, and what you refuse to listen to, is that the same clause also makes a lot of other uses impossible.

So let me repeat. The GPLv3 makes technical decisions where no technical decisions should be made. It makes a technical requirement that actually limits how the system can be used, in bad ways.

The fact is, people who build their own hardware are perfectly within their rights to then limit the use of that hardware some way. It’s their choice if they let others tinker with it, the same way it is my choice whether I let other people tinker with the code I write.

And the fact is, anything that tries to stop Tivo from doing what they are doing very fundamentally stops others from doing perfectly valid things, because the technology doesn’t care. Keysigning (and keeping those keys secret) is just a tool. You can’t tell people that they can’t use that tool. It’s stupid.

Finally, as a constructive thing, let me tell you what would not be stupid, for example.

For example, it would not be stupid to have a clause that requires that you make it easy to verify that you actually complied with the GPL licenses. So it would not be stupid to say (for example) that you must not encrypt the binary in order to make it harder to decode and verify that it matches the sources you made available.

See the difference? This one doesn’t say that encryption and keys are bad, and it doesn’t say that it’s wrong to limit your hardware some way. Instead of limiting the use of the software, it just says that you cannot try to hide the changes you’ve done, so that we can more easily verify that you actually did comply with the “you have to make your sources available” part.

But that’s not what the GPLv3 does. The GPLv3 tries to expand the copyright past the project itself. Instead of saying that it cares about the source code, the GPLv3 says that it also cares about the hardware, and the environment required to run the source code. That’s a big thing.

And let me give you an example that is not about Tivo, but very much about the very thing that the GPLv3 explicitly mentions: keys for things like DVD players that may have special keys in hardware that are actually used to decrypt the disk.

For example, let’s say that you were creating a trusted voting machine. You’d really want to verify the software that the machine is running, so you’d obviously want that to be open source, so that people can see what it actually does, and you’d also like to verify that the binary that is run actually matches that source code.

Fine so far. But you might very validly also want to have a secret key that is actually used for communicating the end results, and/or validate the hardware itself. You do not want to have people make their own random voting machines (using either proprietary or open source software, and proprietary or open hardware), and have them be able to connect to the central voting registry and claim to be “valid”.

See? Secret keys are a tool. They are a tool for privacy, they are a tool for DRM, they are a tool for identity validation, they are a tool for a lot of things. The fact that they can be used to limit something does not make them bad.

And by definition, that secret key must be secret. It would be handed off to the software by an external means, and while the software would be “functional” without it, it sure as hell wouldn’t be able to do what a real voting machine is able to do without it. So by definition, that secret key is very much required for the “same functionality”, the exact same way that a DVD player has a secret key to actually show the contents of the disk.

Can you not see that the GPLv3 makes something like this illegal? Can you not see that it is technically exactly the same thing as what Tivo wants to do? Can you not see that making technical limitations in a license is a huge and gaping problem?

And the thing is, the stupid and idiotic key signing rules are just my particular hang-up. It’s actually not what most companies seem to be upset about. There aren’t that many Tivo’s or voting machine manufacturers about, so I’m not complaining because people have been complaining to me – I’m complaining because I see a very fundamental disconnect between the technology and the license.

But companies seem to be more upset about the patent wording. The point being, the GPLv3 really does have problems, and not admitting that those problems exist is fairly shortsighted. The people here, for example, seem to sometimes degenerate into more of a “politically correct groupthink”, and less about critical thinking in general.

The fact is, the GPLv2 has been very successful for fifteen years. Why are you automatically assuming that the v3 changes are changes for the better?
Linus

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: