On Fri, Dec 01, 2017 at 06:09:12AM +0100, Adam Borowski wrote: > On Thu, Nov 30, 2017 at 01:52:18PM +0000, Ian Jackson wrote: > > Over the years, d-legal has discussed a number of packages which > > automatically download non-free software, under some circumstances. > > > > The obvious example is web browsers with extension repositories > > containing both free and non-free software. > > > > We have also recently discussed a media downloader/player which, when > > fed a particular kind of url, will offer to automatically download a > > proprietary binary-only protocol module to access the specified > > proprietary web service. > [...] > > I would like to establish a way to prevent this. (There are even > > whole Debian derivatives who have as one of their primary goals, > > preventing this. > > No, those derivatives are damage. While their hearts are in the right > place, they cause data loss and security holes by at least making people on > Intel and AMD machines use known-buggy microcode. This is a different subject, though. We had a discussion about software supporting non-free hardware a while ago. I'm still planning to propose a GR for that, but have been distracted so it's taking a while. What Ian is talking about is not "this software is non-free, but I need it because I have hardware that won't run properly without it", but "this software is non-free and my program from main just installs it on my computer". Ian didn't talk about hardware supporting software, so he didn't exclude it explicitly, but I think we should do that. Because with hardware you make valid points, but they are irrelevant for pure software, such as the example of a web browser downloading non-free add-ons. I believe Ian's intent was to discuss the pure software problem (Ian, please correct me if I'm wrong). So if you want to talk about microcode and wifi firmware, please do so in a different thread. > Even Debian is not without fault here: for example, the ftpmasters accept > such a blatantly non-free licence as AGPL[1] into main. In today's digital environment, a lot of programs are moved from the user's machine to a network service. The purpose of the GPL is to give all downstream users freedoms. This can be circumvented by putting the code on a remote server and never installing it on the user's machine, because the GPL only talks about code that runs on the user's machine. The AGPL fixes that problem by requiring those hosting such programs to pass the freedoms on to their networked users. This is a necessary fix for a problem that didn't exist when the GPL was originally written. There may be some issues with the way it is written, but the fact that networked users deserve the same rights as local users is self evident in today's networked world. So while you can advocate for minor modifications to the license so that it becomes legally better, advocating against it entirely is not reasonable IMO. > [1]. AGPL fails FSF freedom 0: you can't reuse snippets of code from an > AGPLed project in anything networked that has no, or cumbersome, ways to > pass advertising statements to the user (such as, eg, an IMAP server). The AGPL only says it must "prominently offer" an opportunity to receive the source code. I think it is possible to do this for example on the web site that tells the users about the address of the server. What "prominent" means depends on how the service is normally used. That's why they used such a subjective description. > It also fails the Dissident Test: take a blogging software with > steganographic features, that you provide hosting for, for two classes of > users: fellow dissidents, and public at large. The former receive the code > (both binaries and source), the latter do not. Even revealing the existence > of your changes is a serious risk for the life of you and your friends. > Regular GPL has no such problems. Yes, it does have these "problems" and they're the main difference between the GPL and BSD-style licenses: the GPL requires users to have access to the source code, so if you don't want your users to know that changes to the source were made, you cannot let them run your code. The AGPL closes the loophole that the GPL did not cover networked users. But if we take your example and run it locally (for example, make it a message board on a multi-user machine that is used by students of a university in a country with an oppressive regime), you have the exact same problem and with your logic now the GPL is failing the dissident test. I don't agree that it does. For dissidents, just like anyone else, things are easier without copyleft, because they are more free personally (at the cost of the freedom of their users). However, if they choose to host the software without changes for the public and an extra copy with changes for fellow dissidents, there should be no problem. Thanks, Bas
Attachment:
signature.asc
Description: PGP signature