Originally posted by WorBlux
View Post
Announcement
Collapse
No announcement yet.
FreeBSD Continues Work On Ridding Its Base Of GPL-Licensed Software
Collapse
X
-
-
Originally posted by trasz View Post
This is true about GPL2, but GPLv3 is a minefield. There's a good reason some companies introduced complete embargo on GPLv3.
Leave a comment:
-
Originally posted by WorBlux View PostGPL is a legal risk, yes. However it's not particularly hard to mitigate, and you can reasonably expect a fair bit of warning before it get to a lawsuit. If they don't like copyleft for thier own reasons, that's fine, but lets not pretend it's a legal landmine.
Leave a comment:
-
GPL is a legal risk, yes. However it's not particularly hard to mitigate, and you can reasonably expect a fair bit of warning before it get to a lawsuit. If they don't like copyleft for thier own reasons, that's fine, but lets not pretend it's a legal landmine.
Google's dalvik is basically a clone of the Java API, and it's the core of their android application platform. If it were GPL they could credit sun/oracle for the header file and write whatever re-implementation they wanted. Sun even included a linking exception for these headers, so that there's zero chance your third-party app developers would be sued. However Mr. Rubin just didn't like the GPL though he had no hope of actually replacing the kernel at the core of the system.
Maybe Oracle's claims on the API go too far, and the supreme court hasn't issued a final ruling on it yet. Personally I think that putting that claim an an API you held forth as a standard, and that borrowed heavily from prior open standards is pretty sketch, but that's neither here nor there as I don't own a black robe.
But let's imagine if the class-path headers had been Apache 2. Google could have just kept the header file with it's notices and licenses intact, linked against whatever re-implementation, deletion, or modification they wished, and license the result under a Googlecorp license. Certainly not a result that Sun or Oracle ever wanted.
Leave a comment:
-
Originally posted by WorBlux View Post
No, no, no, not even close. This wasn't a matter of one little driver. This was an absolutely massive violation... Busybox, the linux kernel the, GNU (C Library, Coreutils, Readline, Parted, Wget,Compiler Collection, Binutils, and Debugger) , and a good number of userspace utilities.
Then how did resident council not only allow a transfer of ownership twice without a proper audit, but also ignore notifications from the community for years? This was either a fuck-up for the record books, or it was the intentional decision of management that thought they could or should get away with blatant and extensive copyright violations.
If Java had been apache 2, Oracle v. Google would not have progressed as far as it did.
Leave a comment:
-
Originally posted by jabl View Post
As an example of what happened with the GPL, consider the Linksys WRT54G saga. Company A bought company B, which had bought some hardware from company C, which had outsourced the driver work for said hardware to company D
Now, lawyers and their ilk are paid to protect their clients,
The crucial difference, of course, is that Apache doesn't require a derivative work to be distributed under the same license, which is the big difference between permissive and copyleft licenses.Last edited by WorBlux; 20 January 2021, 11:21 AM.
Leave a comment:
-
Originally posted by WorBlux View PostGPL 2 doessn't talk about linking anywhere. And conceptually linking a farily easy calling something in another module by name. The real problem is the relation between linking and derivative work. Apache says linking alone should make something be considered a derivative work. Plain GPL (without the linking exemption) uses the full definition of derivative work in copyright law, which makes most cases of linking against GPL a derivative work.
As an example of what happened with the GPL, consider the Linksys WRT54G saga. Company A bought company B, which had bought some hardware from company C, which had outsourced the driver work for said hardware to company D. Now, company D had neglected to comply with the GPL, leading to company A being on the receiving end of a lawsuit. Now, lawyers and their ilk are paid to protect their clients, so it's quite clear that they advice against depending on GPL code unless there are no alternatives (the Linux kernel ecosystem being one of the relative few GPL bastions left where the advantages of the code outweigh the downside of the license (from the view of the corporate lawyers)).
Of course, for end users this turned out well in the end. We got the source code for the WRT54G wifi chips, kickstarting what eventually became the OpenWrt project.
Leave a comment:
-
Originally posted by anarki2 View Post
NFS (like most traditional Unix software) is a pile of garbage in terms of AuthN and AuthZ, regardless of the security of the transport channel. The octal permissions, sticky bit, "ACL" which is mostly just a gimmick and has no resemblence to actual ACLs, groups not being able to hold groups, and all the other ridiculous limitations dating back to the 80s or even 70s, it just blows my mind how the Unix world actually survived the 2000s Internet explosion until most AuthZ and AuthN stuff essentially moved from the OS to higher levels (in most of the cases, to webapps). Do you know how you can prevent a Docker user from gaining sudo rights? I tell you: no way. That's Docker AuthZ for ya.
So no, NFS having or lacking TLS support is the least of my concerns.
Leave a comment:
-
Originally posted by mdedetrich View Post
Use Apache 2 which contains a patent clause then. Most companies I work for that do open source work use Apache2 and also funnily enough every company I have worked for has avoided GPL (2 or higher) like the plague for their open source work, from what I gathered its a massive PITA for lawyers especially defining what "linking" means (among other things).
And I'm not one to say any particular license is the best in all cases. If the legal department says they like Apache 2 because there's less uncertainty, and that's what you use, it's still a OSS licence at the end of the day and makes better software and computing for everyone.
Leave a comment:
-
Originally posted by jabl View PostIIRC MongoDB switched from AGPL to their own SSPL because in their opinion AGPL didn't go far enough in protecting them against cloud service providers.
But yes, given SaaS etc, in some sense AGPL is more in the spirit of protecting the four freedoms than plain GPL. However, I wonder whether the FSF has the political capital to spend on a more rigorous GPLv4 considering already GPLv3 caused a massive schism in the community. Heck, even some GNU projects have refused to update to v3 due to fear of losing users (glibc is still LGPLv2.1).
something like SSPL should be the GNU GPLv4
to make sure something like the ASP loophole never happens again.
Leave a comment:
Leave a comment: