In the Q+A session after a recent talk by Alan Cox in Limerick, he was asked for his thoughts on GPLv3. Below is a transcript of his off-the-cuff reply, and then my comments.
His comments were quite positive. The only issue he raised was that draft 1’s wording for thwarting DRM was a bit heavy-handed. His concern might be fixed by Draft 2, which will be out any day now. Stallman has said that the DRM wording is being reworked for draft 2 and it’s being thinned down a bit since it has been decided that some bits in draft 1 are probably redundant.
The topic of the talk itself was software engineering process of free software development. The audio recording is interesting, and I’m glad I’ve found something I can point others to when this topic comes up: AlanCox_UL_20060513.ogg The talk was organised by University of Limerick Computer Society. Thanks to them for recording it and putting it online.
For more information about the draft GPLv3, and the ongoing year-long public consultation, the timeline, etc., see FSFE’s project page:
I had difficulty transcribing some bits. There are three words I can’t hear, which I marked "[inaudible]", and there could be other slight glitches. Any corrections, let me know.
What Alan Cox said
Audience member: What do you think about the talk about GPL 3? About Linus not going under it.
Alan Cox: Ahm, I understand why Linus feels that way, because one of the things that’s happened with the Linux kernel is the Linux kernel was released under a licence and that licence says there are some things you can do and some things you can’t do.
Not a perfect licence, there are people who push binaries of it, there are people who use it in entirely legal ways which most of the developers don’t like. There are Linux systems flying military equipment, and a lot of developers aren’t happy about it. But, that’s the way it goes.
The problem you’ve got though, all these people who’ve contributed to it, many individuals, companies, whatever have contributed to this project on the basis that they could use it under those terms. So, if you come along and say "This is the a licence, we’re changing the rules", all the stuff you’ve been contributing to it, and you have expectations, we are going to change the rules on you so you can’t – is a very hard thing to do. To some people it’s a very unfair thing to do.
When you get things like Digital Rights Management, you get into the question of: do the ends justify the means?
I think it’s something Linus is very concerned about is that he’s basically not breaking the trust. He doesn’t see himself, if you like, I think, as kind of the… how else can I put it … When people style him as sort of the "Chief dictator" but Linus in the project isn’t so much dictator overlord evil empire owner, as man in charge of a large number of things contributed by other people, so he’s custodian rather than dictator, so to speak, and that makes it very awkward to come along and say "Well, we’re going to the new version of the licence. Sorry Tivo, we love all the work you’ve given us in the kernel, but go away, goodbye". So, it is very hard, from that point of view.
I think it’s the ethical thing which are questions for the kernel, rather than, necessarily, the technical things about the change to new licences. And so I don’t entirely agree with Linus, but I understand where he’s coming from on the issue. If that makes any sense.
Audience member: What do you think about the Digital Rights Management stuff in the GPL 3 itself?
Alan Cox: Ehm, as the draft stands at the moment, it’s a bit heavy handed. I’d like to think there’s a more elegant way of solving the problem.
For one, it’s arguable that GPLv2 already covers it. It sufficiently vague to make lawyers nervous, rather than happy, to go and say "Oh yes, bang splat, we’ll win this one", but the GPL version 2 wording says, not just the program code, also all the scripts blah blah blah necessary, and there’s a distinct legal opinion that would include cryptographic keys in the case where you need it to digitally sign the binary that’s given to users.
So, the GPL 3, one way you could argue, it’s a clarification, but the way it deals with it, it’s a very heavy handed way of dealing with it. It talks about DRM on media and stuff, so not giving people, for example, GPL source code on an SD card – because that’s Digital Rights Management media – gets a bit silly if you take it to it’s extreme.
I mean, you don’t want a clause saying you can’t use media which has a patent on it. There goes the CD ROM, for example.
So, I’m very wary of that.
I think a lot of the other changes in GPLv3 are very good. Particularly, for example, where it’s clarifying graphical applications and the web. Because GPLv2 is really in the world of the command line. So it had things in it saying "if the program prints that it is GPL software, you may not remove that", but it didn’t have anything saying "if there’s an about box… you may not remove that", or "if the web page says… you may not remove that". So that’s being clarified. That kind of stuff I support. So I think those parts of the licence are a definite improvement.
But it’s only a draft. You still have an ongoing consultation and will do for quite some time yet. …and we’ll see how it evolves.
My (Ciaran O’Riordan‘s) comments
Below are four comments, mostly expanding on what Alan said. They’re not criticisms – it’s just a lot easier for me to give thorough answers here, now, than it is for him standing on stage.
The idea that some software developers don’t like their software being used for military purposes comes up every now and again. Here are some reasons on why nothing is added to the GPL about this:
- RMS on the Hacktivismo license that bans human-rights violations
- David Turner blogging on the topic
- RMS responding to this question at the 3rd GPLv3 conference
About the Tivo
About the Tivo. They won’t actually be told to "go away". They’ll be told to stop trying to use technical means to wiggle out of their obligations and to play by the same rules everyone else is playing by. They will probably not be happy with people being able to remove the spyware from their computers, and they won’t like people being able to add features (such as a work record button). So they might walk away.
Losing their contributions is not a big loss. The Linux kernel does not depend on them. It’s far more important to ensure that every other potential contributor knows that the deal is the same for everyone. The GPL has already been enforced to prevent another company which was doing something similar. GPLv3 makes the deal legally more solid.
Draft 1 is heavy handed
Draft 2 might please people who think draft 1 of GPLv3 is heavy handed in how it deals with Digital Restrictions Management. At FSFE’s recent GPLv3 conference in Barcelona, Stallman mentioned that some of the DRM clauses are probably redundant and will probably be reduced. GPLv3 will still protect user’s freedom from being taken away by DRM, but the licence wording is being lightened. Draft 2 is due out any day now.
"There goes CDs"
For two reasons, I think it was a bad choice of examples to say that not allowing the use of patented media would ban using CDs. First, GPLv3 doesn’t ban the use of patented media, and second, the anti-swpat movement wasn’t against the patents on physical things such as CDs. So it was completely unrelated, but using the example might be mistaken by some as a comment on something that is in or was considered for GPLv3.