Re: Open Source Licensed RHAS, licenses?

[fluke gibson mw luc edu]

On 2 Jan 2003, Ben Russo wrote:

> I've been told by a few people that if I pay $799 for a set of
> RHAS CD's that I am not allowed to install it on more than one 
> machine.

You are not permitted to recieve support for more machines than you 
licensed.

> Last time I checked anaconda and RPM are GPL'd, 
> as are the overwhelming majority of the software packages 
> on the RHAS CD's....
> 
> So my question is, how might it be illegal to copy 
> everything **EXCEPT** the commercial software RPM's from 
> the RHAS CD's and then make copies of the resulting subset?

It is illegal to copy the GPL covered binaries and offer them to someone
else without also offering the source code (either providing it at the
same time or providing a written offer that you will provide the source
code for three years).  As long as you honor the redistribution terms for
a GPL covered binaries then there is nothing illegal about performing
redistribution.

> Also, I've been told that Redhat is making Source RPM's available
> for patches and updates for their Advanced Server.  So if you wanted
> to download the SRPM's and compile them yourself you are free to do
> so.  And then of course (being GPL'd material) they would be 
> free to redistribute. That makes sense.  I'd even understand if 
> RedHat put the FTP site on a 56Kb/s modem. ( ha ha )
> 
> But, if I had one licensed server and were downloading binary packages
> legitimately...  How could it possibly be illegal to copy and
> redistribute those binary RPM's if they are OpenSourced software based
> packages?

The binary RPMs contain the Red Hat trademark and digital signature 
produced by the Red Hat private key in the RPM header.  Even if all the 
files in the RPM (gzip'd cpio section) are covered by the GPL, the RPM 
header is still an independant work rather than a derivate work so the RPM 
header might actually be under a different license than the rest of the 
RPM.  If you run the RPM through rpm2cpio or build the RPM from the SRPMS 
then it should remove any question about the redistribution rights.

> I have asked several RedHat employees (sales and tech support)
> and either they just don't seem to "get" the question, or they are 
> purposefully dancing around the subject.  I decided after asking the 
> question 3 or 4 times and not getting anywhere that I was beating a
> dead horse.  RedHat won't tell me that it is illegal or forbidden,
> but they also won't say tell me that I *AM* allowed to do so.

Volenteer some time working for the FSF investigating reports claiming GPL 
violations and you will discover that neither the concepts of Copyleft or 
GPL comes easily to most people.  They honestly may not know themselves 
the answer to your question.  :(

> Isn't one of the concepts of the GPL, that when the software is
> distributed the user has to be made aware that it is Free to be
> copied and modified so long as the GPL is maintained?

Yes, that is one of the concepts and requirements but the requirement only
comes into play that the time of *redistribution*.  You can goes as far as
continually telling some one that your not aware of any GPL software being
part of a product, but as long as you provide either the source code or a 
written offer good for three years at the time the binaries are 
redistributed then you still haven't violated the *letter* of the license.  

> If RedHat is just selling FTP access to pre-compiled binaries for
> $799 per year per server, I understand that.  But they don't seem
> to be able to tell me exactly what the $799 price tag is for.

Support and "certification."  Companies like Oracle charge big to confirm 
that a specific OS is certified for use with Oracle.

> What I don't understand is how they can restrict further redistribution
> of bundled open source applications?  I thought that this was 
> **PATENTLY** against the GPL?  And even insinuating that it is 
> forbidden would be **PATENTLY** against the GPL, right?

Are we discussing free as in free beer or free as in speech.  The purpose 
of the GPL is free as in speech.  If Red hat claims trademark or copyright 
on RPM headers but allow the source code to continue to be openly 
modifiable and the results from the source code to be openly 
redistributable then it still honors the intention of Copyleft.  There is 
also nothing in the GPL that states that the support they provide to 
someone that gets the package directly from RH need to also be 
redistributable.  If you license RHAS for one server and install it on 
three then expect to only get support for one server.  If your the type of 
company that RH is trying to expand their business to include then the 
price tag is small in comparison to the amount of money that could be lost 
if due to unexpected downtime.

Btw, please avoid using patent and GPL in the same sentance unless you 
really are trying to get on RMS' bad side.  The purpose of a patent is to 
allow a company to monopolize a process.  The purpose of the GPL is to put 
a redistributor and a reciever on equal footing.

> I'm not pointing fingers or making accusations, I'm just trying
> to understand what is going on here and want to see what others
> thoughts are?

My thought is that if there is enough of a difference with what is 
provided in the RHAS SRPMS directory from the standard distribution then 
it will generate enough of a need that someone will produce their own 
binary CD images based on the RHAS SRPMS packages that is complettely 
freely redistributable.  However, if the true convience is the *support* 
and *certification* of RHAS then the only way to affordably get access to 
that level of convience is to license those additional services from RH.

Also, when signatificant changes occur to RHAS, it will need to be 
recertified and a new knowledge base of new issues for support will have 
to be generated.  Hence, RHAS will probably be a *slow* moving and boring 
distribution that is a *sub*-set of features of the standard RH 
distribution.  It is unlikely that you will see the two releases per year 
with RHAS that we enjoy with the RH standard.  Instead, those that 
continue with the much less expensive distribution will get the new 
features first and get to be the test subjects to help build the next 
generation RHAS knowledge base of known issues.  Keeping that in mind, do 
you really want RHAS anyways?!  I rather be only modifying the latest 
stuff than something purposily held back a couple revisions.  Then again, 
I tend to have at least a dozen packages from Rawhide at any given time.  
:)