Re: Why TPM+Parallel Distribution is non-free
Francesco Poli wrote:
Being able to apply TPM by yourself is not enough, IMO. Because the
end user (as already said elsewhere) could be or feel to be not
skilled enough for the task. And please, do not repeat that TPM are
always easy to apply. They require some program that is often
closed-source and thus can have complex dependencies and low
portability. *Some* TPM can be easy to apply, some other can be
hard: I don't believe there's some sort of intrinsic reason why they
should be *always* easy (or always hard, for that matter)...
Okay, fine. Let's consider the case in which TPM is "hard" to apply:
Then isn't it an effective barrier to further modification and
redistribution (i.e. non-free)?
The purpose of the anti-TPM distribution requirement in CCPL3.0 is to
ensure that such barriers do not exist downstream. It is a simple part
of the copyleft of the material. That is, it's purpose is to preserve
You are right that allowing TPM distribution on platforms with available
keys is different in principle -- it is cooperation with the systems
which are designed specifically to subvert and remove user freedoms.
And I think that's a bad principle.
Even *if* a hypothetical company publishes a key and a tool to apply TPM
in order to comply with the letter of your hypothetical keyhole
exception, what then? A company can just as easily exploit user fears of
the technology (such as you propose as a justification for allowing TPM
distribution) or the genuine difficulty of the tool. They can *make* it
hard to use, as a simple means of implementing a barrier to freedom (not
unlike Microsoft changing the DOC format repeatedly, ostensibly for
internal reasons, but possibly just so it is difficult for third parties
I stand by my opinion that TPM is intrinsically simpler than binary
compilation. That's because, whereas binaries are meant to work as parts
of complex systems, the TPM is controlled by one organization and serves
only one purpose. It is a simple data-to-data mapping. There's no
video cards or CPUs to consider -- it's entirely abstract.
So if it's complicated to apply, the only reason is that it was
specifically designed to be complicated. And that is the simplest way
to subvert and abuse your loophole.
Making such holes in the copyleft just to accomodate such companies will
only invite this kind of abuse.
Perhaps this is less of a problem for program code than for creative
content. After all, there is a standing assumption that programs are
written by expert "developers" who are not regarded as being in the same
class as mere "users". So you may take it as writ that a user aspiring
to make changes will have to overcome significant barriers -- so what's
a little TPM on top of it all?
But content creation is not a technical specialty. There is no reason to
suppose that the only users who want to modify and use creative content
will be "experts" (or at least not "computer experts"). So even a
barrier of modest complexity is effective.
But your proposal doesn't deal with that. It cooperates with an
oppressor to spread their oppression to more and more users.
Leaving the CCPLv3 like it is, on the other hand, puts users and
developers on par with each other. It creates an incentive to keep the
TPM simple to apply.
So, if developers want to port to a TPM-only platform, let them make
certain that there is a simple means to apply TPM, so that it is not a
technical hurdle for the end user. This way, the user really is free,
because he can then apply the same tool to his own works.
But trying to distribute the works already TPM'd is just a lazy
solution, that leaves the user with the same barrier. It brings "free"
content to TPM-only platforms, perhaps, but it has to make it "non-free"
to do so.
It will be no harder for would-be TPM-only platform port developers to
provide non-TPM content with an appropriate loader application including
TPM-application than to provide them with non-TPM and TPM versions. In
fact, it'll probably be simpler. But even if it isn't, it's the only way
to ensure the end user has the freedoms the license is designed to
For users, they're going to have to do *something* to put the content on
their TPM-only platform, so "installing" or "running an installer" is
inevitable. Let the installation program or loader apply the TPM --
that's a simple way to comply. There's no reason why this has to be
> Then the GPL is "non-free" if Microsoft decides to implement a
> system to scan the package file and refuse to unpack, install, or
> run the file if it finds a copy of the GPL license in it.
> (Strictly speaking, I think it would have to look for the GPL
> notices that must be retained in the binary -- harder to
> implement, but the same in principle).
Well, *when and if* Microsoft does that move, distributing GPL'd
programs ported to those particular versions of Windows will become
effectively forbidden, because it would require discarding license
text and notices (which are mandatory per the GPL).
I don't think that this hypothetical situation would be equivalent to
platforms where TPM are mandatory.
Why? It's exactly the same situation. You have a *distribution
requirement* which you have to meet, by including proper attribution and
licensing. You have a technological measure designed expressly to
discriminate against free content. How is that different?
The CC solution is to allow the user to strip out whatever they need to
run the code, but retain the requirements for distribution. Your
proposed solution is asking to be able to strip the GPL license notices
out of the binaries and distribute those as-is. You say that denying
that right is DFSG non-free, to be precise.
Yet, the GPLv2 is still considered free (despite the fact that it does
deny that right).
And in fact, this scenario applies to all licenses, hence all of the
"DFSG free" ones, too.
In principle, it is exactly the same as the TPM-only platform case. And
taken exactly in principle, your proposal denies the DFSG freedom of ALL
licenses, because you are essentially denying the validity of
distribution requirements, including copyleft distribution requirements
which are designed to ensure end-user freedoms.
IMHO, that position is flawed. The TPM distribution proposal is simply
If parallel distribution eliminated that problem I would say "fine".
But as has been demonstrated previously, it doesn't. So the anti-TPM
clause is necessary to preserve copyleft, and Debian really needs to
recognize that in order to remain the flagship free software
distribution that it is.
Terry Hancock (hancock@AnansiSpaceworks.com)
Anansi Spaceworks http://www.AnansiSpaceworks.com