On Tue, May 21, 2002 at 06:20:24AM -0700, Jim Lynch wrote: > First off, sorry about mailing to you directly as well as to the list. > I'll get that fixed soon. (I'm using sylpheed; how can I make it follow > debian mailing list policy in a convenient way?) I have no idea as I don't use it. I generally always use group reply. I realize this is flatly against the stated Debian policy, but this practice is one which was employed by most of the project before I joined and continues to be employed today. There are a few people who get very angry if they get a Cc though - if they get one they'll rant about it on the list and quote the policy which nobody but them and a few others actually cares about. Most of these people have configured their MUAs to set a Mail-Followups-To which excludes them, but not all. The configuration variable for this in mutt is "metoo". This means you'll need to manually edit the list of people you're sending to and remove anyone which you know doesn't want to get a copy - but that's fine, you should be editing the recipient list to remove any person or list which the message doesn't need to go to anyway to prevent unnecessary crossposting and filling of some poor person's mailbox because they had one comment 50 messages back. Now, if your mailer doesn't obey Mail-Followups-To, I can guarantee you'll get flamed. ;) > On Tue, 21 May 2002 04:48:47 -0700 > > > > This project needs a backbone. > > > > > > OK. Hire the lawyers necessary to support the claims you're making > > > rather than suggest that debian should just go ahead and break the > > > law without thinking. It looks like every one of these patents > > > you've mentioned have prior art. The backboney thing to do is get > > > those patents recinded, all of them. BTW, maybe the symlink patent > > > could stand up if microsoft owns unix and unix invented symlinks... > > > you would need art prior to unix. > > > > If Debian needs a lawyer to determine that something like a patent on > > RLE or a Save-As feature are bogus and not worth worrying about, then > > we should all leave the project now since we can't get anything done > > whatsoever. I can find patents which the Linux, BSD, and HURD kernels > > all violate if I try. Hell, Microsoft has a patent on SYMLINKS! > > (did you read the above? I'm not suggesting the lawyers are needed to > -determine- if the patents are bogus. I'm stating that if debian is to > have this backbone and set of balls you speak of, it should -fight- the > patents and have them recinded. So, in fact we do agree that the patents > are bogus, but you believe they should be ignored and I believe they > should be dealt with.) We don't have the means to do that. We never have had the means to fight a bunch of expensive lawsuits. But previously we have exercised good judgement as to which patents brought to our attention were dangerous, which were annoying, and which were harmless. The mp3 encoder patent was the first one which ever kept software out of Debian, and then originally because mp3 encoding was patented in the country where our non-US server was located, Germany. I hate to use a slippery slope argument, but Debian has not once since been willing to stand up and package a piece of patented software. That was the moment when Debian lost its will to fight for software freedom in the face of patents and other legal silliness. > > Either Debian must decide that these things are bull and ignore them > > or it must cease to be. Those are the only two options available to > > us. These patents are ridiculous and meaningless. The holders of > > these patents know it, and they don't actually enforce them because > > they realize how stupid it would be and how easily prior art could be > > proven if necessary. > > Hey! You with the balls! Yeah, you! DO it! Get the patents recinded! > > If not, please don't talk about balls or backbones :) Do you have any idea what this costs? I don't have the money. And Debian never needed to fight these expensive court cases with RSA or IDEA - both of which were used as the primary encoding methods of PGP, a piece of non-free software which was illegal to distribute in a few countries. Debian did so anyway because we found ways to work around the system. We had to or Debian would have been nothing more than a dream. Now the dream is a nightmare of calls for lawyers because the project is too paranoid to take any action without one. You're part of this problem - you call for no action until these patents are all gone. But these are frivolous patents which would cost hundreds of thousands to fight in a given country and millions to prevent through lobbying. Patents which are only used by large corporations in trade for licenses to other frivolous patents and which four years ago we were quite happy to ignore. > Lawyers: how fast could this be, and how expensive? Also, is it in fact > necessary, or can we just ignore them, hoping someone else doesn't fall > victim to them? There you go again. WE DON'T NEED A LAWYER. We need common sense. > You're the one who responded to this :) And I did too. Consider what > happened in the case where some idiot trademarked "linux" and started > going "stand and deliver" to anyone using the word in their ads? They > fought and quickly won. Do you think you can stand up to Microsoft's legal department where the US Government failed? I can guarantee, they're one of the biggest offenders for these things. And you need a seperate case for each of them. That means one lawsuit for the patent on symlinks and proving that UNIX has more than twenty years of prior art. Another for Save-As and proving that applications prior to Microsoft Word featured comparable abilities. And yet another for the patent on remote network updates and proving that we had apt and dpkg-ftp first. Of course, these are three patents we currently ignore. And why shouldn't we? They are after all trivially provable to have prior art and if their lawyers came calling it would not take much to convince them that we've got it, that we don't have any money to gain by suing, and that they'd be blasted by the press for suing us given that we can so trivially prove their patents bogus. We are thankfully not worth their trouble - not because we couldn't win, but because we have nowhere near the resources to fight each case. Remember that the first step in these sorts of lawsuits is not an expensive lawsuit; they can't afford that anymore than we can. No, the first step is a cease-and-desist letter. Usually this scares people into compliance. Sometimes they get responses though and based on those responses it is then up to them to decide whether or not they really want a lawsuit. As I said, the first cease-and-desist we have ever been faced with to my knowledge was over 8hz-mp3, something which we didn't get, but decided not to package because upstream had been and decided to stop making the software available. At that time, a large portion of the project seemed opposed to that kind of rampant paranoia. It was the last time any significant number of people stood up for the right to package GPL'd software in Debian though. I'm quite convinced that the passage of the SSSCA would today kill Debian rather than move it to a safe country. > Uninformed comments about my brain aren't on the topic, are they? > Are you fighting just to fight? Consider that we do agree that the > patents are ridiculous. The place where we disagree is in how we > should respond. Yes, you want me to fork over thousands per country before we do anything knowing full well that this is probably beyond my means. You advocate paranoia. I'm sick of Debian's dependency on lawyers. Anytime someone has a question we used to be able to answer for ourselves, we now wait for someone to donate a lawyer. It took us _years_ to put crypto in main after the laws changed to allow it because we wanted to wait for someone to pay for a lawyer - we didn't want to use Debian money for it of course! The laws of the US are some of the most convoluted and nonsensical ever written. And yet it is written in our own founding documents that laws should be written such that the common man may read them. I'll grant that the language is pretty thick and reading with a dictionary is occasionally necessary, but most of us are programmers. Are we incapible of following complex definitions laid out in partially spaghetti language? How is it different than spaghetti code? Oh sure it's ugly and a complete pain in everyone's ass, but we _can_ read it with effort, and we can apply these things to our current situation in a logical manner. > Recently, a debian developer was arrested by the FBI for writing > a program he wasn't supposed to write, having something to do with > the DMCA and decss possibly. Our response was to try to fund his > legal defense. We did not fund his legal defense. We helped pay a portion of his bill. I do not believe he was arrested, in fact I am pretty sure the case was civil rather than criminal. His argument was that the MPAA had no standing to sue him in their home state where the courts were friendly because he did nothing even potentially wrong there. I believe the court decided they didn't want to hear that. His "crime" against the MPAA was hosting a mirror, not writing code. Suddenly the situation is not as grave and perilous as you make it out to be. This was the DeCSS source code, which we have agreed could never be packaged on a US server because of stupid US laws, a decision I agreed with. Why it's not in non-US, outside the reach of stupid US laws, is anybody's guess. > Tell me either why these patents are a good thing, or how we can > absolutely prevent being subject to them even as debian provides > packages with infringing software. If you can't, then tell me > why positive action to get all the patents you mentioned recinded > is bad, or inefficient. If you can't, tell me why debian should > break the law, assuming it is found that some package infringes > on one of the "ridiculous" patents. These patents are absolutely not a good thing. We cannot 100% guarantee that we will never be subjected to them in the United States. The only method to guarantee that we will never be subjected to them here is to either abandon the Debian operating system or move it to another country which isn't as stupid or as lawsuit-happy. After all, even vi and emacs contain potentially infringing code whose concept was later patented successfully. There are arguably patents which cover kernels and other elements essential to having an operating system in the first place. apt is patented technology. As is ln -s. The chance of lawsuit with any merit is small without a cease-and-desist letter first. The chance of a lawsuit without any merit is higher in the US but still not non-existant in other countries. There is absolutely no preventative measure for these (they are lawsuits without merit after all!) Best you can do in that case is file a motion for dismissal which works even in the US if the case is truly pointless. When cases are dismissed in this manner it is typical for the person who filed the suit to be required to pay your costs, but it's not always easy to get them to pay up and requires you taking them to court if they fail to do so. Even if we never came near infringing a patent ridiculous or otherwise, we would still be subject to this - and nearly were once when some moron started whining because messages he posted to one of our lists making a total fool of himself were archived for all time. He planned to sue us for invasion of privacy. ;) I don't recall what became of that, but I bet he went and talk to a lawyer and was laughed out the door. I have already estimated the cost of fighting these patents, and my estimate was probably overly conservative given the number of them we would have to fight individually. On the other hand, while we were at it, we could defuse the mp3 patent given that there was research into the technologies which comprise mp3 (yes, even in similar combinations) for many years before the patent was ever filed. Debian is not "breaking the law". That implies a criminal offense. IP issues are matters of civil law, not criminal. The DMCA and other attempts to pass similar laws change this, but only in the countries which are stupid enough to enact these things. The fact that things which are being attacked successfully on DMCA grounds (DeCSS) clearly cannot be safely packaged in US/main is not in dispute. But it is also true that we're not Napster and we should stop acting like we're guilty of some crime just because we have a bunch of stuff more than a decade old which was just recently patented. The alternative to infringing these silly patents is to not distribute the software. Say goodbye to apt, every single text editor in the archive, probably any networked dselect method, and any number of other useful things. You'll be lucky if we've still got a kernel left after the patents strip away every last bit of software from Debian that we allow. So do we give up now and go home or do we decide enough is enough? > I don't disagree with you about the ridiculous nature of the > patents... and the RLE thing might not be applicable to the > packages, so maybe that's one we don't need to deal with. With what money? There are hundreds, perhaps thousands of these patents in the US alone. It is unreasonable to expect to win a court case with anything less than $5k per case, and anyone who has any understanding of these things will tell you that that figure is far too small to take on the legal team from any large company. > > Or we can continue jumping at shadows > > until someone gives us a patent number which makes apt a patent > > violation (it exists) or the same for the kernel itself (also likely > > to be an easy search..) > > If you know it exists, do you also have the number? The patent was discussed on this list when it was issued. > OK, I just searched, and found Granted to Punch Networks May 29, the > patent -- "Method and apparatus for automatically disseminating > information over a network" -- is numbered 6,240,451. > > Can you say "NTP is prior art"? :) I do not know if the patent covers NTP or not. The patent in question was issued to Microsoft over their Windows Update facility. It seems that apt was created after the filing date, but dpkg-ftp predates it by several years, as did the IBM update program found in OS/2, which I used before I knew Debian existed. > > When I joined Debian, RSA was patented and this could have severely > > hurt our ability to even sign our uploads. What did Debian do about > > this? Well, RSA was patented in the US - so we had a server outside > > the US with RSA on it. Two versions in fact. The first was for use > > in the US (and should never have been allowed outside the US. How did > > it get there? Well, we didn't care! It was there and we got hold of > > it, that was enough...) Sure RSA was patented, but we didn't let that > > get in the way of Debian. > > I was around for that. Also, I know some of the people who worked on the > upstream; all the work that needed to be done outside was done outside > the US, or at least that's what I was told. The guy I knew was in the > US, and so he couldn't actually work on the core stuff. Indeed. The laws of the US prohibited distribution of PGP. But given the option of finding another way to have it or not having it at all, Debian chose to find another way. However, somewhere along the line RSAREF, the only way to use RSA in the US legally, was exported. How I cannot say exactly. Debian today would conclude that it was still illegal to export from the US and not package it. This didn't stop us before. > -sheesh-! Aren't you listening?? Fighting the patents is exactly what > I'm suggesting. Get them -recinded-. That's the -ballzy- thing to do. Give me the means and I will happily do so. The method you propose is beyond anybody's financial means. I doubt Bill Gates has the liquid assets necessary. > Working around them gets the job done, but it's weak because debian > isn't helping to fight for the very freedom of coding it enjoys. All > it's doing is taking care of itself. If it -does- fight and win, more > programs can be written, and anyone can write them. But Debian isn't taking care of itself. Every time someone says patent, we panic. Several packages were nearly pulled from Debian over a patent which does not even apply to those packages! We can't take care of the world on this one. But we can't afford to not take care of ourselves just because we can't take care of the world. > > I know what would happen. First things first, gcc would fork. But > > Debian would immediately go into a panic and need to have some company > > donate lawyer services to help the project figure out what if any > > impact this would have on our ability to use gcc for compiling Debian. > > One thing is for sure: such an event would test the GPL. They would be > getting Cygnus, not FSF or GNU. There's no question that gcc from cygnus > could be used, but the impact of their purchase would be to try to make > cygnus do closed-source work, or spread the developers to the four > winds, or something along those lines. Unless MS breaks GPL, gcc can be > used.(and I keep hearing rumblings that suggest they are trying to do > so) They've been trying for years. Current tactics in Redmond are to try and out-license the GPL by making it an infringement to use their stuff with the license. This won't work in the end, though it may change how GPL software is ported to Win32. > > If you think I'm exxagerating things a bit, I think you haven't been > > reading the lists very closely. > > I would have thought you were exaggerating, and I haven't been reading > the lists closely for about a year now. I'm trying again to see if > I'm willing to follow the lists again. (debian-user is too much... > noisey as all hell, repetitive, people don't look first before posting > afaict... maybe I get rid of that one...) I don't follow the lists that closely. I just don't have the time, and I don't know anybody else who does. I poke my head in on most threads, ITPs, etc here and there to see how the discussion is going. If there's something interesting happening, I read more. I may re-subscribe to other lists, but I will probably treat them the same way. I won't resubscribe to -private. My reason? I feel I should have the right to voice my opinion on Debian matters, even when what I have to say is something nobody wants to hear or be reminded of. I feel that -private limits this because if I were on it I would be expected to make sure that what I am commenting on did not come from that list. After watching people flamed for both accidental and deliberate breaches of the -private classified information policy and being involved with a project who used secret communication channels to hide problems from users who had a right to know about them, I'm no longer willing to subject myself to the requirement that I remain silent about something I feel I should not. The theory goes that not being on -private I should probably not hear about things discussed there and I cannot reasonably risk being suspended for leaking priveleged information to the public since I won't have that information to leak. (I urge other people to unsub from that list for the same reason of course, though the choice remains theirs..) -- Joseph Carter <knghtbrd@bluecherry.net> Crazy in the coconut <Knghtbrd> It's a trackball for one <wichert> so it's not a rodent <wichert> it's a turd with a ball sticking out <wichert> which you fondle constantly
Attachment:
pgppTWsSZ4LgT.pgp
Description: PGP signature