Linus Torvalds: Any CLA Is Fundamentally Broken 279
sfcrazy writes "The controversy over Canonical's Contributor License Agreement (CLA) has once again surfaced. While Matthew Garrett raises valid points about the flaws in Canonical's CLAs, Linus Torvalds says 'To be fair, people just like hating on Canonical. The FSF and Apache Foundation CLA's are pretty much equally broken. And they may not be broken because of any relicencing, but because the copyright assignment paperwork ends up basically killing the community. Basically, with a CLA, you don't get the kind of "long tail" that the kernel has of random drive-by patches. And since that's how lots of people try the waters, any CLA at all – changing the license or not – is fundamentally broken.'"
Spell it out the first time (Score:5, Insightful)
Re: (Score:3)
Thanks! And I could not agree more.
Re:Spell it out the first time (Score:5, Informative)
Re:Spell it out the first time (Score:5, Insightful)
Also, the Slashdot editors need to understand that when they don't spell out these acronyms the first time they use them, the first half of the comments section is going be discussing the lack of proper acronym definition and poor editorial skills instead of, you know, the actual article content. Just sayin'.
Re:Spell it out the first time (Score:5, Funny)
Because they hope your interest will fuel the very slightest bit of initiative, like the ~5 seconds it takes to Google it?
I tried Googling it. Google said it meant "Conjugated Linoleic Acid". According to the linked Wikipedia article, it is high in trans-fat, so it is a good thing that Linus doesn't care for the stuff.
Re:Spell it out the first time (Score:5, Insightful)
Because they hope your interest will fuel the very slightest bit of initiative, like the ~5 seconds it takes to Google it?
Just a guess, but it worked for me! No whinging here about such a trivial matter. I mean, if you are seeing this site anyway, you are definitely online...
That's a bullshit answer. It is standard practice in good writing to say what an acronym or abbreviation means the first time it's used. Afterwards using the shortened version is just fine.
Re:Spell it out the first time (Score:5, Funny)
I was wondering how much Linus knows about Conjugated Linoleic Acids.
Re: (Score:2)
Just what are you trying to imply here, something or other about programmers, sheep, and conjugal concerns? You've got a sick mind my friend, just plain sick.
Re: (Score:2)
I was wondering how much Linus knows about Conjugated Linoleic Acids.
Quite a bit, it seems. After all, he has been able to analyse the CLAs produced by several other sources and determined that they are broken. So he must know as much or more about them than the FSF and Apache biochemists who produced the Acids for those organisations... although why the FSF and Apache Foundation would need or want such materials is beyond me...
Re: (Score:3, Informative)
Knowing that "CLA" was sure to generate a rather broad result I searched for "Canonical CLA" and it's the first hit.
Re:Spell it out the first time (Score:5, Funny)
I guess CLA clearly doesn't stand for "Clear and Labeled Acronym"...
Re:Spell it out the first time (Score:4, Funny)
Re:Spell it out the first time (Score:5, Funny)
Complete
Loss
Altogether
google is worthless urban dictionary equally so, and it's not in the jargon file. this is classic slashdot, making up acronyms no one can figure out. wikipedia had the best page http://en.wikipedia.org/wiki/CLA [wikipedia.org]
but i can't figure out how a command line argument is related.
Re:Spell it out the first time (Score:5, Funny)
I'm pretty sure they were talking about Conjugated linoleic acid. After all, that is the number one hit in google.
Re:Spell it out the first time (Score:5, Funny)
I was going for Chlamydia, Lupus and AIDS, and then I remembered that House has been finished for a while.
Re:Spell it out the first time (Score:5, Funny)
Chlamydia, Lupus and AIDS
What are "better things than Dice's editing", Alex?
Re: (Score:3)
Chlamydia, Lupus and AIDS
What are "better things than Dice's editing", Alex?
Ooo...Maybe we should get Watson to replace the /. editors? Brilliant!
Re:Spell it out the first time (Score:4, Funny)
Ooo...Maybe we should get Watson to replace the /. editors? Brilliant!
If Watson's busy, I would settle for ELIZA.
Re:Spell it out the first time (Score:5, Funny)
Tell me about settle for ELIZA?
Re: (Score:2)
Truly, you have a dizzying intellect.
Re:Spell it out the first time (Score:5, Informative)
Re:Spell it out the first time (Score:5, Informative)
I used to expect a lot more from Slashdot, but now that none of the old-guard are left it's steadily and inexorably slipping in the same fashion that kuro5hin, The Register, and other tech sites have slipped.
In case you didn't know, there are holding companies buying up forums, news sites, aggregators, etc. At this point half-a-dozen automotive forums that I've used are now under one company, and that company milks the forums for advertising revenue without really policing the forums for abuse anymore. Since those forums lack a community-policing method like Slashdot and a few others there's very little to stop the race to the bottom as suddenly off-topic discussions, especially politics, come to pollute the original purpose with garbage that has nothing to do with cars.
These companies often don't advertise that they're in charge of so many forums, but some like The HAMB do. I encourage people to leave forums that head down this route, it's the only way to let these companies know that we don't appreciate what they're doing. Unfortunately that's probably a losing battle as there are a lot more users to replace those that walk away.
Re: (Score:2)
I used to expect a lot more from Slashdot, but now that none of the old-guard are left it's steadily and inexorably slipping in the same fashion that kuro5hin, The Register, and other tech sites have slipped. In case you didn't know, there are holding companies buying up forums, news sites, aggregators, etc. At this point half-a-dozen automotive forums that I've used are now under one company, and that company milks the forums for advertising revenue without really policing the forums for abuse anymore. Since those forums lack a community-policing method like Slashdot and a few others there's very little to stop the race to the bottom as suddenly off-topic discussions, especially politics, come to pollute the original purpose with garbage that has nothing to do with cars. These companies often don't advertise that they're in charge of so many forums, but some like The HAMB do. I encourage people to leave forums that head down this route, it's the only way to let these companies know that we don't appreciate what they're doing. Unfortunately that's probably a losing battle as there are a lot more users to replace those that walk away.
It's true, DICE knows how to kill a website. Hopefully someone will create an alternative that garners an interesting audience someday.
Memories....
Re: (Score:3)
Re:Spell it out the first time (Score:5, Insightful)
I used to expect a lot more from Slashdot, but now that none of the old-guard are left it's steadily and inexorably slipping in the same fashion that kuro5hin, The Register, and other tech sites have slipped.
The "old guard" editors didn't know how to do their jobs either. Note my user ID; I remember. I come here for the comments, not the articles.
Re:Spell it out the first time (Score:4, Insightful)
Re: (Score:3)
Amateurs at least have pride and self-respect.
Re:Spell it out the first time (Score:4)
Yeah, but the 3 digit IDs are suspect: you guys all caved instantly when taco insisted on cookies . . . some of us held out a while before caving. :)
hawk, who still blocks almost all cookies
Re:Spell it out the first time (Score:4, Funny)
Please, you four digit guys are so old that Alzheimer's is kicking in and you don't really remember what things used to be like. People with five digit ID's, OTOH, have been around a while yet are still young and sexy without a brain full of swiss cheese.
Re: (Score:2)
Yes; but back then it was because they were amateurs, doing this for a hobby.
yeah.. money ruins everything.
Re:Spell it out the first time (Score:5, Funny)
Seriously. I've been reading since 1999 (under different accounts) and trust me, the editing was definitely even worse back then. We used to have mis-spelled words, broken links, and sentences the cut off in the mi
Re: (Score:2)
Chips and Dips could be awful, but it was better than the alternatives.
Re: (Score:2)
there's very little to stop the race to the bottom as suddenly off-topic discussions, especially politics, come to pollute the original purpose with garbage that has nothing to do with cars.
Yeah, just like your horrible car analogy.
Re: (Score:3, Interesting)
And as sad as this is, there are lots of Youtube channels dedicated to geeky subjects that I sometimes learn things from before they appear on Slashdot or other sites.
For discussion, no idea what to say. It appears that you're stuck here.
Re: (Score:2)
And if Yahoo isn't for you, there is still always Usenet ;-)
Re: (Score:2)
Google Groups has all but destroyed Usenet unfortunately.
That said, I still tolerate it when reading a few groups.
As for the grandparent poster- A bunch of musician friends and I got fed up with Harmony Central and created our own private, invite-only forum where we discuss music and gear and perpetuate our own memes.
Re: (Score:2)
Dude, check out eternal-september.org. Full NNTP.
Re:Spell it out the first time (Score:5, Funny)
If you want news and articles, honestly Yahoo's News is not too bad.
And if you need personal or professional advise, there's no better place than Yahoo! Answers."
Re: (Score:2)
And if you need personal or professional advise, there's no better place than Yahoo! Answers.
+1 ROFLMAO
Re: (Score:2)
CIO and Datamation
Re: (Score:2)
Submissions also contain lots of link-bait to Phoronix or the verge.
Re: (Score:2)
Re: (Score:3)
It's not like it's ever been better. I don't think the editors have EVER read submissions. I mean seriously, complaining about that is like complaining that users don't read the article or the summary before commenting. It's always been like that, it always will, complaining about it wastes your time so don't bother.
And it's not like the editors read the comments either which makes the complaining totally pointless as well.
This is slashdot, there aren't editors (in the traditional sense), no one reads the a
Re: (Score:2)
So is this the abstract or the 1st draft?
Re: (Score:3)
Glad I'm not the only one who hadn't heard that one. I Googled it ASAP and got a page full of "Conjugated Linoleic Acid". Then, I went to TFA (Teach For America) and found the TLA (Title-Leading Acronym) PDQ.
Re:Spell it out the first time (Score:5, Informative)
Or mention the problem people have with the Canonical CLA in the first place, which according to TFA is the requirement that contributers sign an agreement that gives Canonical the right to relicense their contribution under a proprietary licence.
As can ANY of the major CLAs... (Score:5, Interesting)
Take a look at pretty much any major CLA out there.
I'll name three big ones: OpenJDK, FSF's for GNU, and Apache's.
ALL of them either directly assign the copyright of the contribution to the org, and thus, you lose any ability to control it whatsoever, or give the org the ability to relicense it explicitly.
This is intentional, and a GOOD thing, because it increases the flexibility of the project, including making it easier to defend rights in court. Frankly, have a project with multiple copyright assignment is impossible to manage from a legal standpoint, let alone one where you don't even know the real identity of a contribution's author.
The Linux kernel is stuck on the GNU v2 license for exactly this reason, and can never change. That's the fate of any such non-CLA'd Open Source project (other than something using Public Domain or the BSD license).
FYI: the FSF can (and has) relicensed code contributed to GNU projects under a proprietary license. (gcc and part of the toolchain)
Re:As can ANY of the major CLAs... (Score:5, Informative)
The Linux kernel is stuck on the GNU v2 license for exactly this reason, and can never change. That's the fate of any such non-CLA'd Open Source project (other than something using Public Domain or the BSD license).
Actually no, the Linux kernel is stuck on the GNU GPL v2 because Linus made that decision on purpose. The default GNU license allows for relicencing under any later version, but Linux removed that clause on purpose.
Here's his rant against GPLv3: https://lkml.org/lkml/2006/9/2... [lkml.org]
Re: (Score:3)
Yeah, I wonder just how many people I'd have to buy off at $100 million per head in order to get GPL 13: The final edition, Wherein I own everything, and you can all go suck eggs. Any later GPL versions are fraudulent. So nyeah.
I rather suspect that even Stallman might yield to such temptation, and if not I'm sure some tragic accident could be arranged. The question is only whether or not it's a cost effective way to get a massive codebase while simultaneously throwing a significant legal workload on eve
Re: (Score:2)
Actually no, the Linux kernel is stuck on the GNU GPL v2 because Linus made that decision on purpose. The default GNU license allows for relicencing under any later version, but Linux removed that clause on purpose.
[citation needed]
Later in the very email thread you linked to, he said:
"For example, in the GPLv3 discussions, I've seen more than one person claim that I've used a special magic version of the GPLv2 that doesn't have the "v2 or any later" clause. Again, those people don't have a _clue_ about what they are talking about."
Certainly the COPYING file at the top level of kernel.org's linux repository appears to include that clause. I didn't look in indvidual kernel tar files.
Re: (Score:2)
The 2nd paragraph of COPYING reads:
Also note that the only valid version of the GPL as far as the kernel is concerned is _this_ particular version of the license (ie v2, not v2.2 or v3.x or whatever), unless explicitly otherwise stated.
Since it is well known fact that Linux is GPLv2 only, what's your intent in denying that? Trolling?
Re: (Score:2)
Thanks, my kernel also says that ;)
The relevant "or later" clause from GPLv2 is Section 9, for those who are curious.
The point being, Linus could have allowed later versions of GPL. He explicitly decided to disallow them from the start, and has defended that position repeatedly.
FSF stipulates forever copyleft (Score:3)
Firstly, I'm not sure of examples where that's actually true, but it's at very least worth pointing out that the CLA that the FSF gives folks to sign (and FSF projects don't actually have to sign it, but they are encouraged to) stipulate that such code will always be available under a copyleft license---as Matthew Garrett points out in (one of) TFA. So regardless of any other
Re: (Score:3)
Yeah, I was trying to figure out what's wrong with Command Line Arguments.
Re: (Score:2)
Why doesn't the summary for articles like these spell out unfamiliar abbreviations such as "contributor license agreement"?
PSSH. Everyone knows this article is about the computer law association.
Re: (Score:2)
Re: (Score:2)
Why doesn't the summary for articles like these spell out unfamiliar abbreviations such as "contributor license agreement"?
You were expecting journalism majors to be editors of /. ??? ROFLMFAO
Re: (Score:2)
I read this summary just so I could see how many times the obscure acronym was used without definition. It met my expectations!
Wait, you care but didn't know? (Score:2)
Re:Wait, you care but didn't know? (Score:4, Insightful)
Re: (Score:2)
I had to Google it as well, and came up with: Certified Linux Administrator
Relevant, but still wrong.
CLA? (Score:2, Funny)
Canadian Lacrosse Association
Canadian Library Association
Caprivi Liberation Army
Carry Look-Ahead Adder
Causal layered analysis
Certified Legal Assistant
Cigarette Lighter Adapter
Civil Liberties Association
Communist League of America
Conjugated linoleic acid
Contributor License Agreement
Cuban Liberator Army
Re: (Score:2)
(censored to hopefully avoid tripping various workplace filters)
Re: (Score:2)
Who among us would want to remain anonymous? Especially on /.?
Full disclosure: we all know odds are I'm not one of us.
CLA (Score:5, Funny)
Yes of course, the CLA. I have long hated CLAs. CLAs are a problem and someone should do something about the CLAs.
Re: (Score:2)
CLA, CLA, CLA, CLAH.
CLA, CLA.
CLA CLA CLA.
After a while, if you say "CLA" enough, it begins to sound like it's not even really a word.
Oh, wait, it really isn't a word. Never mind.
Re: (Score:3, Funny)
CLAatu barada nikto.
'nuff said.
Re: (Score:3)
CLAs? I'm still angry about TLAs!
Re: (Score:2)
No, not CLA! CLA! [youtube.com]
Co-operation and Trust (Score:4, Insightful)
Free and Open source software are about working together to write software, its unquestionably good.
There are tens of billions of dollars worth of Libre code out there, with thousands of unpunished violators, and only 2 or 3 people in the world defending it.
And this "community" persistently rallies against working tegether Legally with CLA, i just dont understand, is it purely a trust thing ?
(And if you want to help defend Free Software, consider donating to the Software Freedom Conservency)
Re: (Score:2)
There are tens of billions of dollars worth of Libre code out there
It's only worth money if somebody is capitalizing it. Assigning any dollar value to 'Libre code' is dissonant. It's free, ergo .. it's not worth any amount of dollars.
That doesn't mean it doesn't have value. It just means that the value isn't a dollar value.
Re: (Score:2)
It's only worth money if somebody is capitalizing it.
Corporations do capitalise on Libre code.
You obviously took the red pill, come back when your ready.
Re: (Score:2, Troll)
First sentence in the linked post "Contributor License Agreements ("CLAs") are a mechanism for an upstream software developer to insist that contributors grant the upstream developer some additional set of rights." Contrary to your assumption I in fact did not know what CLA stood for in this context, so simply clicked the link to find out.
Yes they could have put that in the summary but sadly had they done that it seems there would have been next to no comments here. I'm sorry if you found some part - feel f
Contributions NOT wanted (Score:2)
The purpose of CLAs is to maintain the hegemony for the ruling clique; the very point of a CLA is to provide the entrenched bureaucrats with a publicly acceptable reason for shutting the door on those pesky newcomers.
Re: (Score:2)
Ummmm.... no. It's to provide a chain of provenance for all contributions that is defensible in court. Without that, it is often impractical to defend your code base against a legal attack.
Re: (Score:2)
It wouldn't be a "publicly acceptable reason" if it didn't have plausibility at a first glance.
The question, then, is if any of the reasons given actually have any merit, as opposed to mere plausibility. Which would require someone to come up with an example of when a CLA actually saved a project, or a lack of a CLA actually killed a project.
Re: (Score:2)
OK, so I guess you are a slow reader. The door is not being shut on you. Part of being welcomed into the house is not pissing on the carpet, and not skinning and grilling the kids' cat for lunch.
Re: (Score:2, Interesting)
OK, so I guess you are a slow reader. The door is not being shut on you.
The door to contributing the set of patches I prepared for gcc ~8 years ago now was firmly shut on me when the FSF insisted that they could not accept them without a signature from my employer, who didn't give a shit about free software, despite the fact that the legal situation is quite clear: my employer does not own code that I work on in my own time, with my own equipment, and which is entirely unrelated to their work.
Linus may be an asshole... (Score:3, Insightful)
But he's a wise asshole. Not cow-towing to the fail that is GPL 3 (kernel, git and subsurface.) Not climbing on the CLA bandwagon...
One day Linus will be gone and Linux will probably fall into the hands of license-mongering zealots. I'm glad I probably won't be around to suffer that.
Re: (Score:3)
But.. how does linus handle contributions to the kernel? Are they stuck forever at GPLv2 because that's what all they myriad patches were submitted under and it would be prohibitive to track down everyone who ever contributed in order to get permission to change should it turn out GPLv2 has some kind of heretofore undiscovered flaw, or should a much better license come along that every other project is using except the kernel?
Surely at some point you have to put trust in someone to do the right thing, and
For a noted pragmatist, Linus is dead wrong... (Score:3, Insightful)
Normally, I see Linus being pragmatic about things, but I have no idea why he's against CLAs.
Having a CLA (with some form of copyright assignment or "unlimited" sublicensing) is the ONLY way to run a flexible, long-term Open Source project.
The Linux kernel is the only substantial project that doesn't do this, and, frankly, can only get away with it because it's so critical. Even there, it's a pain, because (to pick a stellar example), Linux will NEVER be able to relicense itself under an improved GNU license. It's stuck FOREVER on the GNU v2 license. Which is hardly a good thing.
CLAs are a consequence of copyright, just like the licenses themselves are. They're necessary to allow a project to update the license, defend the entire codebase in court, keep track of ACTUAL authors, etc. If you don't have this, you have a toy project, one which ultimately will fail to succeed.
If you don't like CLAs, then use the BSD or Public Domain route, because they're the only licenses (or non-license) that avoids all the traps of copyright law. Otherwise, if you want copyleft of any sort, then you have to use a CLA.
Linus is basically complaining that having a driver's license is an obstacle to people just getting on the road and driving whenever they want. Sure, CLAs restrict the "fly by night" patcher. That's a feature not a bug. Sometimes, you do want to set the bar higher than the lowest common denominator. Naturally, some CLAs are worse than others, but the concept as a whole is sound.
-Erik
Re:For a noted pragmatist, Linus is dead wrong... (Score:5, Interesting)
On the contrary, Linux is quite right. Lots of long-term open source projects don't require copyright assignment and I'm not likely to work for any which do. The reason is quite simple: If I'm contributing my time and effort to a project, I don't want the project's code to get relicensed without my concent. If a company, such as Canonical, wants me to contribute then they should be prepared to let me keep copyright of my code so I can be assured it won't get tucked away in a closed source project.
The Linux kernel not getting relicensed under a newer form of the GPL is a feature, not a bug. Some companies which use Linux now wouldn't if it switched to the GPLv3 because the newer license isn't as friendly (or easy to read) as the old one.
Re: (Score:2, Insightful)
Not all projects have copyright assignment. In fact, the majority use "unlimited, non-revokable sublicense" concept. You retain your copyright, but give the project the flexibility to do what it needs to with your code.
By contributing, you're participating in the project, and ceding a portion of your influence as a cost of being a participant. Imaging if a project required UNANIMOUS consent of any contributor, ever, to make a license change. Or defend against a particular copyright suit, or similar. So,
Re: (Score:3, Interesting)
The Linux kernel not getting relicensed under a newer form of the GPL is a feature, not a bug.
Yeah, explain that to me in 10 years when some court rules that contributions under the GPL are illegal to distribute due to some legal deficiency in the license. Suddenly there is no linux kernel, because there is no way to switch to a newer license that does not have that attribute.
Sure, that might never happen, just as a firmware burned into a ROM might never need upgrading. However, if it does you're up the creek. The whole GPL2+ thing is about having an insurance policy.
Re:For a noted pragmatist, Linus is dead wrong... (Score:4, Insightful)
Yeah, explain that to me in 10 years when some court rules that contributions under the GPL are illegal to distribute due to some legal deficiency in the license.
Actually, it is much more likely that a CLA will be found to be unenforcable than the text of a well-established software license. In fact, CLAs requiring copyright assignment are probably void in large parts of the world, meaning you are back to square one.
Re:For a noted pragmatist, Linus is dead wrong... (Score:5, Interesting)
Normally, I see Linus being pragmatic about things, but I have no idea why he's against CLAs.
Linus doesn't like them because it's an extra barrier for people who might want to contribute to the code. The more barriers you have to contributors, the fewer will contribute. I can tell you that I fixed some bugs in Android, which I didn't contribute back, because the process was too painful (and that was before I realized there was a CLA; if I'd known that, I wouldn't have even tried).
Of course, there are benefits to CLAs, as you point out, and Eban Moglen points out other benefits. It's a matter of choosing what your priorities are. Linus favors the ease of contribution. He also considers the fact that Linux is stuck forever on GPLv2 to be a feature, not a problem.
Re: (Score:2, Interesting)
The Linux kernel is the only substantial project that doesn't do this, and, frankly, can only get away with it because it's so critical. Even there, it's a pain, because (to pick a stellar example), Linux will NEVER be able to relicense itself under an improved GNU license. It's stuck FOREVER on the GNU v2 license. Which is hardly a good thing.
...Says you. Because Linus says that's precisely one of its beauties.
If you don't like CLAs, then use the BSD or Public Domain route, because they're the only licenses (or non-license) that avoids all the traps of copyright law. Otherwise, if you want copyleft of any sort, then you have to use a CLA.
...Not having Linux under a CLA makes it easier to explain why he's sticking to a (good!) choice he did *over 20* years ago. No matter how hard you bitch, Linux will never be licensed under anything but GPLv2. And that's a feature.
Re: (Score:2)
It's stuck FOREVER on the GNU v2
And? GPL v2 is, in many ways, the license. Linus is like Steve Jobs. He reminds us that one man can, sometimes, outperform a whole team, uniting an entire army behind him. I digress. What's wrong with being stuck on GPL2? It's an amazing license.
Not true (Score:5, Informative)
Canonical-hate (Score:4, Informative)
Re: (Score:2)
Next thing you know, they'll actually _make_ you RTFA...
Re:WTF... (Score:4, Insightful)
Lack of trust.
This is what this is all about. Many people view Canonical as untrustwory for one reason or another. I could cite a whole litany. However, that's not the point.
Many people find reason to be suspicious of Canonical in a way that isn't comparable to anything regarding the FSF or Apache. It's not a remotely comparable situation.
As a general rule, CLAs originating from any corporation with the standard "fuck everyone else" style charter should be met with skepticism. They're not your friends. They probably aren't even your ally.
Re: (Score:3)
Re: (Score:2)
Cleaning, Lubrication & Adjustment? Canadian Lacrosse Association? Carry Look-Ahead Adder? Certified Legal Assistant? Cigarette Lighter Adapter? College of Liberal Arts? Communist League of America? Cuban Liberator Army?
Somebody help me out here
Number one Google result -- actually most of the first page's sorth -- is "Conjugated Linoleic Acid". Some kind of bodybuilding supplement also sold as an anti-cancer agent.
Wikipedia says the health claims are bunk, so Linus is probably right to oppose it.
LGPL prohibits tivoization (Score:2)
The only licences I like are LGPL, MIT, BSD, etc. So basically licenses that don't restrict me in any significant way.
What you say is true of MIT and BSD licenses as well as the GNU All-Permissive License. But LGPL is really just GPL with an exception allowing linking the covered work to a proprietary program in such a manner that the user can replace the covered work with a modified version. This permission is unacceptable on platforms that have a general policy not to execute code that the platform's gatekeeper has not approved or code that has been modified since the platform's gatekeep
LGPLv2.1 allows static linking: ship .o files (Score:2)
LGPL3 and GPL3 prevent tivoization. LGPL2.1 does not
What GPLv3 and LGPLv3 call "Installation Information" GPLv2 and LGPLv2.1 call "scripts used to control compilation and installation". LGPLv2.1 [gnu.org] does permit static linking of "the Library" (a covered work) with a proprietary program so long as the EULA does not rule out end user modification: "you may also combine or link a 'work that uses the Library' with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modi
Re: (Score:2)
You can rebuild the executable, that is all that matters. This does not mean they need to provide a means for you to install it on the device.
If the executable contains a valid signature, and they do not provide a means to add a valid signature, then they do not provide a means to rebuild the executable.
Re: (Score:2, Informative)
If the executable contains a valid signature, and they do not provide a means to add a valid signature, then they do not provide a means to rebuild the executable.
The signature is not required for rebuilding the executable, it is only required for installation and execution on a particular platform which the LGPLv2.1 does not specify is required. Your interpretation of the LGPLv2.1 is incorrect, that is the very reason for the additions to section 4 of the LGPLv3 [gnu.org] that specifically call out installation and execution of the executable:
and only to the extent that such information is necessary to install and execute a modified version of the Combined Work produced by r
Define "the executable" (Score:2)
The signature is not required for rebuilding the executable, it is only required for installation and execution on a particular platform which the LGPLv2.1 does not specify is required.
Then we differ on how "the executable" is defined. Some platforms sign an installation package containing the executable, some sign the executable itself, and some sign both. For example, under Windows, both the MSI installation package and the EXE inside it can carry an Authenticode signature. Rebuilding "the executable" would require signing it.
Re: (Score:2)
It is nothing to do with executing the code and that is precisely why Tivoization is a "problem" with the GPL v3.
Tivoization was specifically addressed in the GPL with v3, it is versions < v3 that don't address tivoization. But yes as you say installation and execution are the key elements added to v3 that prevent tivoization.