Following up on 2007-06-29-gplv3-tivo-and-linux.en, here's another question for those who perceive tivoization as a good thing, that it's just a matter of authorization outside the scope of the GPL, and that intent of the distributor in configuring the tivoizing device plays no role.
First of all, I shall point out that I'm not a lawyer, so none of this should be construed as legal advice or permission to excuse oneself from complying with the legal requirements of the GPL, on code whose copyright is held by myself or anyone else, using the (IMHO disparate) reasoning presented below, based on arguments brought up on LKML before I posted http://lkml.org/lkml/2007/6/28/202.
Consider the following scenario:
Software vendor places a GPLv2 program for sale on a web site. Customers pay a fee and are granted access to a web page from which they can download both binaries and sources over a securely encrypted network session. The web page encourages them to download the sources first, because, one hour after the download of the binary completes, the password that grants access to the web page and to the downloadable bits is revoked.
Sloppy customer downloads only the binaries. Days later, they decide they want to hire someone else to modify the software for them. Then they realize they don't have the sources, and that they declined the opportunity to have them. So they can't reasonably modify the software, or distribute the software for another party to do it for them. They got themselves into this situation by declining the source download. The software distributor is not imposing a restriction, it's the copyright holder that is, through the license.
Now compare this with the following scenario:
Tivoizer sells hardware containing a very limited operating system, tivoized or otherwise non-Free. This operating system is just enough to get into the network, authenticate the machine with the vendor's servers, download a fully-functional operating system image and install it such that it's used next time the machine boots up.
The authentication mechanism relies on the same cryptographic co-processor used to prevent execution of software not signed by the vendor, such that only the tivoizing boxes themselves can establish sessions with the server, and only by running software approved by the vendor. The network session is securely encrypted.
The downloaded operating system image contains binary software under GPLv2. The corresponding sources could be downloaded through the same network session, however, the software installed on the device declines, on behalf of the user, to download the sources.
In both cases, the user ends up without the sources, and is thus unable to reasonably modify the software or to distribute it. But have the distributors infringed GPLv2? The sources were (and still are) available, just behind an authorization barrier that the user can no longer get through without help from the vendor.
Since the sources could have been downloaded, but the user (or the computer acting on her behalf) declined, it could be argued (in spite of evident intent to escape from the intent of the GPL in the second case) that in both cases it's not the vendor who's imposing restrictions on modification or distribution, and that the distribution was in compliance with the requirements of the GPLv2, namely:
- You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange;
[...]
If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code.
GPLv3 comes to the rescue:
- Conveying Non-Source Forms.
You may convey a covered work in object code form under the terms of sections 4 and 5, provided that you also convey the machine-readable Corresponding Source under the terms of this License, in one of these ways:
a) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by the Corresponding Source fixed on a durable physical medium customarily used for software interchange.
b) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by a written offer, valid for at least three years and valid for as long as you offer spare parts or customer support for that product model, to give anyone who possesses the object code either (1) a copy of the Corresponding Source for all the software in the product that is covered by this License, on a durable physical medium customarily used for software interchange, for a price no more than your reasonable cost of physically performing this conveying of source, or (2) access to copy the Corresponding Source from a network server at no charge.
[...]
If you convey an object code work under this section in, or with, or specifically for use in, a User Product, and the conveying occurs as part of a transaction in which the right of possession and use of the User Product is transferred to the recipient in perpetuity or for a fixed term (regardless of how the transaction is characterized), the Corresponding Source conveyed under this section must be accompanied by the Installation Information.
I'm told that, if access to the server holding the binaries and sources is granted as part of the transaction involving the User Product (and it must be, since the User Product won't do anything useful without access to the server), then the distribution of the binaries occurs under clause (a) or (b), and thus the user will eventually be able to get the source code and Installation Information to modify the binaries.
I guess those who want to permit tivoization under GPLv2 had never thought this might be usable as an escape to the obligation of offering source code of improved versions of their own software. And no, I don't think it can, but I don't think tivoization is permitted by GPLv2 either.
So blong...