There’s a lemmy.ml post on a Raleigh News Observer article about RedHat and how their new partner program stipulations ‘divide the open source community’. Inside that article are arguments favoring RedHat. These arguments always miss the point, which is that RedHat, and IBM by extension as the parent company, always maximize their copyrights with teams of lawyers, while in this case systematically violating the copyrights of every contributor to the Linux kernel and much of the other software released and redistributed by RedHat.
I’ll explain. But first, let’s begin with the Raleigh News and Observer article at the Lemmy.ml submission, which has a link to the canonical article. In that Lemmy comment forum, you’ll find commenters comparing the legal behavior of CentOS, Scientific Linux, and Rocky distributions - all based on RedHat Enterprise Linux - with so-called ‘software piracy’. Which turns on its face the license this software was distributed under, namely the GPL V2 for the Linux kernel, and some combination of open sources source licenses (including the GPL V3) for the rest.
Let us understand what RedHat is actually doing. Much of RedHat Linux is written by people other than software developers at RedHat. Those people released their software under the GPL, which allows for derivative modification as long as the GPL license is followed. This is the so-called ‘viral nature’ of the GPL. RedHat restricts distribution of source for binaries of software they wrote as derivatives of GPL software to only those who pay a support subscription fee. That’s software other people wrote and published under the GPL which they modified. And that is perfectly OK. As RMS said, paraphrasing, ‘free speech, not free beer’. But then they take it further, by restricting subscription paying recipients from redistributing to third parties all GPL source code RedHat MUST make available to them per the terms of the license by threatening to revoke a subscription. Thereby revoking access to the source. This violates the GPL by creating a coercive stipulation to the support license which restricts the rights of recipients to redistribute under the GPL.
See Section 6 from the GPL V2, which the entire Linux kernel is distributed under (note that the GPL V3 contains a similar provision):
- Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients’ exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License.
This means RedHat cannot coerce its partners by threatening to revoke subscription access in order to violate Section 6 of the GPL. That’s a copyright violation of the terms of the license by every contributor who released their work under the GPL, which RedHat has either modified or redistributes in whole. Therefore, this represents a massive structural copyright violation by RedHat against thousands of contributors who published software under the GPL that they either redistribute or modify and redistribute. Which is, like most of RedHat Linux. If RedHat wants to go closed source like this, then they should toss all GPL’d software in their RedHat distribution, and rewrite it themselves or use replacements under the BSD or MIT license. Which would make their play legal. A RedHat BSD distribution, for example.
Now, I have had experience with corporate license audits by major companies. IBM has a large team of lawyers who specialize in copyright infringement cases, and if you infringe their copyrights, and they find out, you should expect serious legal repercussions. The same is true for Microsoft, Adobe, Autodesk, etc. RedHat, as a subsidiary of IBM, is here violating the same laws IBM hires lawyers to get courts to enforce.
The difference here is that these big companies are singular entities with teams of lawyers, versus thousands of individual contributors who collectively created and published something this big company is now stealing. And let’s be clear, when you copy the Adobe Suite without paying a license fee, they call that shit “stealing”. But when RedHat does it, by violating license terms that thousands of creators have released their work under, RedHat’s PR flacks call legitimate redistribution under those license terms “piracy”. In order to muddy the waters and confuse people. No, it’s RedHat who is engaged in the piracy here. Just read the license.
I’m not a lawyer. I don’t know how to properly structure a response to this. Maybe the FSF or EFF organizes a few hundred major contributors, like Linus Torvolds, and files a class action lawsuit. Or maybe, for reasons, license rights of those organized contributors are ceded to an organization like the FSF en masse, and that organization files a copyright violation lawsuit. But those are tactical questions. At the core, those contributors MUST DEFEND THEIR COPYRIGHTS or we will all lose the right by fiat to create and redistribute software in the manner with these legal protections.
This is no joke. The entire Free Software movement is under threat by this, because if RedHat succeeds here, it will set a precedent. And every other company will run roughshod over the copyrights of individual creators in the same way.
Additional information on this issue can be found here:
https://sfconservancy.org/blog/2023/jun/23/rhel-gpl-analysis/
And here:
https://hackaday.com/2023/06/23/et-tu-red-hat/
EDIT I contacted Richard Stalman at the Free Software Foundation and he replied. He stated he thinks what RedHat is doing is “very wrong” but does not believe there is a legal remedy to the problem.
This is wrong. What they have said is that the entirety of RHEL will be in CentOS Stream.
So what is going on, which is acceptable, is that they are making the CentOS Stream more stable by doing work on RHEL (Before it is released to anyone.) in an internal repo, then pushing changes to CentOS Stream when they are ready to make an RHEL release and make a release from the CentOS Stream. Thus you will still get the exact source code of the binaries on the portal.
In closing from the CEO of RHEL:
So you don’t have anything to worry about. They aren’t breaking the GPL, they are simply doing work on unreleased binaries internally before bringing them externally.
what they put in their gitlab is besides the point. The issue here is they are forbidding other people from redistributing the sources they got from Red Hat, which is allowed by the GPL. They know they cannot legally stop people from doing so, so instead they have decided they will terminate contracts with those people.
In the view of many, this is “imposing further restrictions”, and thus breaking the GPL.
Everything I read about their EULA, they aren’t.
from their subscription terms (I don’t manage to get the exact link on my phone due to their weird site. click on the links for the agreements in the bottom ) https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/registrations
Yes, redistributing the subscription services isn’t the same as redistributing the software. The software is RHEL which is GPL’ed and outlined here: https://www.redhat.com/licenses/Red_Hat_GPLv2-Based_EULA_20191118.pdf
Which for the “certain obligations”
Which is perfectly acceptable in the GPL and many video games does this where the content is under a different copyright or trademark and the code is GPL’ed.
It’s not about the trademarks and you know it. Nobody here begrudges RedHat for protecting their trademarks. That’s a red herring.
Every contributor outside of RedHat who chose the GPL to protect their copyrights and intellectual property, do their copyrights matter here?
Are you willing to affirm that their intellectual property rights matter just as much as RedHat’s?
I’m not a lawyer or a judge but as far as I can tell your confusion comes from the trademark protection of Redhat and the GPL. There are GPLed games on Steam which requires an account which also states in the subscriber agreement that you can’t redistribute. https://store.steampowered.com/subscriber_agreement
Yet they host games like https://store.steampowered.com/app/370070/Wyrmsun/ which is GPLed and uses a GPLed game engine https://github.com/Wargus/stratagus.
So over here, Steam is doing what you’ve said Redhat is doing but actually is not. In fact, Steam is a far worse offender than Redhat in this because Redhat is just saying you can’t redistribute their Trademarked copies of the software. You can however redistribute copies without those trademarks but that it might prevent them from running. Like if you wrote a GPL’ed program that required an image file with a specific checksum to exist but then that tied to a trademarked image. You’d essentially be prevented from redistributing the GPLed binaries but you could modify the check and remove it.
So if you want someone to go after, go after Steam for this. Redhat is within the legal loopholes. Steam is blatantly breaking them.
Absolutely, the GPL isn’t being violated here as proven many times over.
Sure, I affirm that everyone’s IP rights including Redhat’s matter equally. The fact is that they aren’t being broken. You’ve misunderstood the contract details if you think they are, they put out a press release to stop the confusion but you seem to just keep wanting to push it forward. So go get lawyers and try them in court. See if it goes anywhere. Go after steam first.
I’m not talking about Steam. But if they’re violating the copyrights of creators who choose the GPL, by all means sue their asses too.
And I’m not talking about RedHat protecting their trademarks, which I consider perfectly legitimate.
I’m talking about threatening to revoke access to the support program, which is the only way to get RHEL source, as a way to prevent redistribution of GPL’d sourcecode. That’s a violation of Section 6 of the GPL, and therefore represents a copyright violation to everyone outside RedHat who has contributed source the project uses.
RedHat could solve this by making all GPL’d source available to the public. Or by stipulating that redistributed code under the GPL must have RedHat trademarks removed. Or by removing all GPL’d sourcecode in RHEL and using their own internally developed code, or using code released under the BSD or MIT, etc. licenses. A RedHat RHE-BSD, for example.
The trademark issue is just a RedHat Herring, so to speak. I’m fine with them demanding all RedHat trademarks be removed from GPL’d sourcecode related to the RHEL which others redistribute. But they may not violate the copyrights of contributors. Or else they should be sued for copyright infringement like anyone else. That’s the position I’m taking.
Note that I don’t demand the complete RHEL system. Components under BSD or MIT licenses, or those entirely written by RedHat, could be withheld and I wouldn’t care about that. This argument is specific to only GPL’d materials contributed by external parties.
And to be clear: when I say, ‘Sue their asses,’ I don’t mean in a North Carolina court where RedHat could judge shop for their best outcome. As per their contractual terms. No, I think California or New York would be best, because those jurisdictions are most likely to protect the intellectual property rights of contributors RedHat includes in RHEL.
At this point, we’ve been back and forth through this, and every time I’ve brought up the points where the RHEL source is actively available under the CentOS stream and you dodge the whole thing. You seem to be up in arms about it so go contact SFLC/FSF or some lawyer who will take the case. Let me know what it turns up. Personally, I wouldn’t be optimistic you had a case. Good luck.
This is not about CentOS. Or Scientific Linux. Or any specific distribution. This is about RedHat violating the copyrights of every author who has released software under the GPL which they redistribute, By enacting coercive limits on RHEL subscribers, who are the only people who receive GPL’d source from the RedHat Enterprise Linux product, RedHat thereby prevents those subscribers from redistributing without penalty Redhat’s derivative source code under the GPL. As noted, this directly violates Section 6 of the GPL V2, which the entire Linux Kernel is released under (and other stipulations in the GPL V3). Not to mention plenty of other GPL’d software RedHat redistributes themselves.
Forget CentOS. That’s a side issue. And a distraction. It’s like RedHat throwing a bone to try and make this go away.
Can you point to the RHEL Subscriber EULA that says they can’t redistribute the GPL’ed binaries? I’m very curious about that.
Lovely trick, you’d have to buy a subscription to get the EULA. So no, I can’t. But here’s a good write up on the issue.
https://hackaday.com/2023/06/23/et-tu-red-hat/
EDIT: I’d like to ask: Is the RedHat RHEL EULA copyrighted by RedHat? Would republishing it therefore violate their copyright, giving RedHat reason to file a copyright claim? That would be a good way to prevent non-subscribers from reading the EULA and discussing it in public.
You can’t enter into an agreement without reading it first thus you can’t only serve the EULA to subscribers. Legally, it makes no sense and you not being able to point to it makes it feel like you don’t have anything but FUD to go on. Anything I’ve found for Redhat’s EULA explicitly states you can redistribute under the gpl v2 license. I suspect you’d find this is all misinformation and FUD in the community.
so I went and downloaded the “Red hat developer subscription for individuals” agreement and saw that it disallowed distributing branded red hat software due to their own trademark and copyright. They do not explicitly disallow distributing the software if you unbrand it. Additionally I read the https://www.redhat.com/licenses/Red_Hat_GPLv2-Based_EULA_20191118.pdf agreement which explicitly allows redistributing as long as you unbrand their software which again, is gpl compatible.
So no they aren’t breaking the law and it seems like anyone claiming so it’s either purposely or mistakenly spreading misinformation to create FUD because big scary corp bad.
That’s not true.
https://www.eff.org/wp/dangerous-terms-users-guide-eulas
You wrote:
That and the link is very cool. I did look for it but I didn’t find it. You did. And you posted a cite and link. I’ll dig through it. The branding issues by RedHat is perfectly reasonable and I wouldn’t complain about that. But something else is going on, or RedHat has changed their policy after the public outcry six months ago. And I’ll dig into that too.
Actually, thank you.
EDIT I don’t think this is the RHEL EULA license and support agreement. I think this is a standard license for all RedHat branded products, like Fedora et all. Will dig.
EDIT 2 NOTE there is a confidentiality agreement in the US version of the RHEL contract posted at RedHat:
https://www.redhat.com/en/about/agreements
https://www.redhat.com/licenses/Enterprise_Agreement_Webversion_NA_English_20211109.pdf
The article says with
You don’t have to read it but they have to show you the EULA. That’s the whole EFF argument there is that they aren’t checking hard enough to make sure you read it. The reading it part isn’t exactly what I meant and you are either being pedantic or clueless.
Buying it isn’t entering into the EULA agreement though. They are talking about software you purchase usually from a brick and mortar store that don’t provide the EULA before purchase. Online you can usually even see the EULA before purchase but either way I was talking about it before agreeing to it.
As I said:
https://law.stackexchange.com/questions/80566/are-contracts-of-adhesion-that-require-you-to-agree-to-them-before-viewing-them
It’s literally not legal and completely voids the contract.
No, EFF also complains one doesn’t get the shrinkwrap agreement until after the product is bought. Often with little to no means to refuse and return for a refund. So it’s coercive.
This is relevant to the RedHat issue here because my reading of the public facing RHEL US agreement at that link I posted is that there’s a nondisclosure agreement you must agree to in order to purchase a subscription for support, but what specifically you’re agreeing to not disclose will be made clear only after signing a contract and paying the fee.
See Section 8.1 under Confidentiality.
I further note that the Stackexchange link you post only makes my point for me on what Redhat is doing here.
Further, under Section 10 RedHat reserves the right to Audit your facilities for compliance for up to one year after termination of the contract. And…
Under Section 12 they require you agree to any dispute resolution in North Carolina courts as a venue, and to relinquish any rights under New York or California state laws (which I assume is not to their advantage).
Again, we aren’t talking about the time of purchase, we are talking about the time of agreement. The shrinkwrap agreement is still shown before it takes effect or there is a way to access it. Typically during the installation process.
But the agreement is still available to you before you agree to it. I’ve entered into a few business agreements like this. You sign an NDA then you get the agreement to sign or reject but you can’t tell people about it or that you were even in talks due to the NDA. You still get to see what you agree to beforehand. Besides this steps outside of consumer law since it’s an enterprise agreement which specifically wasn’t what I was talking about nor was the EFF.
Either way, this is so far off-topic that it’s silly. RHEL isn’t denying redistributing the GPL 2 binaries, as per the EULA RHEL agreement I pointed to.
the entirety of the next, unreleased version of rhel will be in centos stream. Not the current version
I don’t see that as the case but even if true, I don’t see the impact that would have.
suppose they do build rhel out of centos stream. You arrive an hour later and download centos stream. It has been updated since then. You don’t have rhel sources.
As long as they tag it for release it such there isn’t a problem. Many gpl software repos already work like that. Even if they don’t tag it, you have the repo and commit history. Technically you have a way of getting the source.
deleted by creator