[ale] Red Hat and the GPL

James P. Kinney III jkinney at localnetsolutions.com
Fri Dec 12 09:28:59 EST 2003


On Thu, 2003-12-11 at 16:15, Bob Toxen wrote:
> My understanding is that Red Hat is charging "per system" fees for
> Enterprise Linux and is restricting the use of downloaded patches
> received (by the end user) via the Red Hat Network (RHN).  As I understand
> it, in order to get the patch service, one must agree to pay the
> fee on a "per system" basis and may not share what is downloaded.

No. In order to get the patch service on a very fast network with
automatic notification of patch availability and automatic patch
installation, the outrageous fees must be paid for each machine.

If one chooses to NOT fund further development of RedHat (as well as
stock holders) then the patches can be downloaded from any of the usual
RedHat mirrors,
ftp://ftp-linux.cc.gatech.edu/pub/redhat/linux/updates/enterprise

The caveat is: they only release the srpm's for the non-licensed
downloaders. This is well within the requirements of the GPL. The
license on the updates is the same as the one on the original code, GPL.
RedHat is not required to make any upgrades available in any form to
anyone outside of those who purchased the package. Period. That they
continue to make the upgrades available in a compatible packaging manner
to the entirety of their system to anyone who wants it is commendable.
> 
> THIS is what is forbidden quite clearly by the GPL, IMHO.  One (e.g.,
> Red Hat) receiving Open Source software may NOT place any restrictions
> on it.  This is why their requiring the customer to agree to one
> RHN license per system to receive patches of GPL'ed code is in violation
> of the GPL, IMO.  It is also why my client's choice to ignore their
> restriction is legal, IMO.
> 

RedHat has thrown a bunch of good lawyers at this problem and they see
what I have seen for a long time. The act of giving away the work (the
binaries, the iso images) is a foolish one from the viewpoint of a
business practice. So they sell the service of collecting the source
code, compiling it into binaries and packaging it into iso images and
continuing that process for supporting the patches and bug fixes and
security updates. And then they comply completely with both the letter
and spirit of the GPL by including the entire source code for their
distribution. They even made their own installer GPL'ed. And they have
people on staff who create new GPL'ed code for the Linux kernel and for
ancillary support packages. The went through the entire distribution and
pulled out all of their trademark images and put them in a single
package. That package is not GPL'ed as it would conflict with their
trademark rights and responsibilities. It is even listed in the EULA
that by removing that one package, users of RHWS, RHES and RHAS can
freely redistribute the binaries. The GPL only requires the free
(speech) redistribution of the source.

The GPL section that refers to the distribution of code for a nominal
media cost is referring to the source, not the compiled binaries. So
RedHat is free to charge whatever they can get for their pre-packaged
delivery system of their distribution. 

Again, I invite interested people to look at the mirrors of RedHat's ftp
site:
ftp://ftp-linux.cc.gatech.edu/pub/redhat/linux/enterprise/
It has 2.1 and 3. They have provided srpm's for the entire product line.
Anyone who want to devise a competing, lower cost product is free to do
so. RedHat has provided a very rich starting ground. 

> Bob
> 
> On Tue, Dec 09, 2003 at 05:07:49PM -0500, James P. Kinney III wrote:
> > As I read the EULA, RedHat is not in violation of the GPL. The
> > distribute the source with the binaries, the don't restrict the use of
> > the binaries. What the restrict is the use of their network access. They
> > do restrict the use of the RedHat name and logo. As such, there is a
> > single package that contains all of the RedHat branding. If that package
> > is removed, The EULA does not restrict the redistribution of the entire
> > RHEL. But it is not legal to call it RHEL.
> > 
> > The EULA from RedHat Enterprise Linux:
> > 
> > LICENSE AGREEMENT AND LIMITED PRODUCT WARRANTY
> > RED HAT?? ENTERPRISE LINUX?? VERSION  3
> > 
> > This agreement governs the use of the Software and any updates to the
> > Software, regardless of the delivery mechanism.  The Software is a
> > collective work under U.S. Copyright Law.  Subject to the following
> > terms, Red Hat, Inc. (???Red Hat???) grants to the user (???Customer???) a
> > license to this collective work pursuant to the GNU General Public
> > License.
> > 
> > 1.  The Software.  Red Hat Enterprise Linux (the ???Software???) is a
> >     modular operating system consisting of hundreds of software
> >     components.  The end user license agreement for each component is
> >     located in the component's source code.  With the exception of
> >     certain image files identified in Section 2 below, the license
> >     terms for the components permit Customer to copy, modify, and
> >     redistribute the component, in both source code and binary code
> >     forms.  This agreement does not limit Customer's rights under, or
> >     grant Customer rights that supersede, the license terms of any
> >     particular component.
> > 
> > 2.  Intellectual Property Rights.  The Software and each of its
> >     components, including the source code, documentation, appearance,
> >     structure and organization are owned by Red Hat and others and are
> >     protected under copyright and other laws.  Title to the Software
> >     and any component, or to any copy, modification, or merged portion
> >     shall remain with the aforementioned, subject to the applicable
> >     license.  The ???Red Hat??? trademark and the ???Shadowman??? logo are
> >     registered trademarks of Red Hat in the U.S. and other countries.
> >     This agreement does not permit Customer to distribute the Software
> >     using Red Hat's trademarks.  Customer should read the information
> >     found at http://www.redhat.com/about/corporate/trademark/ before
> >     distributing a copy of the Software, regardless of whether it has
> >     been modified.  If Customer makes a commercial redistribution of
> >     the Software, unless a separate agreement with Red Hat is executed
> >     or other permission granted, then Customer must modify the files
> >     identified as ???REDHAT-LOGOS??? and ???anaconda-images??? to remove all
> >     images containing the ???Red Hat??? trademark or the ???Shadowman??? logo.
> >     Merely deleting these files may corrupt the Software.
> > 
> > 3.  Limited Warranty.  Except as specifically stated in this agreement
> >     or a license for a particular component, to the maximum extent
> >     permitted under applicable law, the Software and the components
> >     are provided and licensed ???as is??? without warranty of any kind,
> >     expressed or implied, including the implied warranties of
> >     merchantability, non-infringement or fitness for a particular
> >     purpose.  Red Hat warrants that the media on which the Software is
> >     furnished will be free from defects in materials and manufacture
> >     under normal use for a period of 30 days from the date of delivery
> >     to Customer.  Red Hat does not warrant that the functions
> >     contained in the Software will meet Customer's requirements or
> >     that the operation of the Software will be entirely error free or
> >     appear precisely as described in the accompanying
> >     documentation. This warranty extends only to the party that
> >     purchases the Software from Red Hat or a Red Hat authorized
> >     distributor.
> > 
> > 4.  Limitation of Remedies and Liability. To the maximum extent
> >     permitted by applicable law, the remedies described below are
> >     accepted by Customer as its only remedies.  Red Hat's entire
> >     liability, and Customer's exclusive remedies, shall be: If the
> >     Software media is defective, Customer may return it within 30 days
> >     of delivery along with a copy of Customer's payment receipt and
> >     Red Hat, at its option, will replace it or refund the money paid
> >     by Customer for the Software.  To the maximum extent permitted by
> >     applicable law, Red Hat or any Red Hat authorized dealer will not
> >     be liable to Customer for any incidental or consequential damages,
> >     including lost profits or lost savings arising out of the use or
> >     inability to use the Software, even if Red Hat or such dealer has
> >     been advised of the possibility of such damages.  In no event
> >     shall Red Hat's liability under this agreement exceed the amount
> >     that Customer paid to Red Hat under this agreement during the
> >     twelve months preceding the action.
> > 
> > 5.  Export Control.  As required by U.S. law, Customer represents and
> >     warrants that it: (a) understands that the Software is subject to
> >     export controls under the U.S. Commerce Department???s Export
> >     Administration Regulations (???EAR???); (b) is not located in a
> >     prohibited destination country under the EAR or U.S. sanctions
> >     regulations (currently Cuba, Iran, Iraq, Libya, North Korea, Sudan
> >     and Syria); (c) will not export, re-export, or transfer the
> >     Software to any prohibited destination, entity, or individual
> >     without the necessary export license(s) or authorizations(s) from
> >     the U.S. Government; (d) will not use or transfer the Software for
> >     use in any sensitive nuclear, chemical or biological weapons, or
> >     missile technology end-uses unless authorized by the
> >     U.S. Government by regulation or specific license; (e) understands
> >     and agrees that if it is in the United States and exports or
> >     transfers the Software to eligible end users, it will, as required
> >     by EAR Section 741.17(e), submit semi-annual reports to the
> >     Commerce Department???s Bureau of Industry & Security (BIS), which
> >     include the name and address (including country) of each
> >     transferee; and (f) understands that countries other than the
> >     United States may restrict the import, use, or export of
> >     encryption products and that it shall be solely responsible for
> >     compliance with any such import, use, or export restrictions.
> > 
> > 6.  Third Party Programs. Red Hat may distribute third party software
> >     programs with the Software that are not part of the Software.
> >     These third party programs are subject to their own license terms.
> >     The license terms either accompany the programs or can be viewed
> >     at http://www.redhat.com/licenses/.  If Customer does not agree to
> >     abide by the applicable license terms for such programs, then
> >     Customer may not install them.  If Customer wishes to install the
> >     programs on more than one system or transfer the programs to
> >     another party, then Customer must contact the licensor of the
> >     programs.
> > 
> > 7.  General.  If any provision of this agreement is held to be
> >     unenforceable, that shall not affect the enforceability of the
> >     remaining provisions.  This agreement shall be governed by the
> >     laws of the State of North Carolina and of the United States,
> >     without regard to any conflict of laws provisions, except that the
> >     United Nations Convention on the International Sale of Goods shall
> >     not apply.
> > 
> > Copyright ?? 2003 Red Hat, Inc.  All rights reserved.  "Red Hat" and
> > the Red Hat "Shadowman" logo are registered trademarks of Red Hat,
> > Inc.  "Linux" is a registered trademark of Linus Torvalds.  All other
> > trademarks are the property of their respective owners.
> > 
> > 
> > 
> > 
> > On Tue, 2003-12-09 at 14:51, Bob Toxen wrote:
> > > The individual copyright holders of the software that comprise the
> > > Linux OS and related user and library code should tell Red Hat: "NO!
> > > You cannot do that [putting restrictions on GPL'ed code] and must stop now!"
> > > 
> > > "NO!  You cannot distribute OUR copyrighted code on the condition that
> > > the Red Hat customer agree to additional restrictions such as:
> > > 
> > >   1. Not distributing patches among all of your machines and clients.
> > > 
> > >   2. Charging fees in excess of reasonable copying fees for distributing
> > >      GPL-licensed Open Source
> > > 
> > >   3. A purchaser of a Red Hat CD-ROM (or downloaded CD-ROM image) cannot
> > >      distribute it "because of red hat trademark logos".
> > > 
> > > Red Hat currently is doing these things and I think that this constitutes
> > > copyright infringement in that they are using copyrighted code in ways
> > > clearly forbidden by the GPL.
> > > 
> > > Have a look at the GPL at
> > > 
> > >      http://www.fsf.org/licenses/gpl.html
> > > 
> > > as I did in preparing this email.  It appears to me that Red Hat is
> > > in violation of the GPL for demanding these restrictions of its customers.
> > > 
> > > The portions of the GPL that seem most relevant to me are:
> > > 
> > >      "To protect your rights, we need to make restrictions that forbid
> > >      anyone to deny you these rights or to ask you to surrender the
> > >      rights. These restrictions translate to certain responsibilities for
> > >      you if you distribute copies of the software, or if you modify it.
> > >      ...
> > >      "You may charge a fee for the physical act of transferring a copy,
> > >      and you may at your option offer warranty protection in exchange
> > >      for a fee.
> > > Warranty protection means, I believe, that Red Hat may charge money for
> > > fixing bugs.  However, it cannot put "per seat" or "per system" restrictions
> > > or fees on patches for GPL'ed code.  I.e., they must make patches (usually
> > > engineered by an Open Source entity other than Red Hat) available for a
> > > low cost or at no cost.
> > >      ...
> > >      "These requirements apply to the modified work as a whole. If
> > >      identifiable sections of that work are not derived from the Program,
> > >      and can be reasonably considered independent and separate works in
> > >      themselves, then this License, and its terms, do not apply to those
> > >      sections when you distribute them as separate works. But when you
> > >      distribute the same sections as part of a whole which is a work
> > >      based on the Program, the distribution of the whole must be on the
> > >      terms of this License, whose permissions for other licensees extend
> > >      to the entire whole, and thus to each and every part regardless of
> > >      who wrote it.
> > > 
> > > That requirement seems to make illegal Red Hat's published policy of
> > > forbidding others from redistributing "Red Hat Linux" in either original
> > > or modified form claiming that to do so would be illegally using Red Hat's
> > > trademarked images scattered throughout the boot process, documentation,
> > > and elsewhere.  It appears to me the "These requirements apply to the
> > > modified work as a whole."  requirement of the GPL expressly forbid
> > > this practice.
> > > 
> > >      "6. Each time you redistribute the Program (or any work based on
> > >      the Program), the recipient automatically receives a license from
> > >      the original licensor to copy, distribute or modify the Program
> > >      subject to these terms and conditions. You may not impose any
> > >      further restrictions on the recipients' exercise of the rights
> > >      granted herein.
> > > 
> > > 
> > > 
> > > I suggest that we contact some of the copyright holders of GPL'ed code
> > > and see if there's agreement to contact Red Hat and tell them to stop
> > > their current practice as it is bad for Linux and the community.
> > > 
> > > (While I consider myself more knowledgeable in contract and copyright
> > > law than the average person, I am not an attorney.  Any statements by
> > > myself here are my opinion.)
> > > 
> > > Best regards,
> > > 
> > > Bob Toxen, CTO
> > > Fly-By-Day Consulting, Inc.
> > > 
> > > Author,
> > > "Real World Linux Security: Intrusion Detection, Prevention, and Recovery"
> > > 2nd Ed., Prentice Hall, (C) 2003, 848 pages, ISBN: 0130464562
> > > Also available in Japanese, Chinese, and Czech.
> > > 
> > > http://www.verysecurelinux.com       [Network & Linux/Unix Security Consulting]
> > > http://www.realworldlinuxsecurity.com [My 5* book: "Real World Linux Security"]
> > > http://www.verysecurelinux.com/sunset.html                    [Sunset Computer]
> > > _______________________________________________
> > > Ale mailing list
> > > Ale at ale.org
> > > http://www.ale.org/mailman/listinfo/ale
> > -- 
> > James P. Kinney III          \Changing the mobile computing world/
> > CEO & Director of Engineering \          one Linux user         /
> > Local Net Solutions,LLC        \           at a time.          /
> > 770-493-8244                    \.___________________________./
> > http://www.localnetsolutions.com
> > 
> > GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
> > <jkinney at localnetsolutions.com>
> > Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
> 
> 
> 
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://www.ale.org/mailman/listinfo/ale
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
-- 
James P. Kinney III          \Changing the mobile computing world/
CEO & Director of Engineering \          one Linux user         /
Local Net Solutions,LLC        \           at a time.          /
770-493-8244                    \.___________________________./
http://www.localnetsolutions.com

GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part




More information about the Ale mailing list