Get the latest update on our Vizio court case
●News
Press Releases
Press
Blog
Vizio Lawsuit in the News
Our Issues in the News
●About
Sponsors
Sustainers
Board of Directors
Staff
Evaluation Committee
Outside Counsel, et alia
Transparency
Contact
●Our Work
Copyleft Compliance
We defend and uphold the rights of software users and consumers under copyleft licenses.
Impact Litigation
We defend the legal rights of software users. Learn the details, status, and stakes of our court cases.
Give Up GitHub
We urge FOSS Developers to Give Up GitHub! Learn why.
Outreachy
We offer internships for anyone who faces underrepresentation, systemic bias, or discrimination in the tech industry.
FOSSY
Our annual community-oriented conference focused on the creation and impact of free and open source software.
●Tools
Member Projects
We provide non-profit infrastructure and services to our members creating Free/Libre and Open Source Software.
Use The Source
Our tool for evaluating the source code candidates companies must provide for GPLed software.
OpenWrt One
We designed and built the first ever wireless Internet router designed with software freedom and right to repair in mind.
●Learn
The Corresponding Source
A bi-weekly oggcast about legal, policy, and many other issues in the Free, Libre, and Open Source Software (FLOSS) world.
Glossary of Terms
A list of terms you might be unfamiliar with but occur frequently in our work.
FAQ About the Vizio Lawsuit
Your most frequently asked questions about the Vizio lawsuit, answered in one place.
●
Donate
●News
Press Releases
Press
Blog
Vizio Lawsuit in the News
Our Issues in the News
●About
Sponsors
Sustainers
Board of Directors
Staff
Evaluation Committee
Outside Counsel, et alia
Transparency
Contact
●Our Work
Copyleft Compliance
We defend and uphold the rights of software users and consumers under copyleft licenses.
Impact Litigation
We defend the legal rights of software users. Learn the details, status, and stakes of our court cases.
Give Up GitHub
We urge FOSS Developers to Give Up GitHub! Learn why.
Outreachy
We offer internships for anyone who faces underrepresentation, systemic bias, or discrimination in the tech industry.
FOSSY
Our annual community-oriented conference focused on the creation and impact of free and open source software.
●Tools
Member Projects
We provide non-profit infrastructure and services to our members creating Free/Libre and Open Source Software.
Use The Source
Our tool for evaluating the source code candidates companies must provide for GPLed software.
OpenWrt One
We designed and built the first ever wireless Internet router designed with software freedom and right to repair in mind.
●Learn
The Corresponding Source
A bi-weekly oggcast about legal, policy, and many other issues in the Free, Libre, and Open Source Software (FLOSS) world.
Glossary of Terms
A list of terms you might be unfamiliar with but occur frequently in our work.
FAQ About the Vizio Lawsuit
Your most frequently asked questions about the Vizio lawsuit, answered in one place.
●Donate
Thanks to so many donors, we met our largest match donation ever of $211,939.
Two generous anonymous donors have provided another $40,012ofadditional matching funds.
Give now to help us reach this stretch goal!
For only 4 more days, the
next $13,079offinancial support we receive will be matched!
$26,933 matched!
$13,079 to go!
$211,927 fully matched!
Home / News
![[RSS]](/static/img/feed-icon-14x14.2168a573d0d4.png)
Conservancy Blog
Displaying posts
tagged law
Some Unfortunate Delays in our Struggle for Copyleft Justice
byBradley M. Kühn
on January 26, 2026
We at Software Freedom Conservancy are disappointed at some surprising
news. Two weeks ago (THU 2026-01-08), we had our original pretrial motions hearing
scheduled in our historic impact litigation against
Vizio. Just about an hour before the hearing's start-time, Judge Sandy
Leal issued a minute order that rescheduled the hearing and (effectively)
removed the trial (which was set to start on Monday 12 January 2025) from
her calendar.
The rescheduled hearing date was Monday 2026-01-26 at 09:00. At 08:15 that morning, our attorneys were contacted from the Court Clerk that the hearing was again postponed..
We have been in this litigation against Vizio since October 2021. Vizio
violated both the General Public License (GPL) and Lesser GPL
Agreements. Vizio's “Smart” TV products include more than a
dozen packages under these copyleft licenses, yet Vizio has continually
failed to comply with these agreements in various ways — most notably (and including but not limited to)
by (a) not providing complete, corresponding source code, (b) not providing
“the scripts used to control compilation and installation of the
executable[s]”, and (c) not providing object code necessary for
relinking the LGPLv2.1'd works. We were looking forward to our days in
Court that week to show the world all the details of Vizio's non-compliance,
and to ask the Court to acknowledge (among other things) our right as a
third-party beneficiary under the GPL Agreements to receive all the materials
that those Agreements require Vizio to give to all consumers who purchase
their devices. These devices, BTW, are called “Smart”
TVs because what's inside is actually a small (but powerful) computer
attached to the giant video display — driven and controlled largely by copylefted
FOSS.
Notwithstanding our frustration, our trial was delayed for good reason.
Another case — even older than ours — needed more time for their jury
trial (and thus had priority over ours). While some criticize the USA for
being “too litigious”, we at SFC believe firmly that the civil
Courts are the best place where ordinary citizens and small, scrappy
non-profit charities like SFC
can seek justice when our rights are violated.
We also know that there is more injustice in our country these days than
anyone would like, and this delay occurred because
there are other folks out there seeking justice on other important
issues and rights, too.
We understand that we've been waiting for a long time in a very long queue
in the California Courts, and while we (like everyone) get frustrated when
the line is taking much longer than expected, we also appreciate that Judge
Leal is carefully managing her docket to grant all parties an
impartial opportunity for justice.
Attorneys for both SFC and Vizio are now negotiating with the Court for rescheduling. We hope the pretrial hearing will be scheduled fairly soon. We will update here and on the Fediverse as we know more.
We'll spend the next few weeks posting the various recent motions and
filings in the case, and publishing some retrospective summaries of the
last four and a half years of the case for you all to read.
Be sure subscribe to our feed in your RSS readers/aggregators and follow us on the
Fediverse (via
Mastodon or your preferred ActivityPub software). to receive updates!
[permalink]
Tags:
conservancy,
GPL,
law
Linux banned Russian contributors. Does my FOSS project need to worry about U.S. Sanctions?
byRick Sanders
on December 12, 2024
Since the Linux project removed a number of entries from the MAINTAINERS file, all of whom
were putatively Russian, in October, we've been receiving questions about U.S. sanctions against
Russia and what, if anything, we should do about them. As I explain below, our position is that such
drastic action, though defensible, is unnecessary.
What would compel the Linux project to take action against specifically Russian
contributors—and is it a good enough reason such that other FOSS project should follow
suit? The Linux project has access to the lawyers of the Linux Foundation, after all. Unfortunately,
the Linux project's initial announcement said only that the removals were due to various
compliance requirements.
The announcement added that the Russian contributors can
come back in th
e future if sufficient documenta
tion is provided.
But it didn't say what sort of
documentation would be required. Linus Torvalds added a little clarity when he said that
"sanctions" were the cause.
Speculation quickly centered on Executive Order (“EO”) 14071, one of the U.S.
sanctions against Russian. It had recently been expanded to include software development and IT
services, just a month before the Linux project's announcement. (EO 14071 dates to April 2022, but
its scope is expanded from time to time to include new industries.)
The problem with this theory is that EO 14071 doesn't apply to contributions from a
Russian national toa software project (even though it now applies to software
development). It is true that, when a Russian national makes a copyrightable contribution to a
software project governed by the GPL, the Russian national enters into a contractual relationship
with (at least) all downstream distributors. But EO 14071 doesn't sanction any and all contractual
relations with Russian nationals. It only prevents the provision of certain software- and IT-related
services (including software development and consulting) toRussian nationals
from a “U.S. person”. In other words, EO 14071 works in reverse to the
Linux project's situation.
So, if it's not EO 14071, could it be some other U.S. sanction? There are, after all, quite a number of them. On October 24, James Bottomley provided something of an answer. Citing Linux Foundation lawyers, Bottomley wrote that the Linux project means to exclude companies on the U.S. OFA
C SDN lists, subject to an OFAC
sanctions program, or owned/cont
rolled by a company the list.
(OFAC is the Office of Foreign Assets Control, a division of the Treasury Department, in charge of maintaining these sorts of sanctions. SDN means “Specially Designated Nationals,” i.e., persons and businesses, as opposed to entire regimes.) Under this analysis, the documentation referenced in the initial announcement would be paperwork tending to prove that the contributor did not work for such a sanctioned company.
Alas, this doesn't tell us very much. Not only are there several U.S. sanctions against Russians, which cover different activites and serve different purposes, but each of them affects its own set of (overlapping) Russian parties. Wading one's way though these sanctions is a slog that almost no FOSS projects can possibly wade through. You have to parse the actual statutory and regulatory language, review later regulations and executive orders that might alter the sanction's scope, check whether a given Russian individual or entity is subject to that particular sanction (because two given sanctions don't necessarily apply to the same Russians), then check whether your activity or relationship with that Russian individual or entity is covered by the sanction. (On the upside, the U.S. government provides a handy website that allows you to check which sanctions, if any, affect a particular Russian person or entity. But, even if you can be sure you've checked the right person/entity, you still need to determine whether the sanction actually applies to your own activity.)
This is a lot of work. And I think that explains the Linux project's cautious approach: namely, suspending all Russian contributions to the project temporarily; then checking each contributor, case-by-case; and (presumably) reinstate them if they don't show up on any sanctions list. Even this strategy might not be feasible for many if not most projects. They might be more reliant on Russian contributions, be less able to withstand the blowback from sudden suspensions, or simply lack the legal resources.
In my view, none of the Russian sanctions prevents Russians from contributing to American-based software projects governed by the GPL. While the approach taken by the Linux project is reasonable and understandable, I do not believe SFC's projects to take similar actions at this time.
Besides, the spirit of FOSS, I think, requires a bias toward acceptance of otherwise valid and competent contributions. The goal is great software that, in many cases, affirmatively improves people's lives. Rejecting good contributions undermines that goal. Further, rejecting otherwise good contributions does nothing to further the sanctions' goals. The sanctions are primarily intended to punish Russia for, and to degrade its ability to conduct, its interference in U.S. elections, its flouting of international rules, and its aggression in Ukraine. It is difficult to see how rejecting Russian contributions furthers any of these goals.
There remains one final mystery. Some of these Russian sanctions are several years old, so why is this an issue now? My best guess is that EO 14071 brought the issue of Russian sanctions to Linux Foundations's attention because it was explicitly directed at software development. Even if EO 14071 was found to be inapplicable, Linux Foundation couldn't ignore the whole raft of other Russian sanctions, which would take time to sort through.
Ideally, we could keep geopolitics (and lawyers!) out of FOSS. But that's not always possible. U.S. sanctions are one reason. There's no harm in being cautious, so long as the spirit of FOSS is respected. Different projects and organizations will reasonably come to different conclusions on this matter.
Links to the documents referenced above:
●OFAC FAQ 1128, which sets forth various expansions of EO 14071:
●OFAC FAQ 1187, which explains what's covered by "IT consultancy and design services."
●OFAC's webpage re: Russia-related sanctions
●OFAC's Sanctions List Search
[permalink]
Tags:
law,
resources
How I watched a Motion for Summary Judgment hearing
byDenver Gingerich
on October 12, 2023
In SFC's ongoing lawsuit against Vizio asking to receive the source code for the copylefted components on their TVs, last week we had a hearing with the judge to discuss the Motion for Summary Judgment that Vizio filed (requesting that the court reject our case before it even went to trial). A couple of our staff attended in-person (in an Orange County courthouse in Southern California) while others, like myself, watched remotely.
I was hoping to be able to use a standard interface to view the proceedings (such as streaming video provided to a <video/> element on a webpage), but unfortunately that was not available. The only way to view hearings in this court remotely is via Zoom, which SFC has talked about recently. This presented me with a conundrum - do I join via Zoom to see what was said? Or am I prevented from accessing this civic discourse because the court chooses not to use a standard video sharing method, preventing a large segment of society from taking part? As part of their normal practice, the court does not record (nor allow recording except through an official court reporter that can be hired by the parties to take a textual transcript) of proceedings, so I needed to decide with some urgency how to proceed, as failing to join now would mean I couldn't see the hearing at all, neither now nor in the future.
I am not sure how other countries approach this problem, and maybe it is no different elsewhere, but it did concern me deeply how this technical decision to demand the use of proprietary software could leave so many people disenfranchised, both with respect to their legal system, and other public services as well.
As part of SFC's policy to allow the use proprietary software if it is critical to our mission, I decided that it was more important for me to be able to view the proceedings (and avoid charging many hundreds of dollars to SFC for an international flight and hotel). Note that SFC would never require this of me, and would gladly pay for me to attend in-person to avoid the proprietary software, but I felt personally it was the right decision for me to make in this context.
Once this dilemma was resolved (for better or worse), I went through the technical steps required to join the Zoom call for the court hearing, where I was presented with this text:
By clicking "Join", you agree to our {0} and {1}.
Now there were no links to {0} or {1}, so I made some guesses as to what I was agreeing to. In the best case, I was agreeing to nothing, and in the worst case I was agreeing that 0 and 1 provided the foundation for all humanity which, while potentially troubling, did have a certain appeal as a technologist. In any case, I clicked Join (possibly leaving an indelible mark on the future of the universe) and was at last able to observe the hearing, after dialing in by (SIP) phone for the audio, to reduce the amount of proprietary code being run for me to view the hearing.
The hearing event itself was familiar to those who have attended such court proceedings - there were many other cases heard that day, that touched on issues such as whether you could get a DUI while riding a horse (answer: yes), to much more serious and unfortunate clear instances of DARVO tactics in domestic disputes (which we hope will not ultimately sway the judge). It appeared the judge wanted to save our hearing for last, possibly due to its complexity or novelty. The lawyers in most of the other matters appeared remotely.
Once the other cases were heard, the judge turned to us, with both our lawyers and Vizio's lawyer physically present in the courtroom. She asked Vizio to go first (since it was Vizio's motion), and their lawyer went over the points from their Motion for Summary Judgment, eventually clarifying seven specific objections Vizio had made to our case in its motion - the judge had clearly read our brief and wanted to know more on these seven topics given how we addressed them.
It was a bit jarring to hear my own name mentioned in court, as one of the objections was to an email I had sent to Vizio when we informed them they were violating the GPL. While not a problem for our case, it reminded me of the need to be extra careful, since anything we say to a company who violates the GPL can end up in court. But it also reminded me of why it is important we do this: if people feel scared to file lawsuits when companies fail to comply with the software freedom licenses they choose to use, then we at SFC must step up and use our resources and substantial experience to make sure the unfounded claims by companies of how they should be able to get away with violating are firmly rebuffed.
After Vizio's lawyer had finished, the judge turned to our lawyers for a response. Our lawyers presented an excellent litany of reasons why SFC's case is not preempted by copyright (for example, there is an extra element, provision of source code, that copyright remedies do not provide), and why we have rights as a third-party to the GPL contract between Vizio and the developers of the software that Vizio chose to use (as an example, the GPL itself clearly states, "You [Vizio] must make sure that they [third-party recipients such as SFC], too, receive or can get the source code").
Our lawyers finished with some examples of how contract law works, where if you agree to make some copies, but don't pay the money required in the contract, then that's a contract claim, not a copyright claim. In that case, a party has stiffed the beneficiary on the money. And in our case, as our lawyer so eloquently ended the hearing: "Vizio has stiffed us on the code".
We are extremely proud of our lawyers in this case, especially the two lawyers who argued in-person for us on Thursday: Naomi Jane Gray and Don Thompson, as well our General Counsel Rick Sanders. Whether companies are held accountable for following the software right to repair licenses they choose to use is immensely important - they need to give us the same rights they have, and we're incredibly happy that our legal team are so laser-focused on this.
We look forward to hearing the judge's decision on this motion when it comes out (in the meantime, you can read the hearing transcript if you like). Whatever the result, we will keep fighting for your software rights, everywhere software is used, using the legal mechanisms available (when required), to make sure everyone can control their technology.
[permalink]
Tags:
conservancy,
GPL,
law,
licensing
A Comprehensive Analysis of the GPL Issues With the Red Hat Enterprise Linux (RHEL) Business Model
byBradley M. Kühn
on June 23, 2023
This article was originally published primarily as a response
to IBM's
Red Hat's change to no longer publish complete, corresponding source
(CCS) for RHEL and the
prior discontinuation of CentOS Linux (which are related events, as
described below). We hope that this will serve as a comprehensive
document that discusses the history of Red Hat's RHEL business model,
the related source code provisioning, and the GPL compliance issues with RHEL.
For approximately twenty years, Red Hat (now a fully owned subsidiary of
IBM) has experimented with building a business model for operating system deployment and
distribution that looks, feels, and acts like a proprietary one, but
nonetheless complies with the GPL and other standard copyleft
terms. Software rights activists,
including SFC, have spent decades talking to Red Hat and its
attorneys about how the Red Hat Enterprise Linux (RHEL) business model courts
disaster and is actively unfriendly to
community-oriented Free and Open Source Software (FOSS). These pleadings,
discussions, and encouragements have, as far as we can tell, been heard and
seriously listened to by key members of Red Hat's legal and OSPO
departments, and even by key C-level executives, but they have ultimately been rejected
and ignored — sometimes even with a “fine, then sue us for GPL
violations” attitude. Activists have found this discussion
frustrating, but kept the nature and tenure of these discussions as an
“open secret” until now because we all had hoped that Red Hat's behavior
would improve. Recent events show that the behavior has simply gotten worse, and is likely to get even
worse.
What Exactly Isthe RHEL Business Model?
The most concise and pithy way to describe RHEL's business model is:
“if you exercise your rights under the GPL, your money is no good
here”. Specifically, IBM's Red Hat offers copies of RHEL to its
customers, and each copy comes with a support and automatic-update
subscription contract. As we understand it, this contract
clearly states
that the terms do not intend to contradict any rights to copy, modify,
redistribute and/or reinstall the software as many times and as many places
as the customer likes (see §1.4). Additionally, though, the contract indicates that
if the customer engages in these activities, that Red Hat reserves the
right to cancel that contract and make no further contracts with the
customer for support and update services. In essence, Red Hat requires their customers
to choose between (a) their software freedom and rights, and (b) remaining a Red Hat
customer. In some versions of these contracts that we have reviewed, Red
Hat even reserves the right to “Review” a customer (effectively a BSA-style audit) to examine how
many copies of RHEL are actually installed (see §10) — presumably for the
purpose of Red Hat getting the information they need to decide
whether to “fire” the customer.
Red Hat's lawyers clearly take the position that this business model complies with the GPL (though we aren't so sure), on grounds that that nothing in the GPL agreements requires an entity
keep a business relationship with any other entity. They have further argued that such business
relationships can be terminated based on any behaviors — including
exercising rights guaranteed by the GPL agreements. Whether that
analysis is correct is a matter of intense debate, and likely only a court
case that disputed this particular issue would yield a definitive answer
on whether that disagreeable behavior is permitted (or not) under the GPL agreements. Debates continue, even today,
in copyleft expert circles, whether this
model itself violates GPL. There is, however, no doubt that this
provision is not in the spirit of the GPL agreements. The RHEL business
model is unfriendly, captious, capricious, and cringe-worthy.
Furthermore, this RHEL
business model remains, to our knowledge, rather unique in the software
industry. IBM's Red Hat definitely deserves credit for so carefully
constructing their business model such that it has spent most of the last
two decades in murky territory of “probably not violating the
GPL”.
Does The RHEL Business Model Violate the GPL Agreements?
Perhaps the biggest problem with a murky business model that skirts the
line of GPL compliance is that violations can and do happen — since
even a minor deviation from the business model clearly violates the GPL
agreements. Pre-IBM Red Hat deserves a certain amount of credit, as
SFC is aware of only two documented incidents of GPL violations that have
occurred since 2006 regarding the RHEL business model. We've decided to
share some general details of these violations for the purpose of
explaining where this business model can so easily cross the line.
In the first violation, a large Fortune 500 company (which we'll
call Company A), who both used RHEL internally and also built
public-facing Linux-based products, decided to create a consumer-facing
product (which we'll call Product P) based primarily on CentOS Linux,
but Pincluded a few packages built from RHEL sources. Company A
did not seek nor ask for support or update services for this separate
Product P. Red Hat later became aware that Product P contained
some part of RHEL, and Red Hat demanded royalty payments for Product
P. Red Hat threatened to revoke the support and update
services on Company A's internal RHEL servers if such royalties were
not paid.
Since Company A was powerful and had good lawyers and savvy
business development staff, they did not acquiesce. Company A ultimately
continued (to our knowledge) on as a RHEL customer for their internal
servers and continued selling Product P without royalty payments. Nevertheless, a
demand for royalties for distribution is clearly a violation as that demand creates a
“further restriction” on the permissions granted by GPL. As
stated in GPLv3:
You may not impose any further restrictions on the exercise of the
rights granted or affirmed under this License. For example, you may
not impose a license fee, royalty, or other charge for exercise of
rights granted under this License.
Red Hat tried to impose a further restriction in this situation, and therefore
violated the GPL. The violation was resolved since no royalty was paid
and Company A faced no consequences. SFC learned of
the incident later, and informed Red Hat that the past royalty demand was
a violation. Red Hat did not dispute nor agree that it was a violation, and did informally agree
such demands would not be made in future.
In another violation incident, we learned that Red Hat, in a specific
non-USA country, was requiring that any customer who lowered the number of
RHEL machines under service contract with Red Hat sign an
additional agreement. This additional agreement promised that the customer
had deleted every copy of RHEL in their entire organization other than the
copies of RHEL that were currently contracted for service with Red Hat.
Again, this is a “further restriction”. The GPL agreements
give everyone the unfettered right to make and keep as many copies of the
software as they like, and a distributor of GPL'd software may not require
a user to attest that they've deleted these legitimate, licensed copies of
third-party-licensed software under the GPL. SFC informed Red Hat's legal department
of this violation, and we were assured that this additional agreement would no longer
be presented to any Red Hat customers in the future.
In both these situations, we at SFC were worried they were merely a
“tip of the proverbial iceberg”. For years, we have heard from
Red Hat customers who are truly confused. It's common in the industry to
talk about RHEL “seat licenses”, and many software acquisition
specialists in the industry are not aware of the nuances of the RHEL
business model and do not understand their rights. We remain very
concerned that RHEL salespeople purposely confuse customers to sell more
“seat licenses”. It's often led us to ask: “If a GPL
violation happens in the woods, and everyone involved doesn't hear it, how
does anyone know that software rights have indeed been trampled upon in
those woods?”. As we do for as many GPL violation reports as we can, we zealously pursue RHEL-related GPL violations that
are reported to us, and if you're aware of one, please
do email us at
<compliance@sfconservancy.org> immediately. We fear that
be it through incompetence or malice, many RHEL salespeople and business
development professionals may regularly violate GPL and no one knows about
it. That said, the business model as described by IBM's Red Hat
may well comply with the GPL — it's just so murky that any tweak to
the model in any direction seems to definitely violate, in our experience.
Furthermore, Red Hat exploits the classic “caveat emptor”
approach — popular in many a shady business deal throughout history. While,
technically speaking, a careful reader of the GPL and the RHEL agreements
understands the bargain they're making, we suspect most small businesses
just don't have the FOSS licensing acumen and knowledge to truly understand
that deal.
Why Was an Independent CentOS So Important?
Until Red
Hat's “aquisition” of CentOS in early 2014, CentOS
provided an excellent counterbalance to the problems with the RHEL
business model. Specifically, CentOS was a community-driven project,
with many volunteers, supported by some involvement from small
businesses, to re-create RHEL releases using the
CCS releases
made for RHEL. Our pre-2014 view was that CentOS was the “canary in
the murky coalmine” of the RHEL business. If CentOS seemed vibrant,
usable, and a viable alternative to RHEL for those who didn't want to
purchase Red Hat's updates and services, the community could rest easy.
Even if there were GPL violations by Red Hat on RHEL, CentOS' vibrancy
assured that such violations were having only a minor negative impact on
the FOSS community around RHEL's codebase.
Red Hat, however, apparently knew that this vibrant community was cutting
into their profits. Starting in 2013, Red Hat engaged in a series of actions
that increased their grip. First, they “acquired”
CentOS. This was initially couched as a cooperation agreement, but Red Hat
systematically made job offers that key CentOS volunteers couldn't refuse,
acquired the small businesses who might ultimately build CentOS into a
product, and otherwise integrated CentOS into Red Hat's own operations.
After IBM acquired Red Hat, the situation got worse. Having gotten rights
to the CentOS brand as part of the “aquisition”, Red Hat slowly
began to change what CentOS was. CentOS Linux quickly ceased to be a
check-and-balance on RHEL, and just became a testing ground for RHEL.
Then, in 2020, when most of us were distracted by the worst of the COVID-19
pandemic, Red Hat unilaterally terminated all CentOS Linux development. Later (during
the Delta variant portion of the pandemic in late 2021) Red Hat ended CentOS Linux entirely.
IBM's Red Hat
then used the name “CentOS Stream” to refer to experimental
source packages related to RHEL. These were (and are) not actually the RHEL
source releases — rather, they appear to be primarily a testing
ground for what might appear in RHEL later.
Finally, Red Hat announced two days ago
that RHEL
CCS will no longer be publicly available in any way. Now, to be clear, the GPL agreements did not obligate Red Hat to make its
CCS publicly
available to everyone. This is a common misconception about GPL's
requirements. While the details of CCS provisioning vary in the different
versions of the GPL agreements, the general principle is that CCS need to
be provided either (a) along with the binary distributions to those who
receive, or (b) to those who request pursuant to a written offer for
source. In a normal situation, with no mitigating factors, the fact that
a company moved from distributing CCS publicly to everyone to only giving
it to customers who received the binaries already would not raise
concerns.
In this situation, however, this completes what appears to be a
decade-long plan by Red Hat to maximize the level of difficulty of
those in the community who wish to “trust but verify” that RHEL
complies with the GPL agreements. Namely, Red Hat has badly thwarted
efforts by entities such
as Rocky
Linux
and Alma
Linux. These entities are de-facto the intellectual successors to
CentOS Linux project that Red Hat carefully dismantled over the last decade. These organizations
sought to build Linux-based distributions that mirrored RHEL
releases, and it is now unclear if they can do that effectively, since Red Hat will undoubtedly capriciously refuse to sell them exactly-one RHEL service and update “seat license” at a reasonable price. It appears that, as of this week, one must have at least that to get timely access to RHEL CCS.
What Should Those Who Care About Software Rights Do About RHEL?
Due to this ongoing bad behavior by IBM's Red Hat, the situation has
become increasingly complex and difficult to face. No third party can
effectively monitor RHEL compliance with the GPL agreements, since
customers live in fear of losing their much-needed service contracts.
Red Hat's legal department
has systematically refused SFC's requests in recent years to set up some
form of monitoring by SFC. (For example, we asked to review the training
materials and documents that RHEL salespeople are given to convince
customers to buy RHEL, and Red Hat has not been willing to share these
materials with us.) Nevertheless, since SFC serves as the global watchdog for
GPL compliance, we welcome reports of RHEL-related violations.
We finally express our sadness that this long road has led the FOSS community to such a disappointing place. I
personally remember standing with Erik Troan in a Red Hat booth at a USENIX
conference in the late 1990s, and meeting Bob Young around the same time.
Both expressed how much they wanted to build a company that respected,
collaborated with, engaged with, and most of all treated as equals the wide
spectrum of individuals, hobbyists, and small businesses that make the
plurality of the FOSS community. We hope that the
modern Red Hat can find their way back to this mission under IBM's control.
[permalink]
Tags:
conservancy,
GPL,
law
Next page (older) »
[1] 234567
Blog Index by Year
●2026
●2025
●2024
●2023
●2022
●2021
●2020
●2019
●2018
●2017
●2016
●2015
●2014
●2013
●2012
●2011
●2010
Blogs by Tag
●conservancy
●GPL
●supporter
●licensing
●conferences
●law
●events
●software freedom for everyone
●Member Projects
●Outreachy
●FOSS Sustainability
●diversity
●resources
●Copyleft Conf
●ContractPatch
●Filings
●Godot
●Reproducible Builds
●Year In Review 2016
●fundraiser
●CLA
●Wine
●Year In Review 2015
●Kallithea
●QEMU
●Selenium
●Google Summer of Code
●Homebrew
●inkscape
●patent
●security
●Clojars
●Git
●Hackfests
●Racket
●cyborg
●phpMyAdmin
●pypy
●volunteer
●Accounting
●LibreHealth
●Shotwell
●inclusion
●jQuery
●microblocks
●sourceware
Blogs by Author
●Vladimir Bejdo
●Kate Chapman
●Pamela Chestek
●Denver Gingerich
●Bradley M. Kühn and Denver Gingerich
●Will Hawkins
●Fred Jennings
●Deb and Karen
●Jeff King
●Bradley M. Kühn
●Conservancy + Bro LT
●Christine Lemmer-Webber
●Deb Nicholson
●Sourceware PLC
●Rick Sanders
●Bradley M. Kühn and Karen M. Sandler
●Karen Sandler
●Tony Sebro
●Sage A. Sharp
●Brett Smith
●Conservancy's Staff
●Daniel Takamori
●Outreachy Team
●Marina Zhurakhinskaya
●Molly deBlanc
●Main Page
●Contact
●Sponsors
●RSS Feed
●
Software Freedom Conservancy is a 501(c)(3) non-profit charity.
Privacy Policy last updated 22 December 2020.
This page and its contents are licensed under a Creative Commons Attribution-Share Alike 4.0 International License.
