Gplv2 violations are widespread, we need much much more enforcement and more copyleft software, and this could be a huge win. Free software's main purpose should not be to be proprietarized, too much of it now is a group effort among companies to more efficiently lure users to trade their freedom for functionality.
Not just nice, it would be a huge accomplishment. Imagine being able to resurrect (as in saving from a landfill) old tablets, phones and even smart TVs, or making new ones more usable and trustworthy by flashing a lighter OS that doesn't contain adware and spyware, and can be patched to solve bugs or implement new functions (including codecs) to give the product a longer life.
Hardware manufacturers would absolutely hate such a scenario, which is why I'm pessimistic about that.
I think you're overestimating developer ability/willingness. There's a lot of hardware out there which could in theory have third-party firmware built for it, but which hasn't because it's just too niche for anyone to have bothered, or because there's insufficient public documentation.
Most smart TVs, for example, fall into both categories. There are simply too many models for a third-party firmware effort to take off, and documentation on the hardware used in these TVs is usually nonexistent. (And the hardware is often already stretched to its limits on the stock firmware -- implementing "new functions, including codecs" is likely to be impossible.)
There are many models of smart TVs, but they reuse components and software a lot. I remember rooting my Samsung TV with a universal exploit that worked across something like several years of models.
I think you're underestimating the tenacity of hobbyists. Some people hack every device they own, then release the software they wrote to do so; it only takes one or two of these people to write the drivers for a few dozen devices, and then they all run Debian.
Isn’t that the idea of the “TiVoisation” clause in the GPLv3? Basically, TiVo released their Linux derivative code, but you couldn’t actually flash your version. The problem is that Linus is staunchly against the GPLv3
> The problem is that Linus is staunchly against the GPLv3
No he isn't. He is unable to relicense the kernel. Whenever he's interviewed on the subject it is always in relation to kernel development. He doesn't control the copyright on the entire codebase and there are too many contributors, some dead, for anyone to get copyright assignment sorted out.
You are right that he can't unilaterally relicense the kernel and that it will likely never happen, but Linus is in fact against the GPLv3, see debconf 14 Q&A: https://youtu.be/5PmHRSeA2c8?t=2840
At risk of making a gross oversimplification, sfconservancy seems to be pursuing the angle that GPLv2 _ALSO_ was intended to prevent tivoization. see e.g., https://sfconservancy.org/blog/2021/jul/23/tivoization-and-t... which refers heavily to pre-GPLv3 discussions about the topic.
"In GPL enforcement actions at the time, during our “complete, corresponding source (CCS) checks”, we verified that the source code was not only complete, but that it corresponded to the binaries on the vendors' devices, and that we could install modified versions of the software. This was a standard part of any check to verify GPLv2 compliance. Passing this check was required, then and now, by FSF and Conservancy before distribution rights are restored after a violation."
"That position was not controversial when I, along with then FSF counsel (Daniel Ravicher), taught it to lawyers in 2003 and 2004 on FSF's behalf. Nevertheless, today, many act as if this interpretation and intent of GPLv2§3¶2 is a recent and novel phenomena, rather than a long standing position held by all copyleft activists for at least 18 years. Today, most companies and lawyers argue (incorrectly, IMO) that users have no rights to reinstall their GPLv2'd software."
This would be an absolutely crazy outcome if this turned out to be a result.
I think Vizio (who I have no love for) would get a HUGE number of opens source folks behind them.
We need to look at what developers believed GPLv2 required and what it did not.
The whole Tivo issue came about because GPLv2 does NOT require that a developer ALSO make it so that others can use HARDWARE they create any way they want. Linus (who is a major GPLv2 user) also was clear, he wanted folks to have to share software, but didn't want or care what they did with it - they could put it in a car (that was locked down from modification), they could put it in a motor controller (also locked to manage duty cycles), they could put it in a pacemaker (also locked for regulatory and safety reasons).
> The whole Tivo issue came about because GPLv2 does NOT require that a developer ALSO make it so that others can use HARDWARE they create any way they want.
This also used to be my understanding, but it is simply wrong. If you read the article posted by GP, from the lawyer who actually pursued the FSF's case against TiVo, the facts are different. TiVo started by bot providing source code at all, and then had some limitations in their published scripts showing how to install modified sources onto their device. This part was remediated by TiVo during these discussions - TiVo devices then and now allow you to install and run any Linux you want on them.
The one thing they also do that angered Stallman and was clearly not prohibited by the GPLv2 is that TiVo's proprietary userspace software uses hardware support to check whether the running kernel is cryptographically signed by themselves, and refuses to start if it is not. The OSS keeps running and has full access to the hardware.
Its interesting to note that the GPLv3 allows what TiVo did too, even though RMS didn't want that. Also interesting OTOH is that the LGPL seems to imply that a combined proprietary+LGPL work should continue to work after replacing the LGPL part.
It’s not at all clear-cut to me. (IANAL.) If a cryptographic key is required, it’s not clear to me that that is either “source code” nor “script used to control compilation/installation”.
If you asked developers “is a certificate source code?”, I think most would say “No”. If you asked them “is a certificate a script?”, I think almost all would say “No”. If it’s not either of those things, I don’t know how the license terms (not the preamble) of GPLv2 would apply to prevent TiVo-isation.
Further, if it does apply, how has no one successfully sued TiVo over it?
What TiVo did (disabling proprietary software when GPL software was modified) is allowed by GPLv2 and GPLv3 according to Bradley Kuhn of Software Freedom Conservancy.
To me “our code can’t run on TiVos” is basically a political statement along the lines of “it can’t be used for evil, or for nuclear weapons” and so on.
It’s certainly an option to license it that way but I think GPL 3 was mostly a mistake.
The “script used to control compilation/installation” needs to actually work. If it can't work without a certificate, then it doesn't work without a certificate.
Isn't the problem that the code would work fine on a piece of hardware that doesn't perform the signature check, it's just you'd have to make that piece of hardware yourself?
This is apparently not how the license had historically been interpreted by everyone, at least before GPLv3 appeared.
The intended and historical interpretation seems to have been that as long as you're distributing a device running GPL software, you have to provide the source code for that GPL software along with working instructions about how to build, install and run those sources on the device.
This even goes back to the original motivation for creating the GPL in the first place: the desire to repair faulty software in a printer at MIT.
I have no idea if this provision has ever been tested in court.
Perma-locked bootloaders can be made illegal, if they prevent you, the owner of the device, from patching a security hole in your device. In essence, it's a backdoor mechanism installed by the vendor.
If they ship a complete and working OS that is free it should be considered free. This dogmatic all or nothing attitude is exactly why I ignore the FSF.
With your logic, I can create a small free software program, which automatically downloads some proprietary malware and you will call it all 'free as in freedom'.
> It's also unclear to me what the distinction is between this part of the criteria and the RYF certification.
Ya, you are confused.
The PureOS endorsement is about a distro you can download and put on a computer (the distro doesn't include a bios or related firmware).
RYF is about all the software that comes on a computer/device, and the website you use to buy it, it's much more expansive.
So, Purism's computers are not RYF certified, but they come with a distro that is fully free (the disto does not include some nonfree firmware that comes on Purism's computers).
And Microsoft said all GPL was a cancer and unamerican and viral and disallowed it from about 50k engineer's computers due to "legal risk of GPL virality", and this was when they were by far the biggest software company. Wait, they lied? It was all FUD and really about threatening their business model. They changed their policies and actually said publicly they were wrong. Is it so hard to believe?
The "scripts to control" clause as you say is in all versions of the GPL, exactly the same in GPLv3, and slightly different I presume in GPLv2. It has been tested in court, and its been found to not be expansive like the fud you are spreading.
> For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable.
So, basically, exactly what the article says, a big nothing. The plants thing is stupid, rms doesn't hate plants. Sarah Mei appears to have no special reason to hate rms, shes a well known person who is extremely negative about anyone in software who's said anything offensive, including Linus, etc.
Well...
An anonymous source, from the internet, which itself had heard of this only through another party.
Dismissing unreliable sources like that is a safe default, no?
