Torvalds Explains Dislike For GPLv3

Joe Barr writes "Linus Torvalds explains in three recent posts why he doesn't care for the DRM restrictions in GPLv3, and he has never been one to hold back. From his commentary: 'I _literally_ feel that we do not - as software developers - have the moral right to enforce our rules on hardware manufacturers. We are not crusaders, trying to force people to bow to our superior God. We are trying to show others that co-operation and openness works better.' NewsForge has the complete text of all three posts available." We discussed his initial reaction to GPL3 at the end of last month. NewsForge is a sister site to Slashdot.

"We"

[truthsearch]

By "we" is he referring to kernel developers? Because we all know RMS is a crusader trying to press his beliefs onto others. I think the creators of the GPL are trying to be much more influencial than Linus ever was. Linus mostly wants a great OS and community of developers. RMS wants complete reform (or removal) of IP laws. Different goals will get different reactions, and here's where they start to clash.

Re:The real question

[Lussarn]

FSFs arguments aren't really bad either. They just want you to be able to change the code which is under GPL in products. By wrapping GPL code in DRM and use DMCA to protect it there is legaly a whatertight hole to not let users change the GPL code in the products. This was probably not the intent of the author of said GPL code and thats why DRM is added in GPL v3. And why it's probably welcomed by most developers.

I suppose ....

[Lee_in_KC]

... RMS could always go looking for another kernel for his crusade.

Bravo Linus, for showing us that one need not have a GPL tatoo to enjoy the benefits of Linux.

Re:DRM is the antithesis of openness

[Zeinfeld]

Linus makes the point that trusted hardware is not DRM. He then says that trusted hardware could be used to enforce a creative commons license by saying 'this content can never be encrypted'.

I think that Linus is probably wrong there, if you have restrictions such as the one he suggests they would interfere with the types of creative commons use we assume today.

But trusted hardware is not very much good for copyright protection DRM in any case. That is break once run anywhere, just the same as the CSS scheme in DVDs

The real value of DRM is in implementing operating system features like 'check this machine does not have a trojan' or controlling circulation of private documents.

Torvalds is not a moral leader

[Anonymous Coward]

It would have been nice if Linus, being such a prominent figurehead in the community, would also be a moral leader. Sadly, it looks like this is not the case. His strengths are in programming and organization. This does not necessarily make him somebody to look towards for moral direction. This is not meant to put him down in any way. He should be praised for what he provides the community: technical leadership. But we should not look to him for moral leadership merely because of his technical skills.

The DRM clauses in the GPL3 are in the same spirit as the GPL2 requirements that require compilation tools to be included with the source when they are not commonly available. Most people may not be aware of that clause given that most source is distributed in commonly used programming languages.

From his comments, it appears that if Linus were starting to write the kernel today he would choose a BSD style license over the GPL. (Not a bad thing necessarily, but users of the license, while just as generous as those who use the GPL, do not care to protect their users from being taken advantage of in the future.)

Re:The real question

[plover]

If the code that you wrote under the GPL was digitally signed by a manufacturer and put in a "Trusted Platform" machine (let's say a router), the GPL (v2) clearly states that they must make your code available, along with any modifications to your code.

That's it. The GPL grants you the further rights to take that modified code and change it any way you like. But it does not grant you the right to install that modified software back on that same machine.

This is no different than if that manufacturer took your GPLed code and burned into a ROM or blew it onto an FPGA and then soldered it into the router. Just because you wrote it doesn't mean the manufacturer has to give you provisions to alter it on their machine.

The answer is purely economic -- don't buy a trusted platform based machine. Don't buy an OS that supports trusted platforms (Vista.) Don't allow friends, families or your business to buy trusted platform machines. If you're in a position to purchase hardware, get "no hardware enforcement of digital signatures" written as a requirement into your RFQs.

GPL v3 is not a business friendly license. It will restrict development unnecessarily, and drive manufacturers away from using GPLv3 code. Look at how well Linux has done in embedded devices (the slug as well as many other Linksys appliances.) These restrictions will likely drive those manufacturers to alternate sources of software, or limit them to only GPL v2 versions of the code.

Well said

[squoozer]

I thought, when I first heard that Linux wouldn't support GPLv3, that he was simply throwing his teddies out the pram at something that was even written yet. No I hear his reasoning though it sounds like a very good call. GPLv3 sounds like it is loosing sight of what it really set out to achieve. OSS has reached a point where a lot of tech companies are seriously considering using it if not actually already using it. I can't help feeling that the power might have got to RMSs head a little. I'm not a big fan of Linus in particular but he does do a fairly good job of "keeping it real" something that people in powerful of infulental positions seem to lose sight of.

Re:DRM is the antithesis of openness

[Hell O'World]

but in order for the market to work and content to move into the digital age and away from physical media, there has to be DRM

I have always had such a strong reaction against DRM that any future with DRM has always seemed distopian to me. I tend to think that eventually the entire concept will be discredited, because customers will choose with their dollars products that can be played on all their devices, and artist will choose to ally themselves their customers. It is just a matter of people seeing what the geeks already know; that there is power in not getting locked into a single system.
However, there are such strong interests fighting for DRM, that I also admit that it's possible that in the end, that the future will require some sort of DRM. But if I am to concede that possibility, it then becomes clear to me that new laws are needed, protecting the user's rights. If copyright holders are to be allowed to use a technical solution for protecting against unfair use, then they must be prevented from hindering fair use.
 
there should be provisions for expiration of DRM concurrent with copyright and whatnot, but there is nothing wrong with reasonable use of DRM for protecting intellectual property in a manner consistent with appropriate precedents and law.

I agree with this, but there is a lot of hand waving in that "and whatnot." Society has a lot of work to do hammering out exactly where the boundaries between fair and unfair are. It's not even clear to me that a fair technical solution is possible. How would software know your intentions when you copy that file? Are you just making a backup for your own use, or are you going to sell it?

Why would they have to give away their keys?

[radarsat1]

Okay, call me dense, but I really fail to understand why he thinks the GPLv3 is forcing people to give out their private keys??

Perhaps I'm misunderstanding something, but I was under the impression that GPLv3 says that "source code must be made available, including any encryption keys required to get it". Doesn't this just mean that any encrypted information needed to get the system running need be provided? How does this imply that people need to give away the keys they used to SIGN the code? Authenticating the code has nothing to do with its availability.

I don't understand why Linus seems to be confusing digital signing with DRM.. (yes, DRM uses digital signing techniques for implementation, but that doesn't imply that digital signing IS a form of DRM... only that DRM is a form of digital signing..)

- confused.

He is right but...

[slo_learner]

We need someone to figure out how to get around the chip fab barrier. None of us hobbiests can build a fab plant, so there is the possiblility that chip producers will get together one day and essentially destroy the ability of OS software to run on newer hardware. In this scenario, the elite, the privy to secret hardware handshakes could continue to modify and release code that no one else could modify because only they have the secret keys to the hardware.

This might require a larger conspiracy than some of us are comfortable with, but consider the track record of the US government over the past 6 years, and get comfortable with conspiracy.

One doesn't even require a tinfoil hat to imagine that this will happen and is happening in certain segments of the hardware market. Although porting to another platform is facillitated by having source, what happens when some of the key logic is hard coded inside proprietary hardware?

I just hope that hardware doesn't become the achilles heel of OSS.

Re:DRM is the antithesis of openness

[AdamWeeden]

What you're arguing though is that the concept is prudent, but the implementation is rife with abuse, and thus the concept should be abandoned. This is the same argument the RIAA used against file sharing.

DRM is not inherently evil

[Chris Snook]

Some police departments are using DRM in cameras to prove that photographic evidence has not been tampered with. This is just one of many, many examples people benefit from limiting the capabilities of the user. If you've ever worked in IT, you know how dangerous users can be. Imagine never having to remove gator from someone's computer again, while still giving them privileges to manage their own system.

An anti-DRM software license is just as stupid as RMS deliberately making su insecure because he was mad that he couldn't root a box.

Re:The real question

[Anonymous Coward]

"The GPL grants you the further rights to take that modified code and change it any way you like. But it does not grant you the right to install that modified software back on that same machine."

Correct, that's covered by basic property rights. I own my machine, it's property. Nice attempt to impose the fantasy concepts inherent in IP back into meatworld BTW.

Re:DRM *can* be good

[coofercat]

Someone more legally minded than me may shoot me down for this, but I understand that Linus' comments about Redhat are a misunderstanding of the GPL3. From TFA:

Notice how the current GPLv3 draft pretty clearly says that Red Hat would have to distribute their private keys so that anybody sign their own versions of the modules they recompile, in order to re-create their own versions of the signed binaries that Red Hat creates. That's INSANE.

This is not what the GPL3 says at all. It says you must distribute keys IF your code won't work without them. In the Redhat case, that's not true at all - you can download and install unsigned (or third party signed) code all you want. Redhat signs stuff so you can be sure it came from Redhat and not Fred in His Shed - that is ALL.

From TFL:
Complete Corresponding Source Code also includes any encryption or authorization codes necessary to install and/or execute the source code of the work, perhaps modified by you, in the recommended or principal context of use, such that its functioning in all circumstances is identical to that of the work, except as altered by your modifications. It also includes any decryption codes necessary to access or unseal the work's output.

The GPL3 does not try to take code-signing capability away from anyone. It states that you must give away keys if it's impossible to make a working program without them. I'll give an example:

Say there's a crypto program that uses modules, and is not open source. If you write modules, they have to be signed by one of a series of keys before the program will use the module.

If you tried to release a GPL3 module for this product, you would have to also put your keys with it because without the keys, a third party cannot produce a working module.

The GPL3 really says that if you're using DRM, you have to let other people use it too. There's a double-edged sword here: At the moment, you could release your (non-working) module as GPL2. Of course, it's useless, except for anyone else who has the keys. It's unlikely the owner of the crypto program would release keys for anyone to use (and so distribute) as that (as stated by Linus) makes the use of DRM pointless. In short, you're unlikely to be able to use the GPL3 for such situations.

My personal view (as if it matters) is that the GPL3 will fail because (a) people don't understand it and (b) no commercial vendor is likely to use it if they have to give everything away to do it. Using GPL2 + secret keys means you get all the benefits of open source, without giving away your competitive edge.

Of course, GPL3 might gain ground because version 3's got to be better than version 2, right?

God bless Torvalds

[Hosiah]

He's so level-headed in a field of holy-men-with-a-mission-from-$DIETY as far as the eye can see. I may not always agree 100%, but it's well worth it just to hear him point out from time to time that we do not, in fact, have to commit ourselves to Jihad.

Re:He's right on the money

[Anonymous Coward]

Version 2 of the GPL only forces people to not abuse your kindness.

Companies are starting to build computers that only run binaries "signed" by them... in that sort of world, Free software is meaningless. All the GPL v3 says is that you cannot take GPL v3 code, and force others to only run *signed* binaries of that compiled code. They must have the freedom to modify the code and still run it for the original purpose.

Torvalds is just spouting the bullshit told to him by him paymasters at OSDL -- IBM, HP -- who are all slavering at the prospect of completely locking down computers and ensuring that they control what kernel is run and what it does. With GPL v2... they can do that. Torvalds started out by claiming some nonsense about mot revealing "his" private key... now he's suddenly trying to claim the high ground in a freedom argument by making a free set of nonsensical claims.

Re:He's right on the money

[NichG]

Personally, the main thing I ask out of the GPL and other OSS licenses is simply to prevent others from taking that code and making it illegal for me to distribute it and binaries generated from it (or modifications of it). As long as distribution, reverse engineering, etc aren't illegal, I don't see the GPL as being nearly as necessary as it is today. Actually forcing the person to distribute the source and binary together is an added effect, but it's largely secondary in my eyes to simply keeping actions involving the code and program from being contraband.

DRM essentially threatens the most important part of the GPL (in my eyes that is) without harming the weaker part. Now the binaries can be distributed but you can't run them if you don't have the user-specific key to unlock the DRM around the binaries. On the other hand, if it were legal to circumvent DRM, I hardly think that any such methods would prove practically effective. So I'm game for taking my chances in a world where someone can't use a license to levy legal threat against me using the information I have access to any way I want, even if it means I can't use a license to prevent people from obfuscating that information and making it harder for me to actually use it as I'd like.

Re:The real question

[Frank T. Lofaro Jr.]

The content and control cartels attacked us with the DMCA, making it illegal to exercise our rights to use and modify our hardware and software as we see fit.

We must fight back - if you are in a fight, are being attacked, and don't fight back, you will lose.

The GPL v3 fights back - it is illegal to use GPL code in a product where it would be illegal for one to replace that GPL code with a modification.

The GPL v3 only makes it illegal to have DRM because it is illegal to bypass DRM.

Without the DMCA, these provisions would have never come about in GPL v3. If people could bypass DRM without breaking the law, people would use code to circumvent code. You can't use code to circumvent law (or code protected by law) or you are breaking the law. Therefore we use law to circumvent law - stop them from using the DMCA and our code at the same time - they can't use our code against us and make it illegal for us to use and modify our code as we see fit.

DRM and the GPL v3 may not be incompatible 100%, I believe the language says it can not be part of an "effective protection" system under the DMCA. If the GPL allowed use of DRM, but only on condition that such DRM would not be illegal to circumvent under the DMCA (e.g. the DRM writer automatically gives a license where any circumvention is authorized with respect to the DMCA) there would be no argument one could make against that. Breakig such DRM and infringing copyright would still be a copyright infringement.

Re:The real question

[AJWM]

This reminds me of a story from the British reign in India, when the Brits were trying to put a stop to the local practise of suttee, burning a widow on her husband's funeral pyre.

Some locals complained that this was part of a deeply held religious belief and long tradition, and the Brits had no right to interfere.

"Not at all", the local governor said. "You believe that it is alright to burn a woman on her husbands funeral pyre. Very well. It is our belief that anyone who tries to burn a woman alive should be hung from the neck until dead. You follow your beliefs, and we'll follow ours."

Re:The real question

[rjstanford]

So in essence, some hardware manufacturers have discovered a loophole. And so the GPL is been modified to compensate for this.

Well, what if someone makes a piece of hardware that runs on GPLed software, and has that software burnt into write-once memory? Admittedly, most people prefer to be able to reflash their firmware, but what if for reasons of budget, simplicity, et cetera, they decided not to? That would potentially include a lot of low-end devices.

Even with GPLv3 there's no guarantee that modifications you make to the software that comes with your device will run on that particular device. What it does guarantee (although so does GPLv2) is that you can take their code, modify it (or not), and use it in your own device, selling it as a competitor if you so choose. But nothing in v3 supports this any more than v2 did.

Re:Oh yeah, Stallman is a real tyrant...

[marcosdumay]

That may be news for you, but Linux is used by the corporate world because it is good. And it is good because it has a very big and active community. And it has a very big and active community because it can't be taken away.

If easy to take away where why companies are using Linux, they would already be using a BSD.

DRM concept is false idea itself

[Maljin Jolt]

Whole DRM concept is seriously flawed and cannot work in reality but in limited way only. Here are my points:

- In cybernetics theory, there is no mathematical distinction between hardware and software. Hardware has theoretical base in abstract automatons while software in algorithms, but cybernetics shows those two are mathematically equivalent. Whatever algo you can design in hardware (logic gates, for example) you can implement in software and vice versa. Also in theory, there is no distinction between data and program as well.

- Most non-cs people intuitively accept hardware as something static, and software+data as something volatile, and DRM is a try to declare software+data static by binding it to hardware. This is fundamental error of the DRM, because hardware could be not as "static" as it is expected to be. So, DRM concept does not respect laws of mathematics which makes it false.

- Algorithm cannot decide if it runs as a part of some "bigger" algorithm. First emulator of specific DRM hardware will make the specific hardware obsolete.

Example for dummies:

Imagine your computer is DRMed totally to the stage you can only use a word processor with limited scripting of your own documents, and email to send your documents around. But you can create an universal computing platform even on top of that:
- let the document represent a "memory" for virtual computer (line==instruction, use hex or keep the stuff human readable or both)
- write some virtual instructions as a document script functions
You can code an 8-bit platform such way in a week or two, capable of running some ancient 8-bit operating system such as Newdos-80 or CP/M at the speed comparable with those of 70'-80' computers. Or you can code something like forth or lisp even quicker, in days.
- Process your data such as sound or pictures on that platform. Use other word documents as a filesystem.
- use email transport as a low level network layer, implementing some simple protocols over it, treating an email message as a "packet".

Now you have a free as in uncontrolled platform at your hands.

sure, he doesn't "feel" like it

[Anonymous Coward]

but he sure takes advantage of the fact that other people DO think it's important and have done work to make it so he can do what he does with some sort of freedom.

Torvalds is a big fat hypocrite on this issue. He can stick his head in the sand like an ostrich and try to play make believe that these political issues don't exist, but he's WRONG, just like he was wrong with bit keeper originally. The ONLY reason he can sit around on his ass and get paid to code open source now is PRECISELY because a lot of people spent a lot of effort making sure THE CONCEPT of open source existed in the first place. If it wasn't for people going way out of their way to fight the political battles he minimizes and downplays, he'd be an unknown coding drone in a cubicle someplace eating boss crap sandwiches and licking legal boots and liking it.

As for the big corporations, it has been proven that freedom and open source doesn't need them, THAT is what is revolutionary about it, UNLESS the entire idea becomes illegal, which is precisely what DRM, trusted this or that, DMCA and patents are all about.

You either get it, or you don't get it, and screw the corporations. there's enough of them out there that get it, they will prosper long term, the ones that seek to restrict and weasel their way around freedom will find themselves on the outside looking in holding on to their pathetic offerings going ME ME ME ALL MINE like a schoolyard bully when finally no one will play with him because it's "his" ball.

Re:DRM is the antithesis of openness

[Zeinfeld]

So why is the only DRM that we ever hear about that which 'protects' entertainment media distributed by the large corporations?

Because very few people actually bother to find out what is really going on.

When Brian LaMacchia gave a talk on Palladium at MIT RMS didn't bother to show up till late, then at the end gave a long harangue that demonstrated only that he had not listened to a single word of the talk.

Trusted computing is not a very good copyright enforcement mechanism, it is as good as anything else that is going to be around and that is going to probably allow computers to do the same sort of stuff that dedicated media devices are allowed to play etc.

Trusted computing is a much better solution for the problem 'how can I know that this machine has not been tampered with', in other words to answer the Thomson paradox.

Re:DRM is the antithesis of openness

[Lussarn]

This is the same argument the RIAA used against file sharing.

Companies aren't citizens. They shouldn't be treated in the same ways and shouldn't be compared by the same standards. So my argumentation isn't like RIAA suing filesharers.