Richard Fontana wrote a few days ago: > (As for whether the Installation Information requirements also exist in > some sense for GPLv2, I do understand the basis for that argument, but I've > always assumed it was and remains a minority view, rejected by the > author/steward of the license itself.)
Be very careful what specific view you're implying when you say "is the minority view, rejected by the author/steward of the license [meaning FSF]". AFAIK, the only related item that RMS has said specifically isn't covered by GPLv2 is cryptographic lock-down -- i.e., a system that does not allow the user to install modified versions of GPLv2'd software due to cryptography. RMS has said such crypto-lock-down is permitted on GPLv2 but not by GPLv3. I, Alan Cox, Jeremy Allison, and others do hold the minority view that GPLv2 *does* require disclosure of a method to install modified versions even in this situation. However, I realize that RMS made a problem for that minority interpretation by saying what he's said. I was even deposed on this point in Conservancy & Andersen v. Best Buy, et al. The violators brought my whole blog into evidence just to ask me about about this blog post: http://ebb.org/bkuhn/blog/2010/07/15/motorola-admits.html ). Here's the relevant porition of the deposition transcript (Q is the violator's attorney, A is me): Q. Do you see that the second sentence is: "In fact, in my reading of GPL Version 2, in comparison to GPL Version 3, the only affected [sic] difference between the two on this point relates to cryptographic device lockdown. I do admit that under GPL Version 2, if you give all the required installation scripts, you could still use cryptography to prevent those scripts from functioning without an authorization key." Did I read those two sentences correctly? A. Yes. Q. Do you have any reason to disagree with those two sentences? A. I believe that we're stuck in that interpretation of GPL V 2, much to my chagrin. I think it's kind of funny that some first year associates had to read my entire blog going back to the 1990s just to find that quote so their boss could ask me about it in deposition. :) Anyway, there is no indication of any other difference in what must be included with GPLv2's "scripts used to control compilation and installation of the executable" and what GPLv3 requires in its (more long-winded) equivalent provision. The only difference in GPLv2-compliant build/install instructions and GPLv3-compliant build/install instructions would be "the GPLv2 ones don't tell you how to cryptographically sign the binary as part of the install process". Nothing FSF has ever said contradicts that interpretation, and AFAIK it's the interpretation that both FSF and Conservancy use in their GPL enforcement matters. I've said frequently on my talks in GPL enforcement: the people that try to say there's more to the difference between v2's and v3's requirements in this regard (beyond cryptographic key issue) are likely going to end up violating GPLv2. And I'll come knocking. -- bkuhn
