[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: AGPLv3 Compliance and Debian Users

On Thu, Jul 11, 2013 at 12:53:01PM -0700, Howard Chu wrote:
> >Sure, but that doesn't make it DFSG free (hint: it's likely not)[1][2]

> >[1]: The Dissident test
> >[2]: The Desert Island test

> Sure, but #2 is stupid. We didn't say "must send changes back
> immediately." Nor would we wish any such thing; if you're in the
> middle of making a long series of changes we obviously want to wait
> until the changes are completed and have settled down. Otherwise
> someone could make a case that the changes should be sent back the
> instant they are written, one keystroke at a time, which is
> ludicrous.

> Send changes back in a timely manner. You obtained the software
> somehow; therefore at some point in time a distribution channel was
> available to you. The next time such channel is available, send your
> changes back. If you're stuck on a desert island and die before such
> channel reopens, no one's going to sue you.

> I'd say #1 is borderline stupid. It is worded such that it only
> applies to hiding existence of a system from the government. Fair
> enough; I'm not the government.

That's not the point.  The purpose of the Dissident Test is to demonstrate
that distribution channels for software are not necessarily symmetric; it
may be very easy for you to distribute the software, but very
hard/expensive/dangerous for a recipient to distribute their modifications
back to you.  In the specific case of the Dissident Test, the unreasonable
cost of returning the changes upstream - as opposed to distributing them to
whoever you happen to be distributing binaries to (possibly no one) - is
that sending those communications back may give hostile authorities
information you don't want them to have, such as your location, details
about the software you're modifying, or even simply the fact that you're
doing something that you care about encrypting to keep them from prying. 
Even if you aren't otherwise doing anything the government disapproves of,
the mere act of sending these changes upstream might get you labelled a spy.

This is one example of why Debian says it's ok for a license to require
modifications to be distributed to your downstreams, but not ok to require
those changes be sent to a particular party.  Users should not have to
choose between complying with the license and being safe from their
government; they should be *free* to exercise their rights on the code in
Debian, even when they aren't free in other aspects of their lives that we
don't have control over.

Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek@ubuntu.com                                     vorlon@debian.org

Attachment: signature.asc
Description: Digital signature

Reply to: