On Tue, 2006-10-24 at 13:36 +0100, Ciaran O'Riordan wrote: > Alex Hudson <[EMAIL PROTECTED]> writes: > > I don't think anyone can sensibly argue > > that the requirement to publicise a shared secret code/key is not a term > > primarily concerned with post-violation compliance. > > I'd say it's primarily concerned with pre-distribution decision making. > > "Shall we tivoise? Oh, looks like we can't."
It's a nice idea, but I don't buy it :) "Shall we distribute source? Oh, looks like we can't", if you see what I mean. I'm sure there would be some proportion of people who choose against DRM based on the fact that the new GPL contains provisions against it. I just don't think they will be a large proportion. People here seem to be really having trouble understanding what I'm trying to get across, so I'm clearly not doing a very good job. I'm not particularly worried for people complying with the GPLv3: if they are complying, they clearly don't have an issue with the license that is preventing them from using the software. I'm not making a statement about free software developers, or whether or not a DRM clause is a politically good thing. I don't believe that someone intending to respect the GPLv3 would intentionally develop a secret key system that they knew they would have to reveal: sure, they could issue individual keys on each piece of hardware, and stuff like that, but at the end of the day it gains them naught. So, I don't believe that the authorisation clause has anything to do with the free software environment per se, and I don't think I can be convinced otherwise without evidence. It just doesn't make sense for a developer to do that, and it's not the example the GPLv3 gives[*]. I do believe that it is highly relevant to someone who has been distributing a piece of GPLv3 software in violation of the license. If it has an authorisation system, it seems pretty clear to me that they didn't intend to make it public (which means "to divulge to a customer" or whoever, it doesn't matter). Now, one attitude is to say that they're a violator, therefore they got themselves into trouble and they have to deal with it. Fair enough. They've been caught, and it's their mess. What I'm saying is that previously, GPL enforcement has relied primarily on private agreements to correct violations in the past, and violators have been brought into compliance. My worry with the authorisation clause is that it could make it a lot more difficult to reach such a private agreement, since people are less likely to want to reveal secret keys than they are source code which they probably didn't write much of. It would jeopardise whatever "security" or DRM system they have put in place, which is a strong disincentive. If private agreements are more difficult to reach, that could mean more lawsuits and less enforcement. That is what worries me. Cheers, Alex. [*] actually, the GPLv3 does give you an alternative: you can keep your key secret so long as the key isn't in the code, and the recompiled software can access the non-free DRM subsystem equivalently. But again we're talking about people who aren't violating the GPL, which isn't a concern to me, obviously. _______________________________________________ Discussion mailing list [email protected] https://mail.fsfeurope.org/mailman/listinfo/discussion
