----- Original Message ----- From: "David Schwartz" <[EMAIL PROTECTED]> To: <openssl-users@openssl.org> Sent: Saturday, September 02, 2006 11:23 PM Subject: RE: license question
> > You can start out with an OEM license, load that on another > > piece of hardware, then get the holder to sue you. I'd love to > > see those ruled invalid. > > These are EULAs. I'm talking about pure copyright licenses like the > OpenSSL, BSD, and GPL licenses. EULAs are agreements, you must actually > agree to them to use the work and this is actually enforced in some manner. > Incorrect, see the following (I found on a quick scan): http://www.microsoft.com/malaysia/genuine/myths/ "...You can however transfer the entire desktop/notebook with the OEM license to a new user/company. When transferring the PC to the new end user the original software media, manuals (if applicable) and Certificate of Authenticity (COA) must be included. It is also advisable to include the original purchase invoice or receipt. The original end user cannot keep any copies of the software...." Nothing is said there about requiring the new owner of the old PC and old OEM software to actively accept the EULA Quite obviously since the software is already installed and working, the Windows installer cannot prompt the new owner to accept the EULA. Thus, the statement "you must actually agree to them to use the work and this is actually enforced" isn't correct. At least, not in this instance. The new owner also could slipstream the existing Windows install and create a installer that didn't ask the EULA acceptance question, I believe an explanation of how to do this was discussed in Ct several years ago. He could then legally install the Windows copy on any machine, not just the OEM one, since he never accepted the EULA. > > > poem from an airplane and then sue anyone who read it without complying > > > with > > > my license terms. > > > You don't "license" poems so that does not apply. > > What? Of course you do. How else do you get the rights to copy them, > distribute them, perform them publically, create derivative works from them, > and do anything else that copyright law restricts to the author? > Speaking as a published author of a book I can assure you that nowhere in my book contract is the word "license" used. If a copyright holder wants to legally permit a publisher to print his poem, he makes a grant of rights to publish to the publisher, he does not issue a license to the publisher. You do not license poems, period. > > You have also chosen > > a distribution mechanism - dropping from the plane - that you have an > > inherent inability to control the use of the material. So, for the first > > use > > at least - the initial read of the poem - while you could sue, > > you wouldn't > > win. But, you could certainly sue, and win, if someone reprinted > > the poem. > > Granted. By dropping the poem from airplanes, you concede the right to > restrict ordinary use. This is the law and it makes sense. The same is true > by making OpenSSL available for download to anyone who wants it without > obtaining any agreement from them. > Except that OpenSSL is software and carries a license, a poem does not. > > I am in agreement with you that the idea that software should be even > > PERMITTED to be licensed in the first place is fucking stupid, and should > > never have been permitted in the first place. But the realities of what > > people are doing today in the industry are that at least in the united > > states, > > the industry is arguing that software is considered a device, thus > > patentable, > > not an expression. And so far, nobody with money has stood up to > > fight that all the way to the US Supreme Court, even though there's > > a lot of bad law, like the DMCA that is institutionalizing it. > > Software contains a mix of ideas and expression. Theoretically, only the > ideas are patentable and only the expression is copyrightable. > only the ORIGINAL ideas and original expression... > > > If you read copyright law, you will see that the right to *use* > > > a work is > > > *not* one of the rights reserved to the copyright holder. So the OpenSSL > > > license can't restrict the *use* of a work any more than it can restrict > > > breathing. > Then why is the "use" clause in both the SSLeay and OpenSSL license? If it is unenforceable then the OpenSSL project should modify the license. > > Thus, the reason that industry is pushing for software licenses to be > > considered to apply automatically. And they are gradually getting it. > > It's kind of hard to tell. Most companies take a shotgun approach in the > hopes that some legal theory will make their license enforceable. The > following things seem to work (with some exceptions for things like > unconscionable terms): > > 1) Making a person actually assent to a license through some positive act > before they can lawfully obtain the work. > > 2) Making a person actually assent to a license in order to physically > install or use the work. (For example, an installer that makes you click 'I > agree' to install the work.) > That doesen't work if for example, the person buys a computer with Windows installed, and on it there is a program with one of those installers that was installed by the prior owner, and the new buyer decides to stay legal by simply going and buying a copy of the software program and not installing it, and just using the already installed version. > 3) Only restricting things that copyright law prohibits a person from doing. > > Some courts have held that whether software was sold or licensed is a > question of fact and the software distributor's word for it need not be > taken. Factors influencing the decision are things like whether the license > was negotiated, whether there is are continuing payments required to keep > using the software, and so on. > > I'm hopeful that more courts will accept the duck principle -- if it walks > like a duck, quacks like a duck, and flies like a duck, it's a duck. If you > pay one price, own a piece of media, and have no necessary further > significant contacts with the vendor, that's a sale. > > But you never know. > > Do you know of any cases where a license that required no positive act of > assent was held to restrict use? > Interesting article here: http://www.infoworld.com/article/03/08/08/31FEfair_1.html "...I made the mistake of showing a visiting Cisco rep the 2611 router I'd purchased on eBay for $1,200," says Mark Payton, director of IT at the Vermont Academy, a school in Saxtons River, Vt. "Not only are they asking me to pay to relicense the software, but they are expecting me to get a one-year SmartNet maintenance agreement and to pay an inspection fee...." Note, that Cisco routers all come with an operating system called IOS. Cisco sells their devices with licenses. They also sell their routers -without- licenses but they require people to obtain licenses. For example you could buy a 1601 router (they don't sell this model any more BTW) that comes with IP-only IOS licensed, or you can buy it with no license and then buy IP Firewall IOS license. Cisco claims that when a used router it sold, that whether or not the seller includes the license for it, they cannot sell the license, thus the new purchaser has to go out and get a new license for the used gear, from Cisco. Some of these IOS licenses cost over $10K depending on the router model. The only problem with all of this is that when you boot a Cisco router, it does not require you to press a key or anything to accept the license. The routers come with IOS already on them. When you buy a more advanced IOS license, all it is is a piece of paper in a box along with a CDROM with the firmware code on it. The firmware update process, via tftp, once again does not require you to click anything that is an acceptance. The same issue covers a lot of networking gear, as a matter of fact. For example Juniper also requires people to pay licensing fees for their firmware, and they do not require a click acceptance when updating their equipment. > > > The OpenSSL license is not a click-through or shrink-wrap license. There > > > is > > > no way you can argue that a person agreed to the license merely by using > > > OpenSSL. You cannot violate a pure license by using a work. (You can > > > violate > > > an EULA, shrink-wrap, or click-through agreement. But the > > > OpenSSL license > > > is > > > none of those.) > > > Tell that to the FSF. > > That is their position. For example, Eben Moglen, General Counsel to the > FSF wrote: > > "The license does not require anyone to accept it in order to acquire, > install, use, inspect, or even experimentally modify GPL'd software. All of > those activities are either forbidden or controlled by proprietary software > firms, so they require you to accept a license, including contractual > provisions outside the reach of copyright, before you can use their works. > The free software movement thinks all those activities are rights, which all > users ought to have; we don't even want to cover those activities by > license. Almost everyone who uses GPL'd software from day to day needs no > license, and accepts none. The GPL only obliges you if you distribute > software made from GPL'd code, and only needs to be accepted when > redistribution occurs." > That is illogical. If you cannot obligate someone to a license terms unless they actively acknowledge it, by clicking or some such, then you cannot obligate a redistributor of GPL software to the GPL license terms since they have never clicked or whatever. In any case, this is just one lawyers opinion, and as I've already stated Eben Moglen spends his days sticking his nose into GPL infringement actions to insure that the GPL is never subject to a court decision on it's legality. Ted ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
