Re: OpenChain Webinar #11 - Open Source Issues Remediation + Community Bridge and SPDX Online Tools + CII Best Practices - Full Recording
Jeremiah C. Foster <jfoster@...>
Thanks McCoy.
I suppose I oughtn't have said "there's no real notion of "premises" in the GPL", perhaps that was too broad a statement. I still think it is largely true
as the example you've included seems to be referring to attributes that indicate a "consumer product" even if it has commercial uses or is installed via a licensed professional. It's my assumption that this type of attribute is meant to demonstrate that a
smart thermostat running GNU/Linux (for example) still has to comply with the GPL even if it is installed in an office by an electrician. From GPLv3; "A product is a consumer product regardless of whether the product has substantial commercial, industrial
or non-consumer uses, unless such uses represent the only significant mode of use of the product."
At the risk of beating a dead horse I think that "premises" is alluding to the bit of popular jargon "on-prem" which I take to mean an on premises installation of a server or a SaaS product. If that's the case it can potentially be confusing for those who
don't have a clear picture of the GPL's notion of "distribution". If you're created a "derived work" with the GPL it doesn't matter which premises it runs at, rather it matters how you've distributed it. It's a rather small point but it is mine and a I made
it. 😊
Regards,
Jeremiah From: main@... <main@...> on behalf of McCoy Smith <mccoy@...>
Sent: Friday, September 11, 2020 1:37:52 PM To: main@... Subject: Re: [openchain] OpenChain Webinar #11 - Open Source Issues Remediation + Community Bridge and SPDX Online Tools + CII Best Practices - Full Recording
*** THIS IS AN EXTERNAL EMAIL: Please do not reply, click on any links, or open any attachments unless you trust the sender and know that the content is safe. ***
Well, there is this: “A “User Product” is either (1) a “consumer product”, which means any tangible personal property which is normally used for personal, family, or household purposes, or (2) *anything designed or sold for incorporation into a dwelling.*” I don’t think that’s what the author meant by the language you quote below about “consumer premises.” [I haven’t looked at the slides]
FWIW, the language above was adapted from the Magnuson-Moss warranty act from the USA: https://www.law.cornell.edu/uscode/text/15/2301
Andy Wilson and I did a preso, quite some time ago, about the Installation Information requirement and how one should think about compliance with it, which I have posted to my website for those who really want to delve into this little-remarked upon provision. Bradley Kuhn also did a preso about it for the Linux Foundation more recently: https://events19.linuxfoundation.org/wp-content/uploads/2017/11/Safely-Copylefted-Cars-Reexamining-GPLv3-Installation-Information-Requirements-ALS-Bradley-Kuhn-Behan-Webster-1.pdf directed to the automotive industry
https://www.lexpan.law/post/gplv3-s-installation-information-requirement
From: main@... <main@...>
On Behalf Of Jeremiah C. Foster
Hi OpenChainers!
Thanks Shane and everyone for the webinar. After reading the slides from the "Open Source Issues Remediation" I have a small nit to pick.
On slide 10 the author writes "the goal of the [GPL] v3 license is to prevent Tivoization". While that is clearly the goal of Section 6 of the GPL v3, that is not the goal of the entire license. The goal of the license, at least from what I understand from those who were involved in its creation, was to be more GPL-like. That means it is meant to be modified by the copyright holder just as source code licensed under the GPL v2 is meant to modified. This can create an extremely flexible license should the copyright holder need that. The GPLv3 also makes explicit some implicit elements of the previous versions of the GPL, like how to cure violations effectively and how software patents are treated. The overall goal was to make a better GPL license.
The author also writes "this [the GPLv3 anti-tivoization clause] is a problem, especially if the product is a consumer premises product." I would disagree with the idea that this is a "problem", the anti-tivoization clause actually is a solution to a host of problems where companies comply with the letter of the GPLv2 but prevent modification of a user's device through deliberate use of encryption or obfuscation. I don't think this comports with the spirit of the GPL family of licenses which is designed to give users control over the Free Software on their devices.
Lastly, there's no real notion of "premises" in the GPL though there certainly is a notion of a consumer product. A car might be an example of a consumer product that may contain GPLv3 source code but is not limited to "premises", thus the wording of the problem statement is somewhat misleading.
Regards,
From:
main@... <main@...> on behalf of Shane Coughlan <scoughlan@...>
*** THIS IS AN EXTERNAL EMAIL: Please do not reply, click on any links, or open any attachments unless you trust the sender and know that the content is safe. ***
This e-mail and any attachment(s) are intended only for the recipient(s) named above and others who have been specifically authorized to receive them. They may contain confidential information. If you are not the intended recipient, please do not read this email or its attachment(s). Furthermore, you are hereby notified that any dissemination, distribution or copying of this e-mail and any attachment(s) is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender by replying to this e-mail and then delete this e-mail and any attachment(s) or copies thereof from your system. Thank you.
|
|