A superficially modest blog post from a senior Hatter announces that going forward, the company will only publish the source code of its CentOS Stream product to the world. In other words, only paying customers will be able to obtain the source code to Red Hat Enterprise Linux… And under the terms of their contracts with the Hat, that means that they can’t publish it.
Can we avoid clickbait titles? Really hoping the Lemmy community is better than what Reddit turned into.
…I don’t see how this is clickbait, this is a major damaging move to downstream distros. They can no longer use RHEL source. Also, I just copy and pasted the original article’s title. RHEL is an extremely influential distro, others will follow its lead.
I actually considered changing it at first because I didn’t think it properly conveyed just how damaging to open source this is. This is an inflection point for the entire space. Red Hat is one of the most influential distros and others will follow its lead.
If you disagree with my take, fair, but tell me why. Same for all the people upvoting @carlyman’s comment. I want to have real discourse with you all, and I will change the title if you have good reasoning that it is in fact inaccurate. Like you said, we don’t want this to be like Reddit.
It’s also against the spirit of the GPL if not the letter. Red Hat isn’t just required to release source code to its customers upon request; that source code comes with GPL rights and restrictions attached (including the right to distribute).
Is it legal for Red Hat to require customers to waive their GPL rights? I don’t think it should be, but I don’t think courts are particularly friendly to copyleft holders.
I will leave this article from the Software Freedom Conservancy which gives an analysis of the legal impact of the new terms of the RHEL CCS distribution in terms of the GPL.
In short, it is as you say, not distributing to the public at large is only a violation of the spirit of the GPL but not an actual legal violation. As for redistribution, the new terms stipulate that RedHat CANNOT STOP YOU from redistributing the code (unless you forgot to remove their icons/artwork/copyrightable stuff), but doing so will put you under consideration for a 30-day notice that your ability to access binaries and sources will be revoked.
Additionally, the SFC has gone ahead and assumed that RedHat will have little inclination to sell a single license to Rocky or Alma for them to them attempt a systematic way to get around their RHEL CCS distribution model. In short, RedHat has come full circle in implementing the full breadth of their hostilities towards downstream projects of their RHEL.
I know RedHat folks justify it as “None of the downstream projects helped patched anything. That the downstream projects were the ones being hostile and RedHat is just finally responding in like.” I think the “none” might be over exaggerated, but RedHat has indeed submitted easily over 90% of the patches to RHEL’s code base. That said, working with the community to help foster more contributions is the correct answer, not taking the ball and going home.
All in all, RedHat is basically allowed to do what it is doing. But everyone is free to not like this path RedHat has taken themselves down. I mean, there’s a lot of “questionable” spirit of FOSS that multiple companies that contribute to open source do with their product. cough Java cough.
It sucks that exercising your rights under the GPL means being punished in turn. I wonder if they’ll address this in a future version of the licence?
Some of the changes in GPLv3 seem to address this type of behavior. There might be some narrow gaps that Red Hat is taking advantage of, but the folks at GNU at least made things harder.
Your comment should be more upvoted. Great info.
Yeah - even if it technically isn’t legal, GPL violators have a long history of getting away with it. IBM has a legal team that’ll scare almost anyone away.
I agree with the sentiment…but hard not to say this isn’t a clickbait title. Let’s not rely on rhetoric…let’s speak with data, details, and specifics to help foster actual discourse and constructive disagreement.
When most people think of clickbait, there is a disconnect between the content presented and the title. There is no such disconnect in this case. Your interpretation of the word is an outlier, and even if I agreed that it was clickbait, you still haven’t convinced me it is a bad thing in this specific scenario.
There is generally some truth to clickbait titles…and the more you agree with it, the less clickbait-y it seems. “Crushing blow” is unnecessary rhetoric in my view (and I’d bet 50 cents AI wrote it).
I’m actually not arguing the intent of the article…rather just how I hope this community raises the bar in discourse.
We clearly have a disconnect here. There’s a reason I always put a quote to act as summary in the description of my article posts, they provide more detail than the title could. At the end of the day, I think providing the original title regardless of its perceived quality is the better option when these posts are glorified links anyways. (I assure you it was not from AI, The Register has pretty high journalistic standards.)
As a very long time reader of The Register, I actually enjoy their headlines. They have always had a tabloid style to them. Even before clickbait was a thing and I have seldom been disappointed at the contents of anything I have clicked on. So agreed, a quality site.
Arstechnica and The Register are my tow oldest daily reads.
Fair enough.
You’re upset that the headline didn’t have data, details and specifics in it?..
I prefer to avoid clickbait titles and discussions around soundbites. If you prefer clickbait titles and rhetoric, so be it. I was hoping for something different.
It’s the literal title of the article. If you don’t like El Rog’s style, then jump in your time machine, head back to the late 90s, and ask Magee and Lettice to kindly knock it off.
Can we also avoid idiots like yourself making stupid comments?
-
The title is accurate
-
Letting users pick their own title will lead to abuse and manipulation as users try to make a headline fit their narrative.
This is the sort of discourse I left reddit for. Hope your reply made you feel better.
Don’t lie.
You left reddit the same reason we all did, it’s turning to shit due to the admins.
If you’d least reddit because you don’t like how people talk you’d have done so at any other time before this big event making us all leave.
Bruh this is just Reddit 2.0. if you thought something would be different you were mistaken.
-
Accidentally deleted my last comment… but a summary of what I had said, I don’t think it’s clickbait. This is an inflection point for the entire space and I actually considered changing the title because I didn’t think it properly expressed just how damaging it is. It restricts people receiving RHEL source, compromising existing derivatives and essentially closing off the possibility of any more. RHEL is an extremely influential distro, others will follow its lead. Also, it’s a copy and paste of the original title.
If you think anything I’ve said here is incorrect or you have a different perspective, I’m totally open for discourse. Just don’t go around leaving negative comments without explaining yourself - I was hoping this community would be better than Reddit too.
(Lemmy REALLY needs a confirmation box for that. Not the first time lol)
Frankly, I’m more concerned about the precedent this sets for the GPL.
If Red Hat can do this, then there’s nothing (legally) preventing every other megacorp from ending public contributions to Linux and other GPL projects, forking them, and releasing them under restrictive contractual terms.
Granted, not everyone would take their code private. Microsoft and Apple make some contributions to BSD/MIT/etc. licensed software even though they are not required to. However, I think we’d miss out on quite a lot of FOSS development.
How does this work with the code license? If this is all fine, doesn’t this mean that we should be avoiding the kind of license they’re using in the future?
Most of their stuff is under the GPL. It’s a GPL violation to not allow their customers to share the source. I’m guessing they’ll reverse this decision (or selectively release everything they’re obligated to) within a week.
I have to image that their fleet of attorneys would have thought of this before hand.
I was confused they didn’t think of this either, but the language in the license is very clear. I see no way it cannot be infringing - the only way you can be restricted from redistributing GPLv3’d source is if you publish it incorrectly. If you override these rights in any way, you lose your license to distribute the GPLed software and it turns into piracy.
That’s ignoring the variety of other OSS licenses used for software in their repositories, many of which have similar (or even broader) redistribution rights.
Relevant GPLv3 language:
Section 4. Conveying Verbatim Copies. "You may convey verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice; keep intact all notices stating that this License and any non-permissive terms added in accord with section 7 apply to the code; keep intact all notices of the absence of any warranty; and give all recipients a copy of this License along with the Program." Section 5. Conveying Modified Source Versions. "You may convey a work based on the Program, or the modifications to produce it from the Program, in the form of source code under the terms of section 4, provided that you also meet all of these conditions: a) The work must carry prominent notices stating that you modified it, and giving a relevant date. b) The work must carry prominent notices stating that it is released under this License and any conditions added under section 7. This requirement modifies the requirement in section 4 to “keep intact all notices”. c) You must license the entire work, as a whole, under this License to anyone who comes into possession of a copy. This License will therefore apply, along with any applicable section 7 additional terms, to the whole of the work, and all its parts, regardless of how they are packaged. This License gives no permission to license the work in any other way, but it does not invalidate such permission if you have separately received it. d) If the work has interactive user interfaces, each must display Appropriate Legal Notices; however, if the Program has interactive interfaces that do not display Appropriate Legal Notices, your work need not make them do so."
Another excerpt from the GPLv3 that explicitly describes and disallows what Red Hat is doing - you are explicitly not allowed to add any restrictions when you redistribute GPLv3 licensed software:
If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term.
…aaand an additional excerpt which disallows Red Hat’s restrictions:
Each time you convey a covered work, the recipient automatically receives a license from the original licensors, to run, modify and propagate that work, subject to this License.
(note: “original licensors” is not Red Hat regarding any software other than their own. Red Hat cannot change or infringe upon rights received from upstream.) and ANOTHER excerpt:
If you distribute copies of such a program, whether gratis or for a fee, you must pass on to the recipients the same freedoms that you received. You must make sure that they, too, receive or can get the source code.
What if they technically allow redistribution, but terminate access to recieving updates for doing so? So you can distribute a copy of version N, but if you do so you will not recieve version N+1, and therefore will not be able to get source code for version N+1. Not sure if this is how it is in their contract though.
It could be argued that is also a restriction disallowed by the GPL (in my mind any terms that bring negative consequences for expressing your rights given by the license are restrictions), but at that point it’s really beyond my expertise on this subject. I’m not sure if the GPLv3 even defines this at all - maybe Red Hat is banking on that ambiguity.
They might also be banking on GPLv3 contributors being unable/unwilling to take them to court. The Linux kernel is GPLv2, and its contributors are probably more of a legal threat than anything else in RHEL.
SF Conservancy analyzed this and found that it’s probably legally OK, if very much on the edge of what’s allowed. RH doesn’t sue you for redistribution or anything, they ‘just’ terminate the contract and the GPL doesn’t force anyone to deal with anyone. It’s the same stupid model grsecurity applied some years ago.
But regardless of legality, morally, this is just completely and utterly wrong. I’m not totally surprised post-IBM Red Hat went in this direction, but I’m disappointed and angry anyway.
I find it interesting that even the conservancy can’t really say whether or not it’s OK legally definitively. Here’s hoping someone still takes them to court over this, wins, and sets precedence that it’s a violation of the GPL (extremely unlikely, but a guy can dream)
I remember people talking about potential scenarios very similar to this when Red Hat was acquired. They were right.
The problem here is not the source of the applications, but the source of the package build scripts - which in big parts are RedHat property.
RedHat must provide you the sources - but for that it is sufficient to give you the source of whatever is packaged. In the past commercial distributions just fulfilled that requirement by dumping source packages, which have the source as well as the scripts required to build binary packages. They do not have to provide you with the build scripts.
The problem with RedHat is that many companies certify their stuff to work on RedHat - so for that to work without running into the occasional obscure problem you need to build the sources the exact same way as RedHat is doing. That’s what CentOS used to do until version 7, and that’s what currently some other distributions are doing. Without the build scripts it’ll be next to impossible to do that - you’d pretty much have to duplicate the RedHat engineering team. But it is completely legal, as they own the scripts, and since they’re completely separate from the application itself don’t have to be GPL.
AFAIK, the source is still available with a free Developer License from Red Hat. Still annoying AF, though.
That sounds like a “restriction” on distribution of GPLv3 licensed code
Yeah, it kinda does. Idk what they’re thinking, lol
What stops one person with a free account from mirroring the source?
From TFA:
Some commentators are pointing out that it’s possible to sign up for a free Red Hat Developer account, and obtain the source code legitimately that way. This is perfectly true, but the problem is that the license agreement that you have to sign to get that account prevents you from redistributing the software.
So although the downstream distros could still get hold of the software source code, they can’t actually use it. In principle, if they make substantial modifications, they can share those, but the whole raison d’être of RHEL-compatible distros is to avoid major changes and so retain “bug-for-bug compatibility.”
Of course, they could take a “publish and be damned” attitude and do it anyway. At best, the likely result is immediate cancellation of their subscription and account. That could work but will result in a cat-and-mouse game: downstream distributors continually opening new free developer accounts, and the Hat potentially retaliating by blueprinting downloads and stomping on violators’ accounts. It would not be a sustainable model.
At worst, though, they could face potentially getting sued into oblivion.
ETA the full context.
How are those licenses not in violation of GPLv3, which explicitly prohibits all forms of “restriction” on redistribution?
Got it.
I don’t see how that could comply with the terms of the GPL.
I don’t think all the code there is GPL. A lot of it is MIT, BSD, Apache, etc.
Idk, I don’t think they’re trying to kill downstreams. IMHO, they’re just cleaning things up. Why should the RHEL source be in the CentOS repos?
I work with (big, enterprise) customers who are actively migrating away from RHEL where they can. There are lots of free OSS alternatives that are enterprise-grade. Even Amazon Linux is gaining traction, especially in the cloud.
Yep reminds me of the sudden rush to adoptopenjdk when jre went stupid and were charging enterprise per instance, I hear they have changed back now
RIP Rocky?
The Rocky devs don’t seem worried