[U-Boot] U-book and GPLv3? (fwd)

Mike Frysinger vapier at gentoo.org
Wed Jun 24 19:32:42 CEST 2009


On Wednesday 24 June 2009 12:34:40 Detlev Zundel wrote:
> > On Wednesday 24 June 2009 09:17:50 Detlev Zundel wrote:
> >> > if you want to push your agenda on your customers (i'm assuming you
> >> > actually have some and arent just here for fun), that's your business.
> >>
> >> Is it possible that you jump to conslusions here?  All we - on a regular
> >> basis - do is to talk to our customers until we understand what the
> >> customer needs.  Then we think about how this can or cannot be done with
> >> the help of Free Software.  After all nobody is forcing anyone to use
> >> Free Software and for some customer wishes Free Software may simply be
> >> not a legal option, so what?
> >>
> >> In this process it is common that customers have incomplete information
> >> about Free Software in general and not well-articulated fears making
> >> them jump to premature conclusions (e.g. "we need a closed source Linux
> >> kernel driver") which would prevent us from doing development for them.
> >> At this point it is extremely important to learn about the reasoning of
> >> the customer and then clearing up confusion probably leading to
> >> revisiting the question of using Free Software.
> >>
> >> Essentially I can only remember one customer in the last years who did
> >> not go further at the time after learning that we would not develop a
> >> non-GPL kernel module.  Incidentally this customer is now back on our
> >> doorstep because the market effectively forces him to use a GNU/Linux
> >> system from a feature perspective.  This time around closed sources
> >> kernel modules are not even on the agenda anymore.
> >
> > and that's your prerogative.  how you choose to run your business has no
> > bearing at all on how other people choose to run their businesses.
>
> All I said is that we have a pretty good idea of what is legal
> and what isn;t and that we will not start work in an area where we
> belive we could actually be liable by law.  How you come to the
> conclusion that this is "prerogative" completely escapes me.  Are you
> sure that you are interested in what I say?

i think you are interpreting the word incorrectly.  it is your prerogative -- 
your right -- to run your business however you want.

> >> > but when customers absolutely state their requirements are secure boot
> >> > and the ability to lock their hardware so no one else can run things,
> >> > then i'm not about to argue with them.  their response is simply
> >> > "fine, we'll move on to the next guy who will satisfy our
> >> > requirements".
> >>
> >> It is your decision if you don't want to even understand your customers
> >> needs.
> >
> > wrong, we've actually done the opposite.  we know what they want to do
> > and it is doable with GPLv2.  it is not doable with GPLv3.
>
> From what I read, I do not get this impression.  "Locking people out" is
> not a ulterior motive but the outcome of a perceived threat to a
> business model.  It was this business model that I wanted to get a clear
> picture of.  It seems I cannot get any more informatino here.

locking down a machine is part of due diligence as well when it comes to 
certification.  not taking measures to prevent uncertified code from running 
is a legal liability for companies.  you can chalk these use cases up as 
"perceived threads to a business model" all you like.  many customers arent 
going to change because of your opinion, and while you may not business with 
them, i dont have a problem with doing it.

> > yes, there are cases of ingrained perceptions about how to accomplish
> > something and GPLv3 blocks those methods.  but again, it is *your* choice
> > to attempt to educate people here, it is not the automatic burden of
> > people to champion the GNU cause for you.
>
> What kind of axe do you have to grind here?  We (as a project) were
> asked about our stance to move to GPLv3 which is a perfectly good
> question to pose.  All I want to do is collect facts - your allegation
> that I want other people to carry a "burden" shows me that this way will
> bear no more fruit.

i wasnt directing all of these comments directly at you.  i dont know you nor 
do i care.  if the GNU project wants people to use the GPLv3 and people have a 
perception of it being crap, then it's their problem to address it.

> >> > they arent generally trying to lock out people who just want to toy,
> >> > they're targeting people who want to clone their hardware or
> >> > functionality to create knockoffs or they're trying to guarantee lock
> >> > down so they can get certified (like medical devices).
> >>
> >> How does GPLv3 vs. GPLv2 touch the "we will get cloned" question?  Maybe
> >> I do not see the obvious here, but sourcecode to binaries under either
> >> license must be available, so what's the difference?
> >
> > if you dont have the decryption keys, you cant read the end program. 
> > having access to the u-boot source doesnt matter.
>
> Having access to the physical device will.  How long do you think will
> it take to get broken into?  Unfortunately physics do not follow wishes
> of companies as seen over and over in the past.

and companies understand that.  i never said locking the device is a 100% 
guarantee to prevent cloning -- nothing in life is 100%.  it does however 
significantly make it harder to reverse engineer a black box that is wiggling 
pins than it is to disassemble code and memory.  the companies i work with are 
concerned with delaying clones for most of that product generation's life 
span, not eternity.  if the clone comes in after the company has gotten their 
fair share out of it, then that's fine by them.  clones are an unfortunate 
aspect of commercial life.  without the secure boot aspect, people are able to 
create knockoffs with enough turn around time to do quite a bit of damage to 
the product's life span.

> >> On the other hand I also do believe that for a project which is here
> >> simply because of the benefits of the GPL, we should spend some time
> >> thinking this through and then base the decision of the project on a
> >> sound basis.  Handwaving arguments do not help much here, so thanks for
> >> your input.
> >
> > except that licensing choice is just as much practical considerations
> > (can XYZ be done with the GPLv3) as it is personal choice.  it dictates
> > how we choose to *let* other people utilize the code.
>
> Licensing ceases to be a personal choice when it is a community project.

that is plain wrong.  it is always a personal choice and by advocating it in a 
community setting, you're pushing your personal choices on others.  i want to 
stay with the GPL-2 -- i am pushing my personal preference on others.  you 
want to move to the GPL-3 -- you are pushing your personal preference on 
others.

> > i personally dont have a problem with people locking their hardware.
> > that is their choice and the GPLv2 allows them that freedom.
>
> You have a strange definition of freedom - for you it is limited to the
> provider of the devices not to the users of the devices.  I guess this
> is what this all boils down to.

no, i have a definition of freedom you cant cope with.  what i choose to do 
with my time and code i write is absolutely my choice.  i have no problem 
people taking my code and doing whatever they want with it -- that's why i 
release to public domain.

> > hell, i wouldnt have a problem with a public domain u-boot.  people
> > dont use GPLv3 because it is a "superior" license from a technical
> > perspective, they use it because they want to *restrict* how others
> > use their code.
>
> Are you standing on your head typing this?  You actually want to allow
> a few people to _massively_ restrict all the rest.  I cannot follow
> here.

and it's funny you cant cope with this simple concept.  your code, your time, 
your choice.  my code, my time, my choice.  if people take my work i give away 
freely and "massively restrict the rest", then i dont have a problem with 
that.
-mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
Url : http://lists.denx.de/pipermail/u-boot/attachments/20090624/dc06c1cc/attachment-0001.pgp 


More information about the U-Boot mailing list