Re: Patent clauses in licenses
On Sun, Sep 19, 2004 at 12:04:00AM +0100, Matthew Garrett wrote: Andrew Suffield [EMAIL PROTECTED] wrote: On Sat, Sep 18, 2004 at 12:12:53AM +0100, Matthew Garrett wrote: The implication of the post I replied to was that any license that allows the removal of some set of the rights it grants should be non-free. The GPL is an obvious counter-example, since it allows you to lose all rights associated with it. Termination for non-compliance, in a publically redistributed work, is just a reflection of copyright law; it doesn't really change what you can and can't do. (You can always get another licensed copy). Every free license does this, really. RMS has in the past claimed that failure to abide by the terms of the GPL results in a permanent loss of those rights (in respect to a specific piece of software, at least). If you're going to disagree with the copyright holder of what is probably still the largest single body of GPLed software in Debian at present, I'm going to want evidence of a decent legal standpoint for this opinion. RMS has in the past claimed that this has happened to various groups. RMS has been ignored. RMS has not pursued the matter, so one presumes the FSF counsel have indicated that he can't. Whenever you receive a copy of a GPLed work from anybody, you receive a license for it as well. If your license has been terminated due to non-compliance, you merely have to receive another copy from anybody to get a new license. For publically distributed software this is trivial. The use of a termination clause to introduce other restrictions (other than you must comply with the license), rather than simply writing those restrictions in directly, indicates that they probably aren't things you can write in directly, such as restrictions on use (copyright abuse aside for the moment; that doesn't help us, it just employs more lawyers). Such things are non-free restrictions (the set of things you're not allowed to restrict in a copyright license is fairly small). As far as I can tell, your argument is that You may not initiate patent suits against the licensor is equivilent to Initiating patent suits against the licensor will result in the loss of your rights under this license. I would tend to agree. You then appear to claim that the first is obviously non-free, and as a result the second is non-free. I see no obvious reason that the first point of this assertion is true. If you want to claim that the only restrictions on freedom we currently accept are those that are entirely controlled under copyright law, you may be correct (the Apache License 2.0 is an obvious counter-example, but you could always claim that that's counter to normal policy and thus some sort of error). The clause you are referring to in the Apache License 2.0 has no effect on software without patents, due in large part to the efforts of -legal. It's probably non-free when applied to software with patents and enforced. This isn't particularly surprising; software patents are non-free is more or less a given. [For the rest, read the mail you're replying to; it doesn't appear relevant] We don't accept restrictions as free because they use one branch of the law - we accept restrictions as free because they are either unimportant or because they protect free software more than they hinder it. This indicates that a proprietary license is free if the software is useful enough. Therefore it's wrong. We don't accept restrictions because they protect free software more than they hinder it. We accept restrictions because they do not appreciably hinder it. There is no excuse for significant restrictions, nor has one ever been excused. -- .''`. ** Debian GNU/Linux ** | Andrew Suffield : :' : http://www.debian.org/ | `. `' | `- -- | signature.asc Description: Digital signature
Re: Patent clauses in licenses
Andrew Suffield [EMAIL PROTECTED] wrote: On Sun, Sep 19, 2004 at 12:04:00AM +0100, Matthew Garrett wrote: RMS has in the past claimed that failure to abide by the terms of the GPL results in a permanent loss of those rights (in respect to a specific piece of software, at least). If you're going to disagree with the copyright holder of what is probably still the largest single body of GPLed software in Debian at present, I'm going to want evidence of a decent legal standpoint for this opinion. RMS has in the past claimed that this has happened to various groups. RMS has been ignored. RMS has not pursued the matter, so one presumes the FSF counsel have indicated that he can't. So your belief that the GPL is free is entirely based on a belief that RMS is wrong, and your belief that RMS is wrong is based on an absence of something happening? If you want to claim that the only restrictions on freedom we currently accept are those that are entirely controlled under copyright law, you may be correct (the Apache License 2.0 is an obvious counter-example, but you could always claim that that's counter to normal policy and thus some sort of error). The clause you are referring to in the Apache License 2.0 has no effect on software without patents, due in large part to the efforts of -legal. It's probably non-free when applied to software with patents and enforced. This isn't particularly surprising; software patents are non-free is more or less a given. Enforced against whom? We don't accept restrictions as free because they use one branch of the law - we accept restrictions as free because they are either unimportant or because they protect free software more than they hinder it.=20 This indicates that a proprietary license is free if the software is useful enough. Therefore it's wrong. I'm sorry, I honestly don't see how you get to that conclusion. We don't accept restrictions because they protect free software more than they hinder it. We accept restrictions because they do not appreciably hinder it. There is no excuse for significant restrictions, nor has one ever been excused. The GPL's incompatibility with various other licenses hinders free software. We don't consider that to be a problem because we believe that the right to receive GPLed code with no further restrictions is more important than the right to, say, produce a derived work of GPLed code and OpenSSL. My suspicion is that if we were writing the DFSG today rather than in 1997, we wouldn't have any significant qualms about accepting licenses which restricted your ability to use software patents against the developers. -- Matthew Garrett | [EMAIL PROTECTED]
Re: Patent clauses in licenses
Of the opinions expressed so far (I'm taking into account views expressed on Planet Debian as well), there seems to be a narrow majority who believe that licenses which terminate if you allege infringement of a software patent in that software should be free. Is there anyone who hasn't expressed a view who feels otherwise? The situation seems less clear regarding licenses which terminate if you allege infringement of a software patent in other software. These do sound somewhat broader. The first sort of these merely terminates your patent license. It could be argued that this simply turns the license into one which is equivilent to something like the BSD license, which doesn't grant any patent rights in the first place. In that case, current behaviour would suggest that we would only consider this non-free if we believe that those patents will be actively enforced. The second sort of these terminates your copyright license to software unrelated to your suit. How do people feel about that? -- Matthew Garrett | [EMAIL PROTECTED]
Re: Debian Hardened project (question about use of the Debian trademark)
* Lorenzo Hernandez Garcia-Hierro [EMAIL PROTECTED] [2004-09-15 15:22]: That's the reason because it's called *Debian* Hardened... and, did you the comments on /.? If you did, you should know a good example of another distro that is currently developing something alike: Hardened Gentoo. I've read the comments and maybe hardened is an appropriate name for such an effort. I don't know, and I'm aware that I'm overly conservative in such regards, but so far I have not seen many other Debian developers saying that's it a good idea either. Furthermore, my main problem is that you announce this project as Debian Hardened before there is any consensus at all that Debian is interested in such a project. Again, I haven't seen many Debian people responding to your mail saying great idea, let's do this. -- Martin Michlmayr [EMAIL PROTECTED]
Re: Patent clauses in licenses
* Matthew Garrett [EMAIL PROTECTED] [2004-09-17 10:05]: The GPL does much the same. If someone distributes GPLed software without complying with section 3 (which gives you various ways in which you have to make source code available to the recipient), then they lose the right to use that GPLed software. We have various licenses that terminate if you do something wrong - we've just come to the conclusion that it's acceptable that people not be allowed to do that thing. In the past, we've accepted various compromises on freedom because they help free software. I agree with this reasoning and think that we should treat at least Any patent action against the licensor connected to the licensed work as free. I'd like to hear more possible scenarios what Any patent action against the licensor might mean in reality, such as Nathanael's IBM example. I think such possible scenarios/examples are a good way to think about the implications of these clauses. -- Martin Michlmayr [EMAIL PROTECTED]
Re: Patent clauses in licenses
On Sun, Sep 19, 2004 at 01:14:42PM +0100, Matthew Garrett wrote: Andrew Suffield [EMAIL PROTECTED] wrote: On Sun, Sep 19, 2004 at 12:04:00AM +0100, Matthew Garrett wrote: RMS has in the past claimed that failure to abide by the terms of the GPL results in a permanent loss of those rights (in respect to a specific piece of software, at least). If you're going to disagree with the copyright holder of what is probably still the largest single body of GPLed software in Debian at present, I'm going to want evidence of a decent legal standpoint for this opinion. RMS has in the past claimed that this has happened to various groups. RMS has been ignored. RMS has not pursued the matter, so one presumes the FSF counsel have indicated that he can't. So your belief that the GPL is free is entirely based on a belief that RMS is wrong, and your belief that RMS is wrong is based on an absence of something happening? No, it's based on the paragraph which you oh-so-convinently deleted. Don't play bullshit games. If you want to claim that the only restrictions on freedom we currently accept are those that are entirely controlled under copyright law, you may be correct (the Apache License 2.0 is an obvious counter-example, but you could always claim that that's counter to normal policy and thus some sort of error). The clause you are referring to in the Apache License 2.0 has no effect on software without patents, due in large part to the efforts of -legal. It's probably non-free when applied to software with patents and enforced. This isn't particularly surprising; software patents are non-free is more or less a given. Enforced against whom? Doesn't matter. We don't accept restrictions as free because they use one branch of the law - we accept restrictions as free because they are either unimportant or because they protect free software more than they hinder it.=20 This indicates that a proprietary license is free if the software is useful enough. Therefore it's wrong. I'm sorry, I honestly don't see how you get to that conclusion. You said that a restriction is free if it protects free software more than it hinders it. Therefore any license is free if it is in some way sufficiently useful to free software, regardless of what restrictions it introduces. You have introduced the notion that restrictions can be excused. We don't accept restrictions because they protect free software more than they hinder it. We accept restrictions because they do not appreciably hinder it. There is no excuse for significant restrictions, nor has one ever been excused. The GPL's incompatibility with various other licenses hinders free software. This is a feature of both licenses together. You cannot claim that the GPL is somehow responsible, for example: We don't consider that to be a problem because we believe that the right to receive GPLed code with no further restrictions is more important than the right to, say, produce a derived work of GPLed code and OpenSSL. ...the SSLeay license, part of OpenSSL, which has a clause that was written for the explicit purpose of hindering combination with GPLed works. There is nothing in the GPL that you can point to and say This clause hinders free software. Furthermore, this is not a significant restriction. It is trivial to release your free software under a GPL-compatible license, and this is not appreciably burdensome. The occasions where it doesn't happen can invariably be traced to laziness or political obstructionism. My suspicion is that if we were writing the DFSG today rather than in 1997, we wouldn't have any significant qualms about accepting licenses which restricted your ability to use software patents against the developers. I'm pretty sure that we'd include a clause to explicitly prohibit it. -- .''`. ** Debian GNU/Linux ** | Andrew Suffield : :' : http://www.debian.org/ | `. `' | `- -- | signature.asc Description: Digital signature
Re: Patent clauses in licenses
On 2004-09-19 13:24:06 +0100 Matthew Garrett [EMAIL PROTECTED] wrote: who believe that licenses which terminate if you allege infringement of a software patent in that software should be free. Is there anyone who hasn't expressed a view who feels otherwise? I have not expressed this view to debian-project or planet debian: patent licences which terminate on related patent action may be free. I do not see how copyright licences which terminate on patent action can be free. Is your own view influencing your perception of a narrow majority? -- MJR/slefMy Opinion Only and not of any group I know Creative copyleft computing - http://www.ttllp.co.uk/ http://www.thewalks.co.uk stand 13,Lynn Carnival,12 Sep
Re: Patent clauses in licenses
On Sun, Sep 19, 2004 at 02:41:03PM +0100, Martin Michlmayr wrote: * Matthew Garrett [EMAIL PROTECTED] [2004-09-17 10:05]: The GPL does much the same. If someone distributes GPLed software without complying with section 3 (which gives you various ways in which you have to make source code available to the recipient), then they lose the right to use that GPLed software. We have various licenses that terminate if you do something wrong - we've just come to the conclusion that it's acceptable that people not be allowed to do that thing. In the past, we've accepted various compromises on freedom because they help free software. I agree with this reasoning and think that we should treat at least Any patent action against the licensor connected to the licensed work as free. I'd like to hear more possible scenarios what Any patent action against the licensor might mean in reality, such as Nathanael's IBM example. I think such possible scenarios/examples are a good way to think about the implications of these clauses. Here's a scenario for you: Company A releases a piece of software that includes this clause in its license. Company B releases a modified version of this software, that includes an extra feature. Company A has no interest or use in the piece of software created by company B; furthermore it desires to eliminate this version. Company A sues company B alleging that the extra feature in the modified version infringes some of its patents. Company A no longer has a license to the modified version, which it didn't want anyway, so it is not concerned about this. Company B cannot make counterclaims from its defensive patent portfolio, because that would invoke the termination clause and kill its modified version. Company B has no practical defence against this lawsuit, so the modified version is killed. They have been effectively trapped in a double-bind. I just pulled that one out of the air. There are countless more like it. All you are accomplishing is to permit copyright holders more control over their software; this cannot be a good thing. Trying to game the legal system *doesn't work*. This is inevitable from first principles; significant arbitrary restrictions are non-free. You will always be able to find ways to abuse them to gain arbitrary degrees of control over the software. -- .''`. ** Debian GNU/Linux ** | Andrew Suffield : :' : http://www.debian.org/ | `. `' | `- -- | signature.asc Description: Digital signature
Re: Patent clauses in licenses
Andrew Suffield [EMAIL PROTECTED] wrote: On Sun, Sep 19, 2004 at 01:14:42PM +0100, Matthew Garrett wrote: So your belief that the GPL is free is entirely based on a belief that RMS is wrong, and your belief that RMS is wrong is based on an absence of something happening? No, it's based on the paragraph which you oh-so-convinently deleted. Don't play bullshit games. In general, we respect the interpretation of licenses that the license author and copyright holder wish to enforce. We may not always agree with it, but we tend to respect it (see the Pine case, for example). You have come up with an argument for why you believe RMS to be incorrect, but you have come up with no argument for why we should act on your interpretation. It certainly goes against past Debian behaviour, it would potentially worsen our relations with the FSF even further and it leaves us open to legal action if you happen to be wrong. I don't think you're making a desperately compelling case. The clause you are referring to in the Apache License 2.0 has no effect on software without patents, due in large part to the efforts of -legal. It's probably non-free when applied to software with patents and enforced. This isn't particularly surprising; software patents are non-free is more or less a given. =20 Enforced against whom? Doesn't matter. So a single enforcement action of a patent at some point in the past should result in us treating that software as non-free? How about patents that are only enforced in certain countries? I'm actually genuinely interested in this. Our track record on dealing with patented code isn't entirely consistent. We probably ought to make that clearer. This indicates that a proprietary license is free if the software is useful enough. Therefore it's wrong. =20 I'm sorry, I honestly don't see how you get to that conclusion. You said that a restriction is free if it protects free software more than it hinders it. Therefore any license is free if it is in some way sufficiently useful to free software, regardless of what restrictions it introduces. You have introduced the notion that restrictions can be excused. In order to be interesting in this case, the restrictions must have the aim of helping free software. The usefulness or otherwise of the software is completely irrelevent. Sorry, I though that was clear from context. The GPL's incompatibility with various other licenses hinders free software. This is a feature of both licenses together. You cannot claim that the GPL is somehow responsible, for example: Right, but modifying either license would increase the number of works we could produce without duplication of effort. We don't consider that to be a problem because we believe that the right to receive GPLed code with no further restrictions is more important than the right to, say, produce a derived work of GPLed code and OpenSSL. =2E..the SSLeay license, part of OpenSSL, which has a clause that was written for the explicit purpose of hindering combination with GPLed works. So the SSLeay license has a restriction that hinders free software? Your argument appears to imply that we should consider this non-free. Instead, we appear to have decided that the restriction doesn't hinder the freedoms that we consider important. My suspicion is that if we were writing the DFSG today rather than in 1997, we wouldn't have any significant qualms about accepting licenses which restricted your ability to use software patents against the developers. I'm pretty sure that we'd include a clause to explicitly prohibit it. I can't see any evidence whatsoever that there's a strong majority who would agree with that. The social contract was accepted democratically. At the point where it was accepted, the majority of people agreed with each of the requirements it imposes. -- Matthew Garrett | [EMAIL PROTECTED]
Re: Patent clauses in licenses
Andrew Suffield [EMAIL PROTECTED] wrote: Company B cannot make counterclaims from its defensive patent portfolio, because that would invoke the termination clause and kill its modified version. Company B has no practical defence against this lawsuit, so the modified version is killed. They have been effectively trapped in a double-bind. Why are we concerned about people who patent pieces of software while claiming that they'll only use these patents defensively? There's always the possibility that they'll use them against free software authors in the future. I'm not convinced that encouraging patent suits under any circumstances is desperately important. -- Matthew Garrett | [EMAIL PROTECTED]
Re: Patent clauses in licenses
Michael Poole writes: Company B's defensive claims also affect all other users of the original software -- now that they attempt to enforce their patent rights, no other users can assume themselves to be safe. Why do you assume that company B's claims must have to do with the original software, or even with software at all? -- John Hasler [EMAIL PROTECTED] (John Hasler) Dancing Horse Hill Elmwood, WI
Re: Patent clauses in licenses
Andrew Suffield writes: On Sun, Sep 19, 2004 at 02:41:03PM +0100, Martin Michlmayr wrote: * Matthew Garrett [EMAIL PROTECTED] [2004-09-17 10:05]: The GPL does much the same. If someone distributes GPLed software without complying with section 3 (which gives you various ways in which you have to make source code available to the recipient), then they lose the right to use that GPLed software. We have various licenses that terminate if you do something wrong - we've just come to the conclusion that it's acceptable that people not be allowed to do that thing. In the past, we've accepted various compromises on freedom because they help free software. I agree with this reasoning and think that we should treat at least Any patent action against the licensor connected to the licensed work as free. I'd like to hear more possible scenarios what Any patent action against the licensor might mean in reality, such as Nathanael's IBM example. I think such possible scenarios/examples are a good way to think about the implications of these clauses. Here's a scenario for you: Company A releases a piece of software that includes this clause in its license. Company B releases a modified version of this software, that includes an extra feature. Company A has no interest or use in the piece of software created by company B; furthermore it desires to eliminate this version. Company A sues company B alleging that the extra feature in the modified version infringes some of its patents. Company A no longer has a license to the modified version, which it didn't want anyway, so it is not concerned about this. Company B cannot make counterclaims from its defensive patent portfolio, because that would invoke the termination clause and kill its modified version. Company B has no practical defence against this lawsuit, so the modified version is killed. They have been effectively trapped in a double-bind. I just pulled that one out of the air. There are countless more like it. All you are accomplishing is to permit copyright holders more control over their software; this cannot be a good thing. Trying to game the legal system *doesn't work*. Company B's defensive claims also affect all other users of the original software -- now that they attempt to enforce their patent rights, no other users can assume themselves to be safe. Why is Company B's self-defense more important to free software than unrelated users? This is inevitable from first principles; significant arbitrary restrictions are non-free. You will always be able to find ways to abuse them to gain arbitrary degrees of control over the software. One could claim that allowing others to access a program over the network includes sufficient transfer of copyrighted material to trigger section 3 of the GPL. Debian has rejected explicit external deployment clauses in the past, but accepts the GPL despite this possibility. I just pulled that one out of the air. There are countless more like it. Making up corner cases is not particularly useful. Michael Poole
Re: Patent clauses in licenses
On Sun, Sep 19, 2004 at 03:27:58PM +0100, Andrew Suffield wrote: Here's a scenario for you: Company A releases a piece of software that includes this clause in its license. Company B releases a modified version of this software, that includes an extra feature. Company A has no interest or use in the piece of software created by company B; furthermore it desires to eliminate this version. Company A sues company B alleging that the extra feature in the modified version infringes some of its patents. I'd be inclined to say that a piece of software which is patent-encumbered *by the author* is seriously non-free. Especially, but not only, if the patent holder starts sueing people over it. Therefore, your scenario is invalid. Have another one? I cannot think of any situation where a software author, who holds no patents (and has no interest in getting any), is doing a bad thing to Free Software as a whole just because he's including a patent defense clause in his license. If you can, I'd be happy to learn more. [...] This is inevitable from first principles; significant arbitrary restrictions are non-free. Indeed, so all patents are non-free. Therefore, I think patent defense clauses are a good thing, if worded carefully and not accompanied by patents themselves. -- EARTH smog | bricks AIR -- mud -- FIRE soda water | tequila WATER -- with thanks to fortune signature.asc Description: Digital signature
Re: Patent clauses in licenses
John Hasler writes: Michael Poole writes: Company B's defensive claims also affect all other users of the original software -- now that they attempt to enforce their patent rights, no other users can assume themselves to be safe. Why do you assume that company B's claims must have to do with the original software, or even with software at all? Martin's original mail had the qualifier connected to the licensed work in one place and not the other; my mail was addressed case where I think there is significant disagreement on -legal: the case when that kind of qualifier is used. I agree with Andrew (and, from what I can tell, most of -legal) that license termination for a patent lawsuit unrelated to the licensed software is non-free. I cannot find offhand any license that is quite so broad. I suspect -- but have no strong opinion yet -- that it is also non-free if the termination is limited to software patents against the software's author(s). Some licenses that do that are the Apple Public Source License and IBM Public License. A more generally productive (and acceptable) way to fix that problem is to lobby against software patents. Michael Poole
Re: Debian Hardened project (question about use of the Debian trademark)
Hi Martin, El dom, 19-09-2004 a las 15:12, Martin Michlmayr escribió: * Lorenzo Hernandez Garcia-Hierro [EMAIL PROTECTED] [2004-09-15 15:22]: That's the reason because it's called *Debian* Hardened... and, did you the comments on /.? If you did, you should know a good example of another distro that is currently developing something alike: Hardened Gentoo. I've read the comments and maybe hardened is an appropriate name for such an effort. I don't know, and I'm aware that I'm overly conservative in such regards, but so far I have not seen many other Debian developers saying that's it a good idea either. Please, read the thread about DH, and John's posts. The problem is that we wouldn't move until Sarge gets stable. Furthermore, my main problem is that you announce this project as Debian Hardened before there is any consensus at all that Debian is interested in such a project. Again, I haven't seen many Debian people responding to your mail saying great idea, let's do this. I don't need to see everybody involved, but anyway, i'm sorry if you don't like the idea. I can't change it, i've just talked with some people that *would* be interested in it, and, as i said, i will stop it until Sarge gets stable and then *we* will put our efforts there. I hope you understand that *many* people is interested in seeing a hardened debian without changing into another system and re-inventing the wheel. The idea (i repeat) is now that the packages should be recompiled, passed to a temporal pool, tested, and then moved to the 'main' pool, without creating branches/sub-trees/brands/etc, and just making all the packages, hardened, without making interferences or making them for unstable. Only the kernels will be different packages (and this can change too) 'cos you can select a hardened kernel or a non-hardened kernel and ignore features of the hardened packages like PaX flags, but using the SSP/ProPolice enhancements without more changes. Cheers, -- Lorenzo Hernandez Garcia-Hierro [EMAIL PROTECTED] signature.asc Description: Esta parte del mensaje está firmada digitalmente
Re: Patent clauses in licenses
Michael Poole [EMAIL PROTECTED] wrote: I agree with Andrew (and, from what I can tell, most of -legal) that license termination for a patent lawsuit unrelated to the licensed software is non-free. I cannot find offhand any license that is quite so broad. I believe that the RPSL's (https://helixcommunity.org/content/rpsl ) clause 11.1 is like this: 11.1 Term and Termination. The term of this License is perpetual unless terminated as provided below. This License and the rights granted hereunder will terminate: (c) automatically without notice from Licensor if You, at any time during the term of this License, commence an action for patent infringement against Licensor (including by cross-claim or counter claim in a lawsuit); -- Matthew Garrett | [EMAIL PROTECTED]
Re: Patent clauses in licenses
On Sun, 19 Sep 2004 20:10:07 +0200, Wouter Verhelst wrote: On Sun, Sep 19, 2004 at 03:27:58PM +0100, Andrew Suffield wrote: Company A releases a piece of software that includes this clause in its license. Company B releases a modified version of this software, that includes an extra feature. Company A has no interest or use in the piece of software created by company B; furthermore it desires to eliminate this version. Company A sues company B alleging that the extra feature in the modified version infringes some of its patents. I'd be inclined to say that a piece of software which is patent-encumbered *by the author* is seriously non-free. Especially, but not only, if the patent holder starts sueing people over it. Therefore, your scenario is invalid. Have another one? The scenario description does not say that the software released by company A is patent-encumbered. It says that the software released by company B is the target of allegations of patent infringement by company A. The important part is that company B has no freedom to sue A for patent infringement while continuing to use software published by company A upon which it may have come to rely. -- Thomas Hood
Re: Debian Hardened project (question about use of the Debian trademark)
Hi, Lorenzo Hernandez Garcia-Hierro wrote: :: [...] :: The idea (i repeat) is now that the packages :: should be recompiled, passed to a temporal pool, :: tested, and then moved to the 'main' pool, :: without creating branches/sub-trees/brands/etc, :: and just making all the packages, hardened, :: without making interferences or making them for :: unstable. I was on Alioth and on 2004.09.14, a new project called Debian: Secure by Default, was launched. If you check the site and the mission statement, it looks like pretty much with you pourpose. I'm just highlight this because in security area we have to work together and split forces and/or efforts is a total waste of time. Considering this, Debian Hardened is in someway related with Debian Secure by Default? Could both project join forces? Work together and do the best for Debian? :) Best regards, -- // // Felipe Augusto van de Wiel (faw) // [EMAIL PROTECTED] // http://www.cathedrallabs.org / // GUD-PR / DUG-PR || http://www.debian-pr.org // GUD-BR / DUG-BR || http://www.debian-br.org // Debian Project || http://www.debian.org/ //
Re: Patent clauses in licenses
On Sun, Sep 19, 2004 at 05:53:42PM +0200, Thomas Hood wrote: At one extreme it would be unreasonable to expect L to give up her legal right, e.g., to sue A for damages caused by A's automobile running into L's house. At the other extreme it would be reasonable to expect L to give up her legal right to sue A for damages caused by L's use of program P. (I assume here that offering programs on an as-is basis is reasonable.) I don't see how L's right to sue A for patent infringement can possibly resemble the second case more than the first, so I am inclined to regard the demand that L give up such rights as unreasonable ... until someone can give me some suitable reasoning, of course. Suing for software patent infringement does not resemble either of these cases at all; it more closely resembles the legal right to swamp competing companies with frivelous lawsuits. I don't believe that enforcing software patents is a legitimate legal right that needs to be protected. (I do believe that potential abuses need to be explored carefully, of course.) -- Glenn Maynard
Re: Patent clauses in licenses
Glenn Maynard writes: I don't believe that enforcing software patents is a legitimate legal right that needs to be protected. What about hardware patents? -- John Hasler [EMAIL PROTECTED] (John Hasler) Dancing Horse Hill Elmwood, WI
Re: Patent clauses in licenses
On Sun, Sep 19, 2004 at 07:17:15PM -0500, John Hasler wrote: Glenn Maynard writes: I don't believe that enforcing software patents is a legitimate legal right that needs to be protected. What about hardware patents? Well, a patent probably doesn't really apply to software at all, but to algorithms in the software. I think that, more generally, patents which can be enforced against software are what we mean when we say software patents. So, such a patent can probably often be enforced against hardware as well. The distinction isn't important--I consider the XOR cursor patent[1] to be bogus, regardless of whether it's being enforced against nested loops, a hardwired circuit board or a big mechanical contraption. As to whether patents specifically targetting hardware are legitimate, I don't know--I'm not in that business, so I havn't formed much of an opinion on them. Those probably aren't relevant here, though. [1] which I only know of from hearsay and have heard expired -- Glenn Maynard
Re: Patent clauses in licenses
On Sun, Sep 19, 2004 at 11:09:07PM +0100, Matthew Garrett wrote: Thomas Hood [EMAIL PROTECTED] wrote: The important part is that company B has no freedom to sue A for patent infringement while continuing to use software published by company A upon which it may have come to rely. Why do we consider that freedom important? Hm. As long as it's related to software, you're right. When it transcends into other domains, though, I understand the point being made. Unlike in the software business, there are some domains (such as pharmaceutics) where patents really are crucial to innovation (at least I can't think of anyone willing to go through the required procedures to bring a new drug to the market without at least /some/ assurance that nobody else will benefit off of his investments). Indeed, patent defense clauses should be limited to patents related to the software the license is all about; but that should not mean all patent defense clauses are evil. -- EARTH smog | bricks AIR -- mud -- FIRE soda water | tequila WATER -- with thanks to fortune signature.asc Description: Digital signature
Re: Patent clauses in licenses
Glenn Maynard writes: I don't believe that enforcing software patents is a legitimate legal right that needs to be protected. I wrote: What about hardware patents? Glenn Maynard writes: Well, a patent probably doesn't really apply to software at all... I guess I wasn't clear. If the license says that my copyright license will be terminated if I take any patent action against the licensor and I sue him for infringing my patent on my three-point hitch stabilizer he will terminate my license. That's what I mean by hardware patents. Most patents have nothing to do with computers or software. -- John Hasler [EMAIL PROTECTED] (John Hasler) Dancing Horse Hill Elmwood, WI
Re: Debian Hardened project (question about use of the Debiantrademark)
Martin Michlmayr dijo [Sun, Sep 19, 2004 at 02:12:54PM +0100]: I've read the comments and maybe hardened is an appropriate name for such an effort. I don't know, and I'm aware that I'm overly conservative in such regards, but so far I have not seen many other Debian developers saying that's it a good idea either. Furthermore, my main problem is that you announce this project as Debian Hardened before there is any consensus at all that Debian is interested in such a project. Again, I haven't seen many Debian people responding to your mail saying great idea, let's do this. I think we will all agree that we want Debian to be better - to be as good as we can make it. And having Debian a couple of notches higher security-wise would definitively be a good thing. The problem is that I am sure that if we were to require everything to be compiled with all those tricks enabled, a good deal of our archive would FTBFS, and we would be squishing lots and lots of bugs. The end result would probably be much better, yes, but the cost for it might be a bit high. And, of course, there will surely be (I have never worked with all those enhancements) some packages which will not work with the new scheme, or that will work better (i.e., a performance-intensive program) without all the safeguards on. I am sure that if Lorenzo and company can prove the process to be not too hairy, we will all go for it. Greetings, -- Gunnar Wolf - [EMAIL PROTECTED] - (+52-55)1451-2244 / 5554-9450 PGP key 1024D/8BB527AF 2001-10-23 Fingerprint: 0C79 D2D1 2C4E 9CE4 5973 F800 D80E F35A 8BB5 27AF
Re: Debian Hardened project (question about use of the Debiantrademark)
Felipe Augusto van de Wiel (faw) dijo [Sun, Sep 19, 2004 at 06:45:12PM -0300]: I was on Alioth and on 2004.09.14, a new project called Debian: Secure by Default, was launched. If you check the site and the mission statement, it looks like pretty much with you pourpose. I would go a bit further: I am not convinced the project name's choice was quite adequate. The slogan 'secure by default' was made by the OpenBSD team mainly to assert they ship with the minimum active services possible to have a working, useful, usable system. This means, they have shut down default ports, leaving only ssh on for a standard system install. And we are more or less at the same level of security by default. What Lorenzo is proposing is adding to Debian the needed features to have a system in which each of the binaries are more secure. That is not the meaning of the 'secure by default' slogan. Besides, I would think using that slogan would be jumping on someone's else train. It was not our idea, and although we implement it, I'd rather call it another way. Or not call it at all, as if it were such a breakthrough by now. Greetings, -- Gunnar Wolf - [EMAIL PROTECTED] - (+52-55)1451-2244 / 5554-9450 PGP key 1024D/8BB527AF 2001-10-23 Fingerprint: 0C79 D2D1 2C4E 9CE4 5973 F800 D80E F35A 8BB5 27AF
Re: Debian Hardened project (question about use of the Debiantrademark)
Gunnar Wolf wrote: :: I would go a bit further: I am not convinced the :: project name's choice was quite adequate. The :: slogan 'secure by default' was made by the OpenBSD :: team mainly to assert they ship with the minimum :: active services possible to have a working, useful, :: usable system. This means, they have shut down :: default ports, leaving only ssh on for a standard :: system install. And we are more or less at the :: same level of security by default. Ok, but if you check the site[1] of Debian Secure by Default, you are going to see that they are proposing the use of PaX and other security related stuff, in a similar way of Lorenzo (Debian Hardened). :: What Lorenzo is proposing is adding to Debian the :: needed features to have a system in which each of :: the binaries are more secure. That is not the :: meaning of the 'secure by default' slogan. What I proposed in the previous message is to join efforts. I believe it is the most logical thing to do, work together to provide even more security in Debian. :) :: Besides, I would think using that slogan would :: be jumping on someone's else train. It was not :: our idea, and although we implement it, I'd :: rather call it another way. Or not call it at :: all, as if it were such a breakthrough by now. Let's call it: Debian Dirty Harry! :-) Just kidding, at this moment I'm more concerned with the idea of don't split our forces. I know the importance of slogan and project name, and I'm certain that *working together* we can achieve a great name and a fantastic slogan! Cheers, -- // // Felipe Augusto van de Wiel (faw) // [EMAIL PROTECTED] // http://www.cathedrallabs.org / // GUD-PR / DUG-PR || http://www.debian-pr.org // GUD-BR / DUG-BR || http://www.debian-br.org // Debian Project || http://www.debian.org/ //
Re: Patent clauses in licenses
Thomas Hood [EMAIL PROTECTED] wrote: The important part is that company B has no freedom to sue A for patent infringement while continuing to use software published by company A upon which it may have come to rely. Why do we consider that freedom important? -- Matthew Garrett | [EMAIL PROTECTED]
Re: Patent clauses in licenses
On Sun, Sep 19, 2004 at 08:58:03PM -0500, John Hasler wrote: I guess I wasn't clear. If the license says that my copyright license will be terminated if I take any patent action against the licensor and I sue him for infringing my patent on my three-point hitch stabilizer he will terminate my license. That's what I mean by hardware patents. Most patents have nothing to do with computers or software. I think there's agreement that licenses which terminate due to action unrelated to the software is non-free, such as the RPSL[1]. I don't believe limiting it to software patents is sufficient; at a minimum, it needs to be restricted to only terminate based on patent action claiming that the work itself violates a patent, which is what the OSL 2.1 does[2]. The interesting debates at the moment are whether these narrower clauses are free in principle, and whether the existing clauses have room for abuse (making them non-free in practice). [1] https://helixcommunity.org/content/rpsl [2] http://www.opensource.org/licenses/osl-2.1.php (Not that I'm endorsing this license--I believe it's non-free in a couple other ways.) -- Glenn Maynard
Re: Debian Hardened project (question about use of the Debian trademark)
On Sun, Sep 19, 2004 at 09:33:44PM +0200, Lorenzo Hernandez Garcia-Hierro wrote: The idea (i repeat) is now that the packages should be recompiled, passed to a temporal pool, tested, and then moved to the 'main' pool, without creating branches/sub-trees/brands/etc, and just making all the packages, hardened, without making interferences or making them for unstable. How do you plan to cooperate with the current package maintainers? It seems you want to touch about every package. This is quite a bigger scope than the usual CDD, where you just add/modify a couple of packages and integrate stuff. Michael
Re: Patent clauses in licenses
MJ Ray [EMAIL PROTECTED] wrote: On 2004-09-19 13:24:06 +0100 Matthew Garrett [EMAIL PROTECTED] wrote: who believe that licenses which terminate if you allege infringement of a software patent in that software should be free. Is there anyone who hasn't expressed a view who feels otherwise? I have not expressed this view to debian-project or planet debian: patent licences which terminate on related patent action may be free. I do not see how copyright licences which terminate on patent action can be free. I'd assumed that your viewpoint would be at least that strong, and had included you in my impressions. Is your own view influencing your perception of a narrow majority? Not to the best of my knowledge. -- Matthew Garrett | [EMAIL PROTECTED]
Re: Patent clauses in licenses
John Hasler [EMAIL PROTECTED] wrote: Michael Poole writes: Company B's defensive claims also affect all other users of the original software -- now that they attempt to enforce their patent rights, no other users can assume themselves to be safe. Why do you assume that company B's claims must have to do with the original software, or even with software at all? I'd certainly feel that licenses that attempt to restrict non-software patent action ought to be non-free. I don't see any way that a license that enforced this would be helping free software. -- Matthew Garrett | [EMAIL PROTECTED]
Re: Patent clauses in licenses
The point of promoting free software is to allow people to use/study/modify/redistribute software in freedom. People can't do these things in freedom if they are subjected to unreasonable restrictions in the licenses attached to the software. Do you think that it is reasonable to expect the licensee L to give up her legal rights with respect to the author A of program P in exchange for being allowed to use/study/modify/redistribute program P? It depends on what the rights in question are, I guess. At one extreme it would be unreasonable to expect L to give up her legal right, e.g., to sue A for damages caused by A's automobile running into L's house. At the other extreme it would be reasonable to expect L to give up her legal right to sue A for damages caused by L's use of program P. (I assume here that offering programs on an as-is basis is reasonable.) I don't see how L's right to sue A for patent infringement can possibly resemble the second case more than the first, so I am inclined to regard the demand that L give up such rights as unreasonable ... until someone can give me some suitable reasoning, of course. -- Thomas Hood