[U-Boot] U-book and GPLv3?
Wolfgang Denk
wd at denx.de
Mon Jul 6 12:55:26 CEST 2009
Dear Richard,
In message <E1MHHUe-00046l-SR at fencepost.gnu.org> you wrote:
>
> Have you considered moving U-boot to "GPLv3-or-later"?
I apologize for the late reply, but I have been on vacation and
completely offline for more than two weeks. But as I saw you got well
involved in the discussion on the U-Boot mailing list that resulted
from my forwarding your question to the list, trying to get an
understanding what the U-Boot community is thinking.
Now about your question: yes, I have considered moving U-boot to
GPLv3. I have to admit that I don't understand all the consequences
of GPLv3 yet; I am not a lawyer, and it took me long enough to get a
somewhat thorough understanding of what GPLv2 means - the basic
ideas, it's application in real live including it's interpretation by
layers in different (US and German) legal systems, and some of it's
deficiencies. It will take me some time to get equally familiar with
GPLv3. Fact is, that I don't like the idea that somebody can take the
code I've been developing as Free Software for the last 9 years and
use it in a device in such a way that I cannot modify my own code any
more even when the vendor strictly complies with the license (GPLv2).
This fact alone is reason enough for me to strive for moving U-Boot
to a license that prevents such usage models - i. e. going GPLv3.
But let's first have a little look at the discussion of this topic on
the U-Boot mailing list - it must be one of the longest threads we
ever had:
Discussion on U-Boot Mailing list
from: Thu, 18 Jun 2009 16:51:28 CEST
through: Sun, 5 Jul 2009 12:14:18 CEST
= 17 days
References:
http://thread.gmane.org/gmane.comp.boot-loaders.u-boot/61801
http://lists.denx.de/pipermail/u-boot/2009-June/054540.html
Total postings:
(including initial posting): 143
Number of different posters
(including initial posting): 21
Current number of subscribers: 1712
Posters, Number of Postings, Percentage, and Total:
------------------------------------------------------
Richard Stallman : 32 = 22.4% [ 22.4%]
Detlev Zundel : 24 = 16.8% [ 39.2%]
Mike Frysinger : 23 = 16.1% [ 55.2%]
Robin Getz : 10 = 7.0% [ 62.2%]
ksi at koi8.net : 7 = 4.9% [ 67.1%]
Thomas Doerfler : 7 = 4.9% [ 72.0%]
Scott Wood : 6 = 4.2% [ 76.2%]
Jean-Christophe PLAGNIOL-VILLARD: 6 = 4.2% [ 80.4%]
Jean-Christian de Rivaz : 6 = 4.2% [ 84.6%]
Jon Smirl : 5 = 3.5% [ 88.1%]
Jerry Van Baren : 5 = 3.5% [ 91.6%]
Pink Boy : 2 = 1.4% [ 93.0%]
Grant Likely : 2 = 1.4% [ 94.4%]
Wolfgang Denk : 1 = 0.7% [ 95.1%]
Matthew Lear : 1 = 0.7% [ 95.8%]
Larry Johnson : 1 = 0.7% [ 96.5%]
Graeme Russ : 1 = 0.7% [ 97.2%]
Frank Svendsbøe : 1 = 0.7% [ 97.9%]
Eric Nelson : 1 = 0.7% [ 98.6%]
Chris Morgan : 1 = 0.7% [ 99.3%]
Arno Fischer : 1 = 0.7% [100.0%]
More than 50% of all postings - 3 posters
More than 60% of all postings - 4 posters
More than 70% of all postings - 6 posters
More than 80% of all postings - 8 posters
More than 90% of all postings - 11 posters
Posters, Vote, Role (commits since 2006-01-01), Reasoning:
[Total commits since 2006-01-01: 5845 by 314 Authors]
Richard Stallman : pro
software freedom activist
defend users' freedom
Detlev Zundel : pro
developer (38)
defend users' freedom
Mike Frysinger : con
developer, custodian (311)
Some customers don't want to let users run modified code.
Robin Getz : con
developer (1)
Many organizations which require this,
some from a legal standpoint,
some from a certification standpoint
ksi at koi8.net : con
developer (5)
sometimes regulations require secure boot
Thomas Doerfler : no clear statement - con
lurker, never showed up before (0)
fears that GPLv3 would prevent use in
"many possible applications"
Scott Wood : no clear statement - con
developer, custodian (48)
fears that GPLv3 would result in a fork
Jean-Christophe PLAGNIOL-VILLARD: con
developer, custodian (320)
"I've the same opinion as Linus Torvalds"
Jean-Christian de Rivaz : no clear statement - pro
lurker, never showed up before (0)
some arguments pro GPLv3
Jon Smirl : no statement
developer (5)
fears the amount of effort needed to go GPLv3
Jerry Van Baren : no clear statement - pro
developer (56)
points out the current situation and the effort needed
Pink Boy : pro
mostly lurker, 15 postings before this thread (0)
none of the people involved in product safety care about GPL
Grant Likely : con
developer (63)
"Personally not interested.
I don't want to license my code under GPLv3"
Wolfgang Denk : pro (*)
project maintainer (635)
defend users' freedom
Matthew Lear : no clear statement - con?
developer? (0)
fears that publication of security features might result in
"a rather large security flaw"
Larry Johnson : no statement
developer (38)
-
Graeme Russ : no clear statement - con?
developer (21)
"there are cases where GPL3 went just a little too far"
Frank Svendsbøe : pro
developer (1)
Keep fighting for freedom
Eric Nelson : no statement
developer? (0)
-
Chris Morgan : no statement
developer? (0)
-
Arno Fischer : con
developer? (0)
just agrees with another con-posting,
no own reasons
(*) I did not participate in this discussion yet - mostly because I
was on vacation and strictly abstinent from any Internet access,
but also because I wanted to get an uninfluenced picture of the
situation.
So here goes my statement: if I own a device that is running any
Free Software, and I decide I want to hack it, I want to able to
do this. I accept all the arguments about safety and
certifications and such, but in my opinion this has actually
nothing to do with allowing me to change the code or not. If it's
based on Free Software, that software must remain free. I don't
want to see my own code, which I released under a Free Software
license, being used in a device such that I cannot even fix my
own bugs any more.
I am definitely _pro_ going for GPLv3. I am also realizing the
efforts and the time this will take.
Observations:
=============
1) If we take into consideration that you are not subscribed to the
list, only 20 out of 1712 subscribers (less than 1.2%) bothered to
comment at all.
2) Some of these 20 posters did not take a firm stand whether they
are pro or con moving to GPLv3; an unweighted count gives 6 more
or less clear votes pro GPLv3 versus 10 votes against such a move.
3) It seems reasonable to me to add some weight to these votes,
taking into consideration how much the posters actually
contributed to the U-Boot project.
Since Jan 01, 2006 we had a total of 5845 commits by 314 authors.
The "pro"-voters add up to a total of 730 commits (12.5%), while
the "con"-voters have 769 commits (13.2%).
4) There is a repeating pattern in the arguments against GPLv3: some
customers/vendors intentionally want to lock down their users, and
moving U-Boot to GPLv3 might mean that we lose these customers.
Various reasons are listed, but usually they boil down to legal
requirements [which usually translates into guidelines issued by
the business management], security and certification requirements.
In all these cases, little or no seizable facts are provided.
Current Status:
===============
It is a known fact, that we have not always been careful enough to
check licensing terms of all contributed code. In the result, the
current U-Boot code base contains a number files with licenses that
are incompatible with the GPLv2 (or later) which is the intended
license for current U-Boot versions. This has been addressed with
commit 78237df5, see "doc/feature-removal-schedule.txt":
---------------------------
What: GPL cleanup
When: August 2009
Why: Over time, a couple of files have sneaked in into the U-Boot
source code that are either missing a valid GPL license
header or that carry a license that is incompatible with the
GPL.
Such files shall be removed from the U-Boot source tree.
See
http://www.denx.de/wiki/pub/U-Boot/TaskGplCleanup/u-boot-1.1.2-files
for an old and probably incomplete list of such files.
Who: Wolfgang Denk <wd at denx.de> and board maintainers
---------------------------
Checking the code base using the Open Source License Checker V.3 (see
http://forge.ow2.org/projects/oslcv3/) gives this result:
-> java -jar oslc.jar -x /home/wd/git/u-boot/master/.git -s /home/wd/git/u-boot/master
Source files: 4117
License files: 1
All files: 6178
Distinct licenses: 11
Conflicts (ref): 435
Conflicts (global): 34
License Count Incompatible with
all_rights_reserved-f 285 apache-1.1 apache-2.0-s gpl-2.0-l gpl-2.0-only-s gpl-2.0-s lgpl-2.1-s mpl-1.1-s nokos-1.0a-s
apache-1.1 163 all_rights_reserved-f gpl-2.0-l gpl-2.0-only-s gpl-2.0-s lgpl-2.1-s mpl-1.0-s mpl-1.1-s nokos-1.0a-s
apache-2.0-s 1 all_rights_reserved-f gpl-2.0-l gpl-2.0-only-s gpl-2.0-s lgpl-2.1-s mpl-1.0-s mpl-1.1-s nokos-1.0a-s
bsd 170
gpl-2.0-l 1 all_rights_reserved-f apache-1.1 apache-2.0-s mpl-1.0-s mpl-1.1-s nokos-1.0a-s
gpl-2.0-only-s 196 all_rights_reserved-f apache-1.1 apache-2.0-s mpl-1.0-s mpl-1.1-s nokos-1.0a-s
gpl-2.0-s 3007 all_rights_reserved-f apache-1.1 apache-2.0-s mpl-1.0-s mpl-1.1-s nokos-1.0a-s
lgpl-2.1-s 16 all_rights_reserved-f apache-1.1 apache-2.0-s mpl-1.0-s mpl-1.1-s nokos-1.0a-s
mpl-1.0-s 2 apache-1.1 apache-2.0-s gpl-2.0-l gpl-2.0-only-s gpl-2.0-s lgpl-2.1-s
mpl-1.1-s 5 all_rights_reserved-f apache-1.1 apache-2.0-s gpl-2.0-l gpl-2.0-only-s gpl-2.0-s lgpl-2.1-s
nokos-1.0a-s 5 all_rights_reserved-f apache-1.1 apache-2.0-s gpl-2.0-l gpl-2.0-only-s gpl-2.0-s lgpl-2.1-s
->
We have a lot of files with licenses which conflict with GPLv2 (and
later); if the OSLC results are correct, there are 461 such files
(7.5% of all files) - these must be cleaned up in any case.
Compared to that, the 196 "GPLv2 only" files (3.2% of all files) seem
to be an easier task, but this may be a delusion - most of the con-
flicting files above are strictly board-specific code, and the worst
thing that can happen is that we just remove these files (if the
respective board maintainers cannot or do not want to provide fixes),
which would result in a number of boards breaking, without any signi-
ficant impact on the majority of the supported boards. The "GPLv2
only" files are mostly global code that is related to important
features of U-Boot, so just dropping these is not an attractive
solution. On the other hand, it should not be that hard to analyze
which features are affected, and eventually isolate these. Then we
might evaluate what we'd lose when going GPLv3 anyway.
So it seems we can set up something like a plan:
Short term goal:
Clean up the existing license conflicts in U-Boot. This is a
task that is completely independent of the GPLv2 versus GPLv3
discussion - it must be done in any case.
Medium term goal:
Analyze which parts of U-Boot are implemented by GPLv2-only
code, and evaluate options to convert these into GPLv2+later.
Long term goal:
Move U-Boot to GPLv3.
All in all I must say that the whole discussion reminds me pretty
much to the situation back 10 years ago when I started trying to use
GNU/Linux for embedded systems. By then, it usually took long
discussions and lots of convincing both on engineering and especially
on management levels to get a Linux based solution accepted for a
real-life industrial project. The arguments then were pretty much the
same we hear today: systems would be less secure when everybody can
read the code, intellectual property would get lost to competitors,
it would be impossible to get the required certifications, and so on
and on.
And what happened? Today we see GNU/Linux systems everywhere, inclu-
ding safety-critical applications that require certifications, and
including communication devices (like mobile phones) that need to
pass approval procedures, homologation testing etc.
I am convinced that time will work for GPLv3 acceptance.
Thanks a lot, Richard, for bringing up this topic.
Best regards,
Wolfgang Denk
--
DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd at denx.de
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty not safety." - Benjamin Franklin, 1759
More information about the U-Boot
mailing list