this post was submitted on 25 Jun 2023
100 points (100.0% liked)
Technology
37796 readers
23 users here now
A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.
Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.
Subcommunities on Beehaw:
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Most of their stuff is under the GPL. It's a GPL violation to not allow their customers to share the source. I'm guessing they'll reverse this decision (or selectively release everything they're obligated to) within a week.
I have to image that their fleet of attorneys would have thought of this before hand.
I was confused they didn't think of this either, but the language in the license is very clear. I see no way it cannot be infringing - the only way you can be restricted from redistributing GPLv3'd source is if you publish it incorrectly. If you override these rights in any way, you lose your license to distribute the GPLed software and it turns into piracy.
That's ignoring the variety of other OSS licenses used for software in their repositories, many of which have similar (or even broader) redistribution rights.
Relevant GPLv3 language:
Another excerpt from the GPLv3 that explicitly describes and disallows what Red Hat is doing - you are explicitly not allowed to add any restrictions when you redistribute GPLv3 licensed software:
....aaand an additional excerpt which disallows Red Hat's restrictions:
(note: "original licensors" is not Red Hat regarding any software other than their own. Red Hat cannot change or infringe upon rights received from upstream.)
and ANOTHER excerpt:
What if they technically allow redistribution, but terminate access to recieving updates for doing so? So you can distribute a copy of version N, but if you do so you will not recieve version N+1, and therefore will not be able to get source code for version N+1. Not sure if this is how it is in their contract though.
It could be argued that is also a restriction disallowed by the GPL (in my mind any terms that bring negative consequences for expressing your rights given by the license are restrictions), but at that point it's really beyond my expertise on this subject. I'm not sure if the GPLv3 even defines this at all - maybe Red Hat is banking on that ambiguity.
They might also be banking on GPLv3 contributors being unable/unwilling to take them to court. The Linux kernel is GPLv2, and its contributors are probably more of a legal threat than anything else in RHEL.
SF Conservancy analyzed this and found that it's probably legally OK, if very much on the edge of what's allowed. RH doesn't sue you for redistribution or anything, they 'just' terminate the contract and the GPL doesn't force anyone to deal with anyone. It's the same stupid model grsecurity applied some years ago.
But regardless of legality, morally, this is just completely and utterly wrong. I'm not totally surprised post-IBM Red Hat went in this direction, but I'm disappointed and angry anyway.
I find it interesting that even the conservancy can't really say whether or not it's OK legally definitively. Here's hoping someone still takes them to court over this, wins, and sets precedence that it's a violation of the GPL (extremely unlikely, but a guy can dream)
I remember people talking about potential scenarios very similar to this when Red Hat was acquired. They were right.
The problem here is not the source of the applications, but the source of the package build scripts - which in big parts are RedHat property.
RedHat must provide you the sources - but for that it is sufficient to give you the source of whatever is packaged. In the past commercial distributions just fulfilled that requirement by dumping source packages, which have the source as well as the scripts required to build binary packages. They do not have to provide you with the build scripts.
The problem with RedHat is that many companies certify their stuff to work on RedHat - so for that to work without running into the occasional obscure problem you need to build the sources the exact same way as RedHat is doing. That's what CentOS used to do until version 7, and that's what currently some other distributions are doing. Without the build scripts it'll be next to impossible to do that - you'd pretty much have to duplicate the RedHat engineering team. But it is completely legal, as they own the scripts, and since they're completely separate from the application itself don't have to be GPL.