[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Why TPM+Parallel Distribution is non-free

Francesco Poli wrote:
 Being able to apply TPM by yourself is not enough, IMO. Because the
 end user (as already said elsewhere) could be or feel to be not
 skilled enough for the task. And please, do not repeat that TPM are
 always easy to apply. They require some program that is often
 closed-source and thus can have complex dependencies and low
 portability. *Some* TPM can be easy to apply, some other can be
 hard: I don't believe there's some sort of intrinsic reason why they
 should be *always* easy (or always hard, for that matter)...

Okay, fine. Let's consider the case in which TPM is "hard" to apply:

Then isn't it an effective barrier to further modification and redistribution (i.e. non-free)?

The purpose of the anti-TPM distribution requirement in CCPL3.0 is to ensure that such barriers do not exist downstream. It is a simple part of the copyleft of the material. That is, it's purpose is to preserve freedom.

You are right that allowing TPM distribution on platforms with available keys is different in principle -- it is cooperation with the systems which are designed specifically to subvert and remove user freedoms. And I think that's a bad principle.

Even *if* a hypothetical company publishes a key and a tool to apply TPM in order to comply with the letter of your hypothetical keyhole exception, what then? A company can just as easily exploit user fears of the technology (such as you propose as a justification for allowing TPM distribution) or the genuine difficulty of the tool. They can *make* it hard to use, as a simple means of implementing a barrier to freedom (not unlike Microsoft changing the DOC format repeatedly, ostensibly for internal reasons, but possibly just so it is difficult for third parties to follow).

I stand by my opinion that TPM is intrinsically simpler than binary compilation. That's because, whereas binaries are meant to work as parts of complex systems, the TPM is controlled by one organization and serves only one purpose. It is a simple data-to-data mapping. There's no video cards or CPUs to consider -- it's entirely abstract.

So if it's complicated to apply, the only reason is that it was specifically designed to be complicated. And that is the simplest way to subvert and abuse your loophole.

Making such holes in the copyleft just to accomodate such companies will only invite this kind of abuse.

Perhaps this is less of a problem for program code than for creative content. After all, there is a standing assumption that programs are written by expert "developers" who are not regarded as being in the same class as mere "users". So you may take it as writ that a user aspiring to make changes will have to overcome significant barriers -- so what's a little TPM on top of it all?

But content creation is not a technical specialty. There is no reason to suppose that the only users who want to modify and use creative content will be "experts" (or at least not "computer experts"). So even a barrier of modest complexity is effective.

But your proposal doesn't deal with that. It cooperates with an oppressor to spread their oppression to more and more users.

Leaving the CCPLv3 like it is, on the other hand, puts users and developers on par with each other. It creates an incentive to keep the TPM simple to apply.

So, if developers want to port to a TPM-only platform, let them make certain that there is a simple means to apply TPM, so that it is not a technical hurdle for the end user. This way, the user really is free, because he can then apply the same tool to his own works.

But trying to distribute the works already TPM'd is just a lazy solution, that leaves the user with the same barrier. It brings "free" content to TPM-only platforms, perhaps, but it has to make it "non-free" to do so.

It will be no harder for would-be TPM-only platform port developers to provide non-TPM content with an appropriate loader application including TPM-application than to provide them with non-TPM and TPM versions. In fact, it'll probably be simpler. But even if it isn't, it's the only way to ensure the end user has the freedoms the license is designed to guarantee.

For users, they're going to have to do *something* to put the content on their TPM-only platform, so "installing" or "running an installer" is inevitable. Let the installation program or loader apply the TPM -- that's a simple way to comply. There's no reason why this has to be difficult.

> Then the GPL is "non-free" if Microsoft decides to implement a
> system to scan the package file and refuse to unpack, install, or
> run the file if it finds a copy of the GPL license in it.
> (Strictly speaking, I think it would have to look for the GPL
> notices that must be retained in the binary -- harder to
> implement, but the same in principle).

 Well, *when and if* Microsoft does that move, distributing GPL'd
 programs ported to those particular versions of Windows will become
 effectively forbidden, because it would require discarding license
 text and notices (which are mandatory per the GPL).

 I don't think that this hypothetical situation would be equivalent to
 platforms where TPM are mandatory.

Why? It's exactly the same situation. You have a *distribution requirement* which you have to meet, by including proper attribution and licensing. You have a technological measure designed expressly to discriminate against free content. How is that different?

The CC solution is to allow the user to strip out whatever they need to run the code, but retain the requirements for distribution. Your proposed solution is asking to be able to strip the GPL license notices out of the binaries and distribute those as-is. You say that denying that right is DFSG non-free, to be precise.

Yet, the GPLv2 is still considered free (despite the fact that it does deny that right).

And in fact, this scenario applies to all licenses, hence all of the "DFSG free" ones, too.

In principle, it is exactly the same as the TPM-only platform case. And taken exactly in principle, your proposal denies the DFSG freedom of ALL licenses, because you are essentially denying the validity of distribution requirements, including copyleft distribution requirements which are designed to ensure end-user freedoms.

IMHO, that position is flawed. The TPM distribution proposal is simply anti-copyleft. If parallel distribution eliminated that problem I would say "fine". But as has been demonstrated previously, it doesn't. So the anti-TPM clause is necessary to preserve copyleft, and Debian really needs to recognize that in order to remain the flagship free software distribution that it is.


Terry Hancock (hancock@AnansiSpaceworks.com)
Anansi Spaceworks http://www.AnansiSpaceworks.com

Reply to: