[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Why TPM+Parallel Distribution is non-free



On Tue, 10 Oct 2006 15:40:09 -0500 Terry Hancock wrote:

> Francesco Poli wrote:
> >  On Sun, 08 Oct 2006 21:45:46 -0500 Terry Hancock wrote:
> > > So, are you asserting that if the CCPL3.0 included an allowance to
> > > distribute TPM'd files, so long as the key necessary to apply TPM
> > > to modified works based on the non-TPM'd version were publically
> > > available (or always available as part of the non-TPM'd
> > > distribution)?
> >
> >  Am I asserting that if $LONG_SENTENCE, then what? I'm not sure I
> >  understand your question, since something seems to be missing in
> >  it... :-/
> 
> Yes, you're right.  Obviously, I was asking that if this were true,
> "...  you would claim the license were DFSG free".

I think that an anti-TPM clause could be DFSG-free, provided that it
allowed:

 * to apply TPM to the work for private use (so that it's not a use
restriction)

 * to distribute a TPM'd version of the work, as long as a non-TPM'd
version (of equal or better quality) _and_ any encryption or
authorization keys necessary to apply the TPM are made available to the
recipient without additional fee

> 
> I would agree with you in that case, but I would also claim that such 
> agreement implies the existing license is DFSG free (because there is
> no  difference in principle between them. Both restrict certain
> platforms in  exactly the same way -- they do not allow distribution
> of works already  encrypted to work only on that platform).

There are differences in principle!
There could be little practical difference, _perhaps_, but the two
clauses are very different in principle.
One bans *any* TPM'd ditribution, the other one only disallows those
that actually put the recipient in a situation where he/she is unable to
exercise the rights granted by the license.

[...]
> >  AFAICT, the objection is that an anti-TPM clause (such that it
> >  forbids any TPM in any case) forbids porting to some platforms.
> 
> I would agree with you in the case that all application of TPM is 
> forbidden, but as I've mentioned, that change is already conceded. The
> end user can apply TPM if needed. In the case of interest (the TPM key
> is publically available), this already provides the user with the 
> freedoms you ask for (he is certainly able to use the content on that 
> platform).

Being able to apply TPM by yourself is not enough, IMO.
Because the end user (as already said elsewhere) could be or feel to be
not skilled enough for the task.
And please, do not repeat that TPM are always easy to apply.  They
require some program that is often closed-source and thus can have
complex dependencies and low portability.  *Some* TPM can be easy to
apply, some other can be hard: I don't believe there's some sort of
intrinsic reason why they should be *always* easy (or always hard, for
that matter)...

[...]
>  > I
> >  think that no such porting should be disallowed, as long as it can
> >  be done without denying recipients the ability to exercise the
> >  rights granted by the license.
[...]
> It seems paradoxical to me that Debian should take such pains to allow
> free works to be ported to restricted platforms, "because of freedom",
> but then to dismiss the loss of freedom that results from doing so.

Actually the Debian Project seems to be concerned about the cases where
porting could be allowed without loss of freedom.
Those ones *should* be allowed.
I think there's no problem in forbidding cases where porting *cannot* be
done without loss of freedom.

Compare with other licenses (such as GPLv2, for instance: see section 7)
where, if there are valid conditions imposed on you that make you unable
to comply with the license terms, then you cannot distribute at all.
That is perfectly DFSG-free.

> 
> >  Likewise, a clause that forbade porting the work to Windows systems
> >  would be considered non-free.
> 
> Then the GPL is "non-free" if Microsoft decides to implement a system
> to  scan the package file and refuse to unpack, install, or run the
> file if  it finds a copy of the GPL license in it.  (Strictly
> speaking, I think  it would have to look for the GPL notices that must
> be retained in the  binary -- harder to implement, but the same in
> principle).

Well, *when and if* Microsoft does that move, distributing GPL'd
programs ported to those particular versions of Windows will become
effectively forbidden, because it would require discarding license text
and notices (which are mandatory per the GPL).

I don't think that this hypothetical situation would be equivalent to
platforms where TPM are mandatory.

> 
> > > You see, I think the thing you might be missing here is that the
> > > creator of the work has no control over whether the TPM key might
> > > or might not be available: it is a property of the platform, just
> > > like the platform being TPM-only.
> >
> >  I am well aware of this. Just as the presence of a third-party
> >  software patent that covers a piece of software is not under
> >  control of its author.
> 
> Again, you are inconsistent.
> 
> If *this* is not non-free, then neither is the existing anti-TPM 
> distribution clause.

This *is* non-free.
The presence of third-party valid (and actively enforced) patents that
covers a piece of software makes it non-free, unless a proper patent
license is publicly granted for everyone by the patent-holder.

[...]
> >  In a world where many users are scared to death at
> >  the sole idea of installing a software package (that doesn't come
> >  preinstalled with the computer they bought), I think that the
> >  above-mentioned end-user freedom should not be seen as
> >  negligible...
> 
> Again, this is the false impression that is created by regarding the 
> application of TPM as something difficult, like compiling a binary. 
> If  the end-user is so terrified that they won't even *install*
> software,  they aren't going to be using Debian, period.

The Debian project is not only concerned with the freedoms granted to
its users.  Freedoms granted to any other recipient are equally
important: see DFSG#8.
So we are not (necessarily) talking about a Debian user, when we are
considering the possibility that he/she is terrified by the idea of
installing a software package.


-- 
But it is also tradition that times *must* and always
do change, my friend.   -- from _Coming to America_
..................................................... Francesco Poli .
 GnuPG key fpr == C979 F34B 27CE 5CD8 DC12  31B5 78F4 279B DD6D FCF4

Attachment: pgphtQIkjBIkl.pgp
Description: PGP signature


Reply to: