Be sure to tag us and use #SFC !
- replies
- 3
- announces
- 8
- likes
- 9
I'm here and ready to answer all you have to ask about #SFC. Might be better if we do it in this thread so it doesn't pollute the timelines (hey, a Metaverse joke!)
@bkuhn @conservancy @karen @outreachy Hi #SFC! I'm catching up on recent fediverse discussions about the GPL and the right to install modified software. If I buy a device with GPLv2 firmware, does the license require that the manufacturer provide a way to load customized firmware? Often firmware loading will be protected (e.g. cryptographic signature) so I can't run customized firmware on the device even if the source code is available.
@conservancy @bkuhn @karen @outreachy Where should copyleft for software go after/beyond the AGPL? Are there nasty practices that the AGPL didn't anticipate, that a new license could address?
LLMs and generative AI come to mind. Do copyleft licenses have a place in dealing with the abusive practices of LLMs, or are software licenses the wrong tool?
This is a good question, & goes to the hard of common confusions about what #LGPLv2.1 & #GPLv2 require.
My essay here explains the history…
https://sfconservancy.org/blog/2021/jul/23/tivoization-and-the-gpl-right-to-install/
…about this matter.
What the GPLv2 requires is the software *under* GPLv2 has to be upgradable/installable, but breaking the proprietary applications is ok upon changing the underlying software is permitted; that's what TiVo did.
LPGLv2.1§6 requires that you can relink (either through replacing .so or statically) in place
@bkuhn @skyfaller @next "if you used this work as part of the training data for a generative AI model, any work generated from that model is covered by the terms of this license" :D
Yes, that's what I'm thinking about proposing. And also making it clearly a contractual obligation given that the copyright questions about LLMs won't be solved by the Courts for probably 15 years.
Cc: @skyfaller @next
@conservancy @bkuhn @karen @outreachy What level of barrier is considered acceptable for a vendor to put in front of requesting source code under a GPLv2 license?
e.g. we can all agree requiring an email to be sent is reasonable, and we can all agree that requiring a physical request form to be filled out in-person in Antarctica is unreasonable.
but... where is the line in the middle? Any guidelines or prior enforcement that I can use to show to vendors about what is and isn't acceptable?
As you noted, it's very much "it depends" situation. Keep in mind that an offer has to be valid to all third parties, even those who may not have bought the device. This is why you definitely need multiple fulfillment options & you need to make sure one doesn't *need* the Internet to make the request.
The offer for source option creates an ongoing complex fulfillment process. I've said for years that vendors should ship source with binaries.
Cc: @karen @conservancy
@bkuhn @karen @conservancy Interesting, thanks!
I'm currently facing a situation where a large vendor is actively spending hours per week in blocking me (like, literally me) from submitting form submissions to their source code fulfillment portal.
For context, I have sent over 5,000 requests (yes, the vendor has that many unique binaries and it appears). The vendor has fulfilled some of them (<100), though I'm not sure if it's because of me or others asking for those builds too.
@manouchehri If it's GPLv2 and/or LGPLv2.1 licensed stuff, you are a third party who has every right to submit as many requests you want. The offer has to be valid to you. Blocking you is making the offer invalid for you, so I think (absent any other details) they are violating those agreement(s). (Disclaimer: I am not a lawyer and #SFC is not a law firm.) Thanks for passing on the details to us so far and we will do our best to resolve this!
@ossguy @manouchehri
AFAIK, isn't the offer only for people who have received the binary from you?
That is, you could charge for getting the software, then your customer - and only your customer - can ask you for the source. But once they have it you can't prevent them from giving away the source in turn.
@jannem @manouchehri GPLv3 requires you be in possession of the GPLV3'd binaries to exercise an offer, but GPLv2 requires the distributor "to give any third party" the source code if the distributor elects to provide an offer for source code. (Disclaimer again: I am not a lawyer and #SFC is not a law firm.) If a third party has the GPLv2 offer (even if they don't have the binaries), they can request the source code.
Indeed, imposing such an obligation is probably something where Copyright cannot be relied upon (what exclusive rights are infringed upon when you use a set of mysterious numbers generated by analyzing observable patterns in the world to produce sequences of plausible tokens?).
But without Copyright you may not be able to achieve the result that you are pursuing?