[ale] Red Hat and the GPL

Bob Toxen bob at verysecurelinux.com
Tue Dec 9 16:34:53 EST 2003 

The individual copyright holders of the software that comprise the
Linux OS and related user and library code should tell Red Hat: "NO!
You cannot do that [putting restrictions on GPL'ed code] and must stop now!"

"NO!  You cannot distribute OUR copyrighted code on the condition that
the Red Hat customer agree to additional restrictions such as:

  1. Not distributing patches among all of your machines and clients.

  2. Charging fees in excess of reasonable copying fees for distributing
     GPL-licensed Open Source

  3. A purchaser of a Red Hat CD-ROM (or downloaded CD-ROM image) cannot
     distribute it "because of red hat trademark logos".

Red Hat currently is doing these things and I think that this constitutes
copyright infringement in that they are using copyrighted code in ways
clearly forbidden by the GPL.

Have a look at the GPL at

     http://www.fsf.org/licenses/gpl.html

as I did in preparing this email.  It appears to me that Red Hat is
in violation of the GPL for demanding these restrictions of its customers.

The portions of the GPL that seem most relevant to me are:

     "To protect your rights, we need to make restrictions that forbid
     anyone to deny you these rights or to ask you to surrender the
     rights. These restrictions translate to certain responsibilities for
     you if you distribute copies of the software, or if you modify it.
     ...
     "You may charge a fee for the physical act of transferring a copy,
     and you may at your option offer warranty protection in exchange
     for a fee.
Warranty protection means, I believe, that Red Hat may charge money for
fixing bugs.  However, it cannot put "per seat" or "per system" restrictions
or fees on patches for GPL'ed code.  I.e., they must make patches (usually
engineered by an Open Source entity other than Red Hat) available for a
low cost or at no cost.
     ...
     "These requirements apply to the modified work as a whole. If
     identifiable sections of that work are not derived from the Program,
     and can be reasonably considered independent and separate works in
     themselves, then this License, and its terms, do not apply to those
     sections when you distribute them as separate works. But when you
     distribute the same sections as part of a whole which is a work
     based on the Program, the distribution of the whole must be on the
     terms of this License, whose permissions for other licensees extend
     to the entire whole, and thus to each and every part regardless of
     who wrote it.

That requirement seems to make illegal Red Hat's published policy of
forbidding others from redistributing "Red Hat Linux" in either original
or modified form claiming that to do so would be illegally using Red Hat's
trademarked images scattered throughout the boot process, documentation,
and elsewhere.  It appears to me the "These requirements apply to the
modified work as a whole."  requirement of the GPL expressly forbid
this practice.

     "6. Each time you redistribute the Program (or any work based on
     the Program), the recipient automatically receives a license from
     the original licensor to copy, distribute or modify the Program
     subject to these terms and conditions. You may not impose any
     further restrictions on the recipients' exercise of the rights
     granted herein.



I suggest that we contact some of the copyright holders of GPL'ed code
and see if there's agreement to contact Red Hat and tell them to stop
their current practice as it is bad for Linux and the community.

(While I consider myself more knowledgeable in contract and copyright
law than the average person, I am not an attorney.  Any statements by
myself here are my opinion.)

Best regards,

Bob Toxen, CTO
Fly-By-Day Consulting, Inc.

Author,
"Real World Linux Security: Intrusion Detection, Prevention, and Recovery"
2nd Ed., Prentice Hall, (C) 2003, 848 pages, ISBN: 0130464562
Also available in Japanese, Chinese, and Czech.

http://www.verysecurelinux.com       [Network & Linux/Unix Security Consulting]
http://www.realworldlinuxsecurity.com [My 5* book: "Real World Linux Security"]
http://www.verysecurelinux.com/sunset.html                    [Sunset Computer]

More information about the Ale mailing list