Re: OpenChain Webinar #11 – Open Source Issues Remediation + Community Bridge and SPDX Online Tools + CII Best Practices – Full Recording

Jeremiah C. Foster <jfoster@...>

Hi OpenChainers!

Thanks Shane and everyone for the webinar. After reading the slides from the "Open Source Issues Remediation" I have a small nit to pick.

On slide 10 the author writes "the goal of the [GPL] v3 license is to prevent Tivoization". While that is clearly the goal of Section 6 of the GPL v3, that is not the goal of the entire license. The goal of the license, at least from what I understand from those who were involved in its creation, was to be more GPL-like. That means it is meant to be modified by the copyright holder just as source code licensed under the GPL v2 is meant to modified. This can create an extremely flexible license should the copyright holder need that. The GPLv3 also makes explicit some implicit elements of the previous versions of the GPL, like how to cure violations effectively and how software patents are treated. The overall goal was to make a better GPL license.

The author also writes "this [the GPLv3 anti-tivoization clause] is a problem, especially if the product is a consumer premises product." I would disagree with the idea that this is a "problem", the anti-tivoization clause actually is a solution to a host of problems where companies comply with the letter of the GPLv2 but prevent modification of a user's device through deliberate use of encryption or obfuscation. I don't think this comports with the spirit of the GPL family of licenses which is designed to give users control over the Free Software on their devices.

Lastly, there's no real notion of "premises" in the GPL though there certainly is a notion of a consumer product. A car might be an example of a consumer product that may contain GPLv3 source code but is not limited to "premises", thus the wording of the problem statement is somewhat misleading.



From: main@... <main@...> on behalf of Shane Coughlan <scoughlan@...>
Sent: Friday, September 11, 2020 6:11:41 AM
To: OpenChain Main
Subject: [openchain] OpenChain Webinar #11 – Open Source Issues Remediation + Community Bridge and SPDX Online Tools + CII Best Practices – Full Recording
*** THIS IS AN EXTERNAL EMAIL: Please do not reply, click on any links, or open any attachments unless you trust the sender and know that the content is safe. ***

In our biggest webinar to date, Jari Koivisto talked about Open Source Issues Remediation, Gary O’Neall talked about Community Bridge and SPDX Online Tools and David Wheeler talked about CII Best Practices (the project equivalent of the OpenChain standard). Check out the full recording and the slides below.

This e-mail and any attachment(s) are intended only for the recipient(s) named above and others who have been specifically authorized to receive them. They may contain confidential information. If you are not the intended recipient, please do not read this email or its attachment(s). Furthermore, you are hereby notified that any dissemination, distribution or copying of this e-mail and any attachment(s) is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender by replying to this e-mail and then delete this e-mail and any attachment(s) or copies thereof from your system. Thank you.

Join to automatically receive all group messages.