GPL License vulnerabilities

Posted 9 Jun 2003 at 19:41 UTC by lkcl Share This

There may be a problem in the future with GPL licensed programs: the dependence on the FSF for "later versions" of the GPL. A quick search on google.com for "Free Software Foundation Charter" shows the following link which addresses the issue of code OWNED by the FSF, but does not address the issue of corruption of the FSF and subsequent release of a corrupted GPL.

yes, i did write to the fsf. no, i did not receive a response.

what is the issue? corrupted versions of the GPL.

here is section 9 of the GPL.

the first thing a corrupted +1 revision of the GPL would do would be to drop this clause (consequently still maintaining "the spirit of the present version", and a corrupted +2 revision of the GPL would then be free to say whatever it liked.

  9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time.  Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.

Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation.

so, that says, "if the FSF wants to release a new version of the GPL, and the author has not specifically said that their code is released under a specific version (there are two, at present), then ANYONE may re-release the code under the 'new' version of the GPL".

consequently, it would appear that we, as authors who write code under the GPL, are totally beholden to the FSF and its charter, parts of which are available on request, the whole of which is not available on-line for public scrutiny.

i think the FSF ought to do an OCR scan of their charter and get it onto their web site ASAP.

ideals are fine: the aims of the FSF are laudable. it's where ideals hit the real world that chinks in the armour start to matter.

if anyone believes that it is appropriate to respond to this article with anything along the lines of "rubbish, nobody would corrupt the FSF", think again. there's a rumour that a recent internal memo is floating around microsoft saying "Stop Open Source At Any Cost".

so "rubbish it'll never happen" responses are not appropriate: from a security perspective, sticking your head in the sand and pretending that an attack is never going to happen is an open invitation. [for example, i know someone whose six very expensive remote-computer-control telescopic-lens infra-red security cameras were stolen to order...]


One more uninformed FUD., posted 9 Jun 2003 at 20:06 UTC by yeupou » (Master)

This issue can be addressed simply (but licensing@gnu.org can provide you a better answer, in a better english than me, if you care).

There is a lot of practical reasons to avoid blocking a software to a specific version of a license (browse savannah-hackers@gnu.org archives, in you matter what).

But it's important to understand that if (hypothesis) the GPL v3 is more restrictive than the GPL v2 and if you are unhappy with it, your code under the GPL v2 and any later version can still be distributed under the GPLv2 rules.

You bring here the fear of Microsoft. But what? Whatever any later version of the GPL may be, it can't stop free software, it cannot modify the GPL v2.

- Do you fear the GPL to become a mBSD-like (less restrictive)? It shows a little trust in the FSF led by Richard Stallman, but it's an acceptable reason to pick the GPL v2 only. Linux is a well-known software under the GPL v2. - Do you fear the GPL to become a more restrictive license? You'll always be able to follow GPL v2 rules, you and your users, at your option.

So what?

not restrictive but UNrestrictive, posted 9 Jun 2003 at 21:50 UTC by lkcl » (Master)

yeupou,

thanks for pointing out that i have not been specific enough: my concerns are as follows, which are that the GPL could become an mBSD-like license OR WORSE, an mBSD-like license with no warranty or protection (of the software or its authors):

1) corrupting corporation takes over FSF and modifies charter (if that is in fact necessary: we don't know because we can't multi-eyeball the FSF's charter). bribery, blackmail or suing of individuals of FSF is not out of the question to achieve 1)

2) GPLv3 is written which is same as GPLv2 except clause 9) is removed (thus circumventing clause 9 because even without it, GPLv2 conforms to "the spirit of all previous versions of GPL")

3) GPLv4 is written which states that any code under GPL no longer has to conform to the principles of open and free software; also it removes protection of "no warranty"; also it removes protection from patent infringement.

4) corrupt individuals and corporations then take ANY software that is released under GPL-without-specific-restriction-on-version and start making it available under GPLv4 on their web sites.

5) corporations start legitimately suing the pants off of the authors, quoting the GPLv4 under which their patent / intellectual property is violated, or worse yet, they take them to the monopolies and mergers commission for "unfair commercial advantage" - giving away proprietary software "for free".

6) other corporations take advantage of GPLv4 having no principles of open and free software and start using it as the basis for proprietary software, secure in the knowledge that they will be conforming to the license.

basically every nightmare scenario attack on open source principles.

i am sorry but as a creative individual with an active imagination, i _have_ to raise these concerns, such that they can be appropriately discussed, legitimately dismissed as having already been dealt with, or addressed as appropriate.

please excuse me for pointing out that you slightly missed the point., posted 9 Jun 2003 at 21:57 UTC by lkcl » (Master)

Whatever any later version of the GPL may be, it can't stop free software, it cannot modify the GPL v2.

that is true, absolutely true.

... however, the above scenario can be used to CIRCUMVENT the GPLv2 to attack software released under a GPL license without specifically stating which one version of the GPL the software is released under, and also to attack the authors themselves.

corporations with enough money would easily be able to make a case stick against any authors that do not restrict their software to being released specifically under GPLv1 or GPLv2 instead of "any" GPL including future ones, on the basis that actual damages to them had occurred as a direct consequence of the software being sold [under GPLv4 by dummy corporation X] etc.

does that answer your question?

why we are safe, posted 10 Jun 2003 at 01:40 UTC by jbuck » (Master)

The FSF signs a legal contract with every code contributor that binds the FSF to keeping the code free.

The FSF also requires contributors to sign legal documents pledging not to encumber the release at a later date, by, for instance, bringing a patent action.

If you are worried about later versions..., posted 10 Jun 2003 at 02:12 UTC by tk » (Observer)

...just remove the "later versions" part from your redistribution terms. Thanks to cactus for pointing that out a long time ago.

Taking out the &quoany later version&quo clause is a mistake, posted 10 Jun 2003 at 04:42 UTC by jbuck » (Master)

Anyone who falls for the anti-FSF FUD and takes out the "any later version" clause is taking a risk: what if some lawyer succeeds in poking a hole in the GPL? If so, then GPLv3 can correct the hole. But those who take out the "later version" clause will then have created license-incompatible code. This can be fixed only if all authors can be tracked down and all agree to permit use of the new license -- something that will be near-impossible for the Linux kernel with its hundreds of authors.

Linus is the leading FUD-slinger here, which will be ironic if/when he needs the FSF's Eben Moglen to help get him out of a legal hole with SCO.

Taking out the &quoany later version&quo clause is a mistake, posted 10 Jun 2003 at 04:45 UTC by jbuck » (Master)

Anyone who falls for the anti-FSF FUD and takes out the "any later version" clause is taking a risk: what if some lawyer succeeds in poking a hole in the GPL? If so, then GPLv3 can correct the hole. But those who take out the "later version" clause will then have created license-incompatible code. This can be fixed only if all authors can be tracked down and all agree to permit use of the new license -- something that will be near-impossible for the Linux kernel with its hundreds of authors.

Linus is the leading FUD-slinger here, which will be ironic if/when he needs the FSF's Eben Moglen to help get him out of a legal hole with SCO.

sigh, posted 10 Jun 2003 at 06:26 UTC by djm » (Master)

6) other corporations take advantage of GPLv4 having no principles of open and free software and start using it as the basis for proprietary software, secure in the knowledge that they will be conforming to the license.

wrt "principles of open and free software": long before there was a GPL, there were licenses which allowed proprietary development. Just because you personally feel burned by the corporate world's use of code that you wrote[1] doesn't make BSD-like licenses any less a part of the free software world.

In fact, many of us choose such licenses precicely because they encourage commercial adoption.

[1] This is doubly ironic as this code was released under the GPL.

good comments., posted 10 Jun 2003 at 08:21 UTC by lkcl » (Master)

i am very encouraged to see the comments raised here.

djm, that i raise this issue has nothing to do with my specific experiences of the corporate world's use of code.

also, the description and use of what i call "GPLv4" is _way_ beyond BSD-like licenses: what i call corrupted "GPLv4" is a license that deliberately removes the legal protections from an author and their code.

jbuck, i am not specifically talking about FSF-owned code, in fact i am specifically talking about code owned by EVERYONE under the GPL. it looks like, and as you point out, from the references that i found and quoted in the original post, that in fact code owned by the FSF is specifically protected under a contractual agreement between the FSF and the author.

it's everyone _else_ that i am concerned about [who releases code under a non-version-specific GPL].

hope this helps clarify things. i should also mention that i am raising this issue in order that it can be discussed, legitimate holes found in the point i am making, a sensible approach resolved to deal with the potential problem etc.

Need title, posted 10 Jun 2003 at 10:02 UTC by yeupou » (Master)

lkcl, the GPL cannot change without Richard Stallman direct approval. And he is a man that seem to completely ignore corrution.

But "the spirit of all previous versions of GPL" is not something vague. You can browse all gnu.org to understand it. So if someday a new GPL was going against things written at gnu.org, I doubt that this new GPL causes trouble because, because "GPL v2 or any later version" actually means "GPL v2 or any later version that are in the spirit of the GPL v2". That means that new items can be added in others GPL version, but it cannot go at the contrary of the GPL v2. And potential changes to the GPL you listed are all going against the GPL v2.

djm, reasons why some people choose mBSD licenses are not discussed here. It's a point of view. Some people, as you, believe that a non-restrictive license to be used widely, some other, as lkcl apparently, want their code to be widely used only if it remains and protect free software. Your OpenSSH example is boring: what does it proves? That a BSD license permit a software to be included in many systems? And what? Does it proves that commercial means proprietary stuff build ontop of free stuff? Cannot it mean free stuff ontop of free stuff?

licenses schmicenses, posted 10 Jun 2003 at 10:36 UTC by djm » (Master)

yeupou: I raised BSD-style licenses because lkcl implicitly impugned them by his "principles of open and free software" statement. By the way, the example URL shows free non-commercial, free commercial and proprietary stuff on top of free stuff.

Uncorruptible Stallman, posted 10 Jun 2003 at 14:01 UTC by Omnifarious » (Journeyer)

Barring any interesting medical advances, Richard Stallman won't live forever.

The contracts also protect un-assigned code, posted 10 Jun 2003 at 14:16 UTC by abraham » (Master)

It is true that the assignment contracts doees not directly protect code covered by the GPL, but not assigned to the FSF. However, since most of the FSF assigned code is also under the GPL with the "or any later version" clause, they do so indirectly. When the FSF releases GPL v3 (which is currently being drafted), it will affect al the GPL code covered by the clause equally, assigned or unassigned. Thus, it if weakens the protection of the unassigned code, the assigned code will be weakened similarily, so it has to stay within the bounds of the assignment contracts.

Holes and spirits, posted 10 Jun 2003 at 14:48 UTC by tk » (Observer)

[jbuck] what if some lawyer succeeds in poking a hole in the GPL? If so, then GPLv3 can correct the hole.

So the correct way to plug a hole is to simply imagine that a future (license) architect will plug it, and not create any new holes in the process?

If we stick to one particular license (GPL v2), if there are any holes, at least we can know where the holes are. But if we allow "later versions" to come into the picture, we won't know anything: we'll practically be placing ourselves on shifting sands. Even if the FSF doesn't experience a hostile takeover,[*] how do we know that well-intentioned FSF members won't inadvertently introduce new holes in a new license?
[*] much like the Cult Awareness Network was taken over by Scientology

It's not FUD; it's a real problem.

[yeupou] But "the spirit of all previous versions of GPL" is not something vague. You can browse all gnu.org to understand it.

Yes, it is vague, if one can't state it in legal terms ("you can browse all gnu.org" obviously isn't a legal definition).

Even outside of legal circles, one can argue for years over what "the spirit of GPL" is (or for that matter, what the "spirit" of X is for any X; the spirit of computing, the spirit of Unix, the spirit of Forth, the spirit of Open Source, ...). After a while, some bloke who's achieved "enlightenment" on the "spirit" of the GPL will be able to give the "correct interpretation" that GPLed software should be used only by freedom fighters...

Loopholes and loopholes, posted 10 Jun 2003 at 15:33 UTC by abraham » (Master)

tk you are not talking about the same as jbuck, he is talking about loopholes not known (perhaps because they do not yet exist) at the present time, you seem to be talking about already known holes. The best way to handle a known problem, is of course to fix it. The only way to handle an unknown hole, is to allow for someone to plug it sometime in the future.

tk, posted 10 Jun 2003 at 18:52 UTC by yeupou » (Master)

tk, I did not say that "browse www.gnu.org'" is a legal term. But a decent lawyer can easily confirm or infirm that a change is conform to the GPL and FSF spirit, because there are hundred unequivocal text that explains the GNU project goal.

The argument you picked is inaccurate: "GPLed software should be used only by freedom fighters... ". I addressed it already in my first message ("Do you fear the GPL to become a more restrictive license? You'll always be able to follow GPL v2 rules, you and your users, at your option.").

double-release (via GPLv3 without clause 9, then corrupted GPLv4), posted 10 Jun 2003 at 19:57 UTC by lkcl » (Master)

But "the spirit of all previous versions of GPL" is not something vague. You can browse all gnu.org to understand it. So if someday a new GPL was going against things written at gnu.org, I doubt that this new GPL causes trouble because, because "GPL v2 or any later version" actually means "GPL v2 or any later version that are in the spirit of the GPL v2". That means that new items can be added in others GPL version, but it cannot go at the contrary of the GPL v2. And potential changes to the GPL you listed are all going against the GPL v2.

yeupou, that is why i said that a 2-stage attack is needed.

first, you take software X which is released under GPL not specifically GPLv1 or specifically GPLv2. you release it under GPLv3 which has had clause 9) removed: the remainder of the license is still within "the spirit" of GPLv1, v2 and v3 - all GPL licenses up until that time.

then you modify GPLv3 to GPLv4 with all of the author and code protection taken out, and re-release the code a SECOND time under the new corrupted GPLv4.

in this way it is possible to circumvent the GPL's protection, which is what i am most concerned about.

p.s. does anyone in the US want to take up the FSF's offer of receiving a posted copy of the FSF charter, in order to scan and OCR read it on their behalf?

Please stop the anti-GPLv3 FUD, posted 10 Jun 2003 at 22:01 UTC by jbuck » (Master)

OK, I'll propose an alternate tin-hat FUD attack here. Let's suppose that Microsoft lawyers have found a flaw in GPLv2, and the FSF knows about it, and is feverishly trying to fix the flaw. I don't believe that a flaw that would remove the copyleft exists, but perhaps there's some conflict with patent law, or the law of some country, that needs to be patched up. What must Microsoft do? It must send its agents out, to stir up fear of the FSF, so that they will refuse to allow their code to be licensed under a fixed version of the license. That way, GPLv3 and GPLv2 will be incompatible and the free software world splits in half.

But seriously: the "assign.future" document repeatedly signed by the FSF as a contract with many contributors states, in part (here the Program is the original program and the Works is whatever the developer contributes):

4. FSF agrees that all distribution of the Works, or of any work "based on the Works", or the Program as enhanced by the Works, that takes place under the control of FSF or its agents or successors, shall be on terms that explicitly and perpetually permit anyone possessing a copy of the work to which the terms apply, and possessing accurate notice of these terms, to redistribute copies of the work to anyone on the same terms. These terms shall not restrict which members of the public copies may be distributed to. These terms shall not require a member of the public to pay any royalty to FSF or to anyone else for any permitted use of the work they apply to, or to communicate with FSF or its agents or assignees in any way either when redistribution is performed or on any other occasion.
5. FSF agrees that any program "based on the Works" offered to the public by FSF or its agents or assignees shall be offered in the form of machine-readable source code, in addition to any other forms of FSF's choosing. However, FSF is free to choose at its convenience the media of distribution for machine-readable source code and may charge a fee of its choosing for copies.

These terms pretty much force the FSF to use a copyleft, as source has to be provided and all derivative works have to have the same terms.

Warranty issue, posted 10 Jun 2003 at 22:58 UTC by leviramsey » (Journeyer)

Even if the GPL is changed in some future version to remove the no warranty clauses, there are a few things that make that concern pointless.

First, all GPL licensed software is supposed to have a direct disclaimer of warranty in each source file, which would provide a disclaimer of warranty even if the license changes.

Second, if a downstream distributor chooses to license it under a GPL which lacks the warranty disclaimer, the distributor (not the author) is establishing the warranty. If anyone has a problem with the software, then they sue the distributor. The distributor could then try to sue the author, but would have a problem as the author licensed it to them explicitly without a warranty (assuming the author explicitly disclaims any warrany in the source files).

"similar in spirit", posted 10 Jun 2003 at 23:15 UTC by mbrubeck » (Journeyer)

You might argue that a GPL 3 that eliminates the guarantees of section 9 is not "similar in spirit to the present version." An essential part of the "spirit" of the GPL is the guarantee of future freedom and protection for the software. A license that opened a hole for future abuse would lack this most central feature, thus losing the original spirit (and violating the promise in section 9 of GPL 2).

Also, GPL 2 section 9 is a promise that the FSF has already made to recipients of their software and users of their licenses. They can stop making the promise in the future, but that doesn't give them the right to break the promise already made. It is the FSF's position that the offers and guarantees made by the GNU GPL are irrevocable.

A little story, posted 11 Jun 2003 at 08:26 UTC by tk » (Observer)

(well, I just figured out yet another problem with the "later versions" part...)

Imagine, if you will, a large (perhaps multi-continental) network, each of whose nodes act as a server for the Foo protocol, implemented as a daemon known as OpenFoo, the latest version of which is v2. A compromised node can potentially mean the compromise of the whole network.

As the implementor of OpenFoo, you were (rightly) worried that OpenFoo v2 contains exploitable holes, and you were concerned that it'd take a lot of effort to get all the network administrators in the world to upgrade to OpenFoo v3. In your infinite wisdom, you proclaimed, "Aha! I know! I'll include a facility which allows new versions of OpenFoo to be put into use automatically, so that the world can enjoy the benefits of bug fixes in the upcoming OpenFoo v3!" A user asked, "But what if v3 imposes extra restrictions on legitimate users?" You replied, "The facility will be such that OpenFoo v2 and v3 can co-exist side by side, so clients can choose which version of the OpenFoo server they want to talk to."

Upon hearing this announcement, the Evil Network Crackers Underground did chuckle with great glee, for it meant that they could choose which version of OpenFoo they wished to attack. Thus, even if an exploit present in v2 was fixed in v3, they could still attack by opting to interact with v2! Even better, if there are also holes present in v3 but not in v2, they'll have strictly more opportunities to compromise the Foo network!

An administrator of the Foo network also did hear your announcement; he was aware of the crackers' above thinking, and did hasten to persuade all the other sysadms not to use the new-fangled `upgrading' facility. Upon seeing this, you, the great OpenFoo implementor, were greatly angered. For by your own enlightened mind you knew you were enlightened, therefore everyone who disagreed with you must be wrong -- he must be either a troll, or a gullible idiot who was taken in by FUD sent out by the Evil Crackers' minions.

Thus started a Great Holy War between the OpenFoo implementor and the heretic administrator. The other administrators watched the war, and finally decided to switch to using the Bar protocol.

FUD, posted 11 Jun 2003 at 08:57 UTC by lkcl » (Master)

fud is different from sticking your head in the sand.

there is a significant difference between raising an issue via a Mass Marketing Machine specifically for the purpose of communicating doctrine to uninformed individuals who do not have the time nor the skill to refute "the doctrine", and between raising an issue specifically to a technically aware audience, most of whom have a personally invested interest in the issue at stake.

secondly, regarding the FSF's agreements between authors who have contracts between themselves and the authors, whilst i agree that this might be considered a protection of authors who do NOT have such an agreement, i would ask people who are making such a connection to put forward legal case histories or any law which explicitly states that contracts between two parties makes the first of those parties legally bound to adhere to their stated principles at the time if another (third) party happens to download a license agreement written by the first party and starts using it to protect their property.

god. what a horribly long sentence.

in that horribly long sentence, however, there may be a clue as to how to solve this problem: namely, that by downloading the GPL you automatically enter into a contract with the FSF that the FSF will uphold the principles it adheres to.

perhaps, also, the FSF should specifically enter into an agreement with the authors of key software critical to open source's future.

Here's the deal, posted 11 Jun 2003 at 22:49 UTC by jbuck » (Master)

In answer to lkcl's last message: The FSF has already specifically entered into an agreement with all those who have contributed code to glibc, GCC, the binutils, gdb, and many other vital utilities. As for your run-on sentence, please explain how a corrupt FSF could change the GPL to selectively screw only those who did not donate their code, given that the GPL applies to FSF code and non-FSF code alike.

I think that raising fears about some future possibility because of lack of trust of some organization is exactly what the term "FUD" was intended to cover when it was first coined.

As for tk's message: there are two ways that GPLv2 might find itself screwed: one is that it is interpreted not to permit something that we would want to permit, therefore GPLv3 would be more permissive (example: some conflict with patent law that might make someone's attempt to allow GPL code to freely implement a patent not to work). In this case, the dual license is no problem. The second way is that someone opens a loophole that lets people use GPLed software in an undesired way. In this case, switching to GPLv3 does not immediately fix the problem, but the enhancements to the program would be available only under GPLv3, so the hole would be closed for new programs, but not the original program.

Can we wind this up?, posted 12 Jun 2003 at 07:39 UTC by chalst » (Master)

I think that lkcl raised a genuine concern he had, which was shown by jbuck to be groundless. jbuck's information about the FSF contract with its copyright assignment was certainly news to me, and I guess to other advogatans so this thread did not lack value. I think it's not FUD, since lkcl's concern was genuine, and normally FUD is a cynical and aggressive ploy. Still, perhaps with these kind of articles it is best to test the issue first on recentlog.

Does this seem fair? Can we end this thread now?

questions answered, posted 13 Jun 2003 at 08:50 UTC by lkcl » (Master)

if the FSF does in fact enter into agreements with authors that release code under the GPL, as a totally separate issue from authors ASSIGNING code to the FSF (and entering into a different agreement which has nothing to do with the issue i am concerned about), then yes, my concerns have been addressed in full.

so as chalst hints at, maybe MORE authors who use the GPL should contact the FSF and ask them for an agreement to protect their software.

maybe that should be mentioned more prominently in the GPL "preamble" or README documentation.

etc.

yes chalst, in my mind, this thread has had its day.

to be exact, posted 13 Jun 2003 at 18:27 UTC by jbuck » (Master)

To lkcl: The FSF enters into agreements only with those authors who assign their copyright to the FSF, not to all authors who release code under the GPL. This contract establishes rights and obligations for both parties. Other than that, I'm fine with ending the thread.

&quoSame spirit&quo is quite strong, posted 14 Jun 2003 at 02:09 UTC by ber » (Master)

The promise to have subsequent versions being in the same spirit might be stronger than assumed in this thread. I'm not a lawyer and copyright and exploitation rights are a pretty complicated subject. Note that is is hard to absolutely agree to something that you don't know in the future. Restricting follow-up licenses to the "same spirit" actually makes that clause believable. If such a license would not keep the same spirit, you possibly could retroactivly make that law case arguing that you only agreed to give out our your work under a license in the same spirit. That is even more the case for countries with Droit d'auteur exploitation rights traditions (e.g. most of continental europe).

The principal ability to fix bugs in the licensing will be crutical for Free Software projects in the future... We usually call this legal maintainability. And it is quite disturbing that the famous kernel called Linux cannot be legally maintained in many respects.

Duh, posted 14 Jun 2003 at 04:16 UTC by tk » (Observer)

...since the anti-Linus FUD-mongers aren't keeping quiet ( :-B ), I feel compelled to continue...

I fail to see what problems can't be solved by getting authors to manually upgrade their license, and why this `automatic' upgrading scheme will never ever introduce any new problems. Sure, it's difficult to do with a work which has gone through several hands, but Linus has pulled it off before when he changed Linux's restrictive license to the GPL, and even though the situation is now more complex, there's really no good reason to believe that he can't accomplish the same thing again.

(One possible reason may be the evil agents from Microsoft cited by jbuck, who'll persuade people to expressly guard their code from license upgrading. Jeez... the entire free software community doesn't have enough gifted gabs to persuade the majority of Linux kernel developers, or at least the most significant developers, to switch to a sound license?)

And now for the problems with allowing future licenses into the picture. If a "decent lawyer" can verify that a new version of the GPL conforms to the FSF "spirit", then an "evil lawyer" can also verify that a new evil GPL conforms to the "spirit". And what do we do if the oh-so-good GPLv3 actually contains a new loophole that allows Microsoft to exploit all code?

As for copyright assignment to the FSF: I couldn't find the entire text of the legendary "assign.future" document, but the bits mentioned in this thread only say what the FSF promise to do if they distribute your software. Whether the FSF will distribute it, however, is another question...

Your reply needs a title. Go back and try again, posted 14 Jun 2003 at 20:06 UTC by yeupou » (Master)

tk, you "fail to see what problems can't be solved by getting authors to manually upgrade their license ". Simple example : the death of one contributor.

You said that "an "evil lawyer" can also verify that a new evil GPL conforms to the "spirit"". I would be happy to see this one demonstrating that this new evil GPL containing "a new loophole that allows Microsoft to exploit all code" conforms to the spirit.

Duh duh, posted 17 Jun 2003 at 08:01 UTC by tk » (Observer)

[yeupou] you "fail to see what problems can't be solved by getting authors to manually upgrade their license ". Simple example : the death of one contributor.

Well, there are also ways to exploit old GPL holes upon the death of a contributor, even if he included a "later versions" provision, and even if his code is subsequently modified by other (live) contributors.

You said that "an "evil lawyer" can also verify that a new evil GPL conforms to the "spirit"". I would be happy to see this one demonstrating that this new evil GPL containing "a new loophole that allows Microsoft to exploit all code" conforms to the spirit.

As an initial exercise, I'll present the start of an ideological translation of the essay "Freedom of Power?", supposedly a criticism of Microsoft's practices. Note that when Microsoft uses someone else's code, it's no longer a developer, but a user. A user should have maximum freedoms... right?

(Seriously, the essay makes an overly artificial distinction between developers and users. As Linus often says, users can be developers, and developers can be users. But the essay has been written, so we're screwed.)

badvogato will probably say at this point that this issue is like a game of Go, and we're really only at the very first move, trying to enumerate all possibilities. And I'll agree. I think at the end of the day, we'll need a full-blown legal battle to see just how useful (or useless) it can be to allow "later versions". (No, I don't mean SCO; SCO's just too lame to pose real threat to the GPL.)

muh, posted 17 Jun 2003 at 17:48 UTC by yeupou » (Master)

tk, you replied "Well, there are also ways to exploit old GPL holes upon the death of a contributor, even if he included a "later versions" provision, and even if his code is subsequently modified by other (live) contributors.". What's your point? I'm giving you a reason why the "or later" would be useful, not telling you that the "or later" resolve any issues.

You said also that "A user should have maximum freedoms... right?". Right, as long as these freedoms do not suppress freedom of others persons, users and developers. I do not see the point either.

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!

X
Share this page