----- Original Message ----- 
From: "David Schwartz" <[EMAIL PROTECTED]>
To: <openssl-users@openssl.org>
Sent: Sunday, September 03, 2006 3:39 AM
Subject: RE: license question


>
> > > These are EULAs. I'm talking about pure copyright licenses like the
> > > OpenSSL, BSD, and GPL licenses. EULAs are agreements, you must
actually
> > > agree to them to use the work and this is actually enforced in some
> > > manner.
>
> > Incorrect, see the following (I found on a quick scan):
> >
> > http://www.microsoft.com/malaysia/genuine/myths/
> >
> > "...You can however transfer the entire desktop/notebook with the OEM
> > license
> > to a new user/company. When transferring the PC to the new end user the
> > original
> > software media, manuals (if applicable) and Certificate of Authenticity
> > (COA) must
> > be included. It is also advisable to include the original purchase
invoice
> > or receipt.
> > The original end user cannot keep any copies of the software...."
> >
> > Nothing is said there about requiring the new owner of the old PC and
old
> > OEM software to actively accept the EULA  Quite obviously since
> > the software
> > is already installed and working, the Windows installer cannot prompt
the
> > new owner to accept the EULA.
>
> No need, you already accepted the EULA and the EULA says it survives such
a
> transfer. (See below for the case where there never was any affirmative
> act.)

I'm not talking about the first owner.  I'm talking about the second owner
who
never accepted the EULA.

>
> > Thus, the statement "you must actually agree to them to use the work and
> > this is actually enforced"  isn't correct.  At least, not in this
> > instance.
>
> To the extent that there is no affirmative act of agreement to the EULA,
> Microsoft will have a hard time enforcing it. I have seen laptops that, on
> first customer boot, require you to accept a Microsoft EULA.
>
> I think Microsoft would have hard time enforcing their EULA if there was
no
> positive act of assent to it.
>

Ah, so then your going to retract your statement that:
"EULAs are agreements, you must actually agree to them to use the work"
because clearly you can use the work here (the Windows software)
without agreeing to the EULA.

> > The new owner also could slipstream the existing Windows install and
> > create a installer that didn't ask the EULA acceptance question, I
believe
> > an explanation of how to do this was discussed in Ct several years ago.
> > He could then legally install the Windows copy on any machine, not just
> > the OEM one, since he never accepted the EULA.
>
> True. I have no idea how courts would rule on this. ProCD v. Zeidenberg,
> among other cases, indicates that the crux of validity is some positive
act
> of agreement. If you buy a laptop pre-installed, and the EULA
click-through
> is disabled somehow, I don't see how there is that positive act.
>
> > Speaking as a published author of a book I can assure you that nowhere
in
> > my book contract is the word "license" used.  If a copyright
> > holder wants to
> > legally permit a publisher to print his poem, he makes a grant of
> > rights to
> > publish to the publisher, he does not issue a license to the publisher.
>
> There is no distinction between a "grant of rights" and a "license".
> Licenses grant rights. Agreements that grant rights are licenses.
>

Absolute rubbish.  If this were true software would not
have "software license" in it's text, it would have "grant of rights"

> > You do not license poems, period.
>
> I have no idea what definition you are using of "license", but you most
> certainly do. Absent a license from you, the publisher could not
distribute
> your poem.
>

No, you don't.  Perhaps you had difficulty reading so I'll say it again.  I
have my book contract for my published book that the publisher
has published, and sold copies of.  It does not use the word "license"
in it.  You do not license poems, period.

You can claim that "license" means "grant of rights" but that is
just semantic games and is not true.  Book publishing is not the same as
software
publishing.  That is why they can print T-shirts with the DeCSS algorithim
on them
but when people distribute files with the DeCSS source code, they
get sued.

> Notice that I do not make the obvious joke about "poetic license".
>
> > Except that OpenSSL is software and carries a license, a poem does not.
>
> Any copyrighted work can carry a license. Without a license, you cannot
> copy or distribute a copyrighted work (modulo the statutory exceptions).
>

Tell that to my publisher.  They do not have a license from me to publish
my book.  They have a grant of rights to publish.

> > > > > If you read copyright law, you will see that the right to *use*
> > > > > a work is
> > > > > *not* one of the rights reserved to the copyright holder. So the
> > > > > OpenSSL
> > > > > license can't restrict the *use* of a work any more than it can
> > > > > restrict
> > > > > breathing.
>
> > Then why is the "use" clause in both the SSLeay and OpenSSL license?
> > If it is unenforceable then the OpenSSL project should modify the
license.
>
> I don't see it doing any harm, however, I do agree that it wouldn't be a
> bad idea to remove it. Who knows, perhaps courts will hold that it's
> enforceable, though I cannot imagine how.

Arrgg!!  This is why I told the original poster he couldn't do what you
were telling him he could which sent us down this discussion to begin
with - and now your backpaddling?

> Note that the license does not
> even say that you must agree to it to use the work. (It says use is
allowed
> if you agree to it, but that is not the same thing -- the default position
> is that you have the right to use it.)
>

OK, that's an interesting hairsplit, and it is that kind of language why I
said that the OpenSSL and SSLeay license was poorly written.

> > That doesen't work if for example, the person buys a computer with
> > Windows installed, and on it there is a program with one of those
> > installers that was installed by the prior owner, and the new
> > buyer decides
> > to stay legal by simply going and buying a copy of the software
> > program and
> > not installing it, and just using the already installed version.
>
> I agree, and courts have so held (though AFAIK, only in dicta). See, for
> example, ProCD v. Zeidenberg and the example of a person who finds a copy
of
> the software on the street, with the shrink-wrap already broken.
>
> > > Do you know of any cases where a license that required no
> > > positive act of
> > > assent was held to restrict use?
>
> > Interesting article here:
> >
> > http://www.infoworld.com/article/03/08/08/31FEfair_1.html
> >
> > "...I made the mistake of showing a visiting Cisco rep the 2611 router
I'd
> > purchased on eBay for $1,200," says Mark Payton, director of IT at the
> > Vermont Academy, a school in Saxtons River, Vt. "Not only are they
asking
> > me to pay to relicense the software, but they are expecting me to get a
> > one-year SmartNet maintenance agreement and to pay an inspection
fee...."
> >
> > Note, that Cisco routers all come with an operating system called IOS.
> > Cisco sells their devices with licenses.  They also sell their
> > routers -without- licenses but
> > they require people to obtain licenses.  For example you could buy a
1601
> > router (they don't sell this model any more BTW) that comes with IP-only
> > IOS licensed, or you can buy it with no license and then buy IP
> > Firewall IOS
> > license.
> >
> > Cisco claims that when a used router it sold, that whether or not
> > the seller
> > includes the license for it, they cannot sell the license, thus the new
> > purchaser
> > has to go out and get a new license for the used gear, from
> > Cisco.  Some of
> > these IOS licenses cost over $10K depending on the router model.
> >
> > The only problem with all of this is that when you boot a Cisco router,
it
> > does not require you to press a key or anything to accept the
> > license.  The
> > routers come with IOS already on them.  When you buy a more advanced
> > IOS license, all it is is a piece of paper in a box along with a
> > CDROM with
> > the firmware code on it.  The firmware update process, via tftp,
> > once again
> > does not require you to click anything that is an acceptance.
> >
> > The same issue covers a lot of networking gear, as a matter of fact.
For
> > example
> > Juniper also requires people to pay licensing fees for their firmware,
and
> > they
> > do not require a click acceptance when updating their equipment.
>
> That is a very interesting case. I guess it would come down to whether the
> copy of the firmware on your router got there lawfully or not. If the
> firmware came with the router and you sold the router with the software on
> it and there was never any positive act of license assent, it seems to me
> that 17 USC 109 would apply and there is nothing Cisco can do about it.
>

All brand new Cisco routers that I've ever bought actually come with
2 copies of the IOS firmware.  One is in the ROM and one is in the flash
rom.  Usually the flash rom one is newer.  The rom version is used if the
flash is corrupted somehow (usually by someone who screws up tftpupdating
the router)  If the router boots off the rom, then IP routing is shut down.

There are some Cisco routers that didn't have a complete copy of the IOS
in rom, they have a minimal 'monitor' that isn't IOS and is only useful to
bootstrap IOS.  But, even those come with IOS in the flash.  And I've
brought up many Cisco routers and none have ever required positive
assent to run them.

> But again, this is a case where courts might find some way to side with
> Cisco.
>
> I would hope that courts would accept the response, "I did not license the
> software. I bought the router, and the software came with it."

>From a practical standpoint, you want to at least get software support
on any used router, (smartnet) to make it elegible to be upgraded, since
almost always the IOS version that comes with a used router is very very
old.  Smartnet allows for updates to -licensed- IOS.  The question though
is if the original owner of the router bought the router, then bought the
IOS license for it, then sold the router, can they sell the IOS license?  I
think the IOS license language in the license itself states the license
isn't
transferable - but then again, the original owner of the IOS license
does not have to do anything to acknowledge acceptance of the license
terms for the IOS.

In actuality, Cisco does not bar people from buying smartnet on used
routers, then once they register the smartnet, downloading the IOS updates.
So the whole issue is rather grey.

> Companies
> should not be allowed to leverage copyright law to get rights to things
that
> are not intellectual property. For example, my car computer has some
> software in it, but car manufacturers should not be allowed to claim that
if
> I don't let a dealer do all my oil changes, I lose the right to use that
> computer software.
>

Since that would tremendously lower the resale value of the vehicle, and
the automakers use the statement that the owner of the vehicle can get a
high tradein allowance for purchase of a new car as part of the sales
process,
there's what you would call an infrastructure in place that would make
something
like this very difficult to put into place.

But, not impossible.  Consider for a moment, the Toyota Prius hybrid.
The traction battery in those things is warranted for 10 years, and we are
coming up to the point at which the 2nd gen Priuses will have warranty fall
off
on the traction battery.  Those batteries are smart batteries, they contain
a computer.  I don't know of any battery manufacturer selling traction
batteries other than Toyota, and they want something like $5K for one.

How much resale value do you think a 11 year old Prius is going to have?
Heh Heh Heh.

> Note that this is in effect the right the OpenSSL license claims. It
claims
> you can lose the right to use a work you lawfully acquired if you fail to
> comply with its license terms, even if the only things you do are things
> that absent the license you would have the legal right to do.
>

I never said it was a good license...

> > That is illogical.  If you cannot obligate someone
> > to a license terms unless they actively acknowledge it, by
> > clicking or some
> > such, then you cannot obligate a redistributor of GPL software to the
GPL
> > license terms since they have never clicked or whatever.
>
> Correct! And it is perfectly logical. The GPL only applies to you if you
> want it to. If you choose to comply with the GPL's terms, it grants you
some
> additional rights. If you do not choose to, nothing is taken away from
you,
> you still have all the rights copyright law does not reserve to the
author.
>
> The GPL is like a sign on a pile of dirt saying, "free, take all the dirt
> you want". It permits you to go onto the property where that would
otherwise
> be trespassing. It permits you to take my dirt where that would otherwise
be
> theft. But if you take my birdbath, I don't complain about you not
complying
> with the terms of my sign, since a birdbath is not dirt, but I simply
> complain that you committed theft. *You* are the one who cannot point to
the
> sign to justify what is otherwise not justified.
>
> What would be illogical is for me to say you violated my sign. This is
> because you have no obligation to comply with the sign -- it cannot make
any
> demands of you. All it can do is give you some rights if you choose to
> comply with it. This is the FSF's position, and I believe it is not just
> correct but almost obviously so.
>

Then there is no point to the GPL since someone can merely write a module,
and distribute it with the GPL program and a copyright that says the module
is
not under the GPL and is only free for non-commercial use.  Then later on,
someone who incorporates the GPL program
and the contributed module in a commercial program, even if they make all
the source available per the GPL, could be sued by the module copyright
holder for violating copyright.

Yet, the FSF claims that the GPL insures that contributors to a GPLed
project cannot turn around and sue you for infringement, so that protects
you if you use GPL software.

> > In any
> > case, this
> > is
> > just one lawyers opinion, and as I've already stated Eben Moglen
> > spends his
> > days sticking his nose into GPL infringement actions to insure
> > that the GPL
> > is never subject to a court decision on it's legality.
>
> It is not just one lawyer's opinion, it is the opinion of the FSF. See,
> among other things, the GPL FAQ. It is, however, a fair point the the FSF
> has no reason to make an argument that they do not need. But I challenge
you
> to find any court opinion or legal opinion that claims a license can take
> away rights you would otherwise have absent the license even if you don't
do
> anything that the law prohibits you from doing in the absence of the
> license.
>

I already did - the Cisco example quoted earlier.

Perhaps it isn't a court opinion - but the effect is the same.  Cisco is
obviously
making money off those software re-license software licenses they are
selling.

> This is your claim -- that the OpenSSL license can take away the right to
> use that you would otherwise have, even if you don't agree with or to the
> license.
>

No, that isn't and wasn't my claim.  My claim was that a court could use
the OpenSSL license to take away the right to use that you would otherwise
have, even if you don't agree with or to the license.  And my advice was
that the risk of this wasn't worth it, thus the OP should take steps to
separate his program

Ted

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to