There’s a lemmy.ml post on a Raleigh News Observer article about RedHat and how their new partner program stipulations ‘divide the open source community’. Inside that article are arguments favoring RedHat. These arguments always miss the point, which is that RedHat, and IBM by extension as the parent company, always maximize their copyrights with teams of lawyers, while in this case systematically violating the copyrights of every contributor to the Linux kernel and much of the other software released and redistributed by RedHat.
I’ll explain. But first, let’s begin with the Raleigh News and Observer article at the Lemmy.ml submission, which has a link to the canonical article. In that Lemmy comment forum, you’ll find commenters comparing the legal behavior of CentOS, Scientific Linux, and Rocky distributions - all based on RedHat Enterprise Linux - with so-called ‘software piracy’. Which turns on its face the license this software was distributed under, namely the GPL V2 for the Linux kernel, and some combination of open sources source licenses (including the GPL V3) for the rest.
Let us understand what RedHat is actually doing. Much of RedHat Linux is written by people other than software developers at RedHat. Those people released their software under the GPL, which allows for derivative modification as long as the GPL license is followed. This is the so-called ‘viral nature’ of the GPL. RedHat restricts distribution of source for binaries of software they wrote as derivatives of GPL software to only those who pay a support subscription fee. That’s software other people wrote and published under the GPL which they modified. And that is perfectly OK. As RMS said, paraphrasing, ‘free speech, not free beer’. But then they take it further, by restricting subscription paying recipients from redistributing to third parties all GPL source code RedHat MUST make available to them per the terms of the license by threatening to revoke a subscription. Thereby revoking access to the source. This violates the GPL by creating a coercive stipulation to the support license which restricts the rights of recipients to redistribute under the GPL.
See Section 6 from the GPL V2, which the entire Linux kernel is distributed under (note that the GPL V3 contains a similar provision):
- Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients’ exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License.
This means RedHat cannot coerce its partners by threatening to revoke subscription access in order to violate Section 6 of the GPL. That’s a copyright violation of the terms of the license by every contributor who released their work under the GPL, which RedHat has either modified or redistributes in whole. Therefore, this represents a massive structural copyright violation by RedHat against thousands of contributors who published software under the GPL that they either redistribute or modify and redistribute. Which is, like most of RedHat Linux. If RedHat wants to go closed source like this, then they should toss all GPL’d software in their RedHat distribution, and rewrite it themselves or use replacements under the BSD or MIT license. Which would make their play legal. A RedHat BSD distribution, for example.
Now, I have had experience with corporate license audits by major companies. IBM has a large team of lawyers who specialize in copyright infringement cases, and if you infringe their copyrights, and they find out, you should expect serious legal repercussions. The same is true for Microsoft, Adobe, Autodesk, etc. RedHat, as a subsidiary of IBM, is here violating the same laws IBM hires lawyers to get courts to enforce.
The difference here is that these big companies are singular entities with teams of lawyers, versus thousands of individual contributors who collectively created and published something this big company is now stealing. And let’s be clear, when you copy the Adobe Suite without paying a license fee, they call that shit “stealing”. But when RedHat does it, by violating license terms that thousands of creators have released their work under, RedHat’s PR flacks call legitimate redistribution under those license terms “piracy”. In order to muddy the waters and confuse people. No, it’s RedHat who is engaged in the piracy here. Just read the license.
I’m not a lawyer. I don’t know how to properly structure a response to this. Maybe the FSF or EFF organizes a few hundred major contributors, like Linus Torvolds, and files a class action lawsuit. Or maybe, for reasons, license rights of those organized contributors are ceded to an organization like the FSF en masse, and that organization files a copyright violation lawsuit. But those are tactical questions. At the core, those contributors MUST DEFEND THEIR COPYRIGHTS or we will all lose the right by fiat to create and redistribute software in the manner with these legal protections.
This is no joke. The entire Free Software movement is under threat by this, because if RedHat succeeds here, it will set a precedent. And every other company will run roughshod over the copyrights of individual creators in the same way.
Additional information on this issue can be found here:
https://sfconservancy.org/blog/2023/jun/23/rhel-gpl-analysis/
And here:
https://hackaday.com/2023/06/23/et-tu-red-hat/
EDIT I contacted Richard Stalman at the Free Software Foundation and he replied. He stated he thinks what RedHat is doing is “very wrong” but does not believe there is a legal remedy to the problem.
That’s not true.
https://www.eff.org/wp/dangerous-terms-users-guide-eulas
You wrote:
That and the link is very cool. I did look for it but I didn’t find it. You did. And you posted a cite and link. I’ll dig through it. The branding issues by RedHat is perfectly reasonable and I wouldn’t complain about that. But something else is going on, or RedHat has changed their policy after the public outcry six months ago. And I’ll dig into that too.
Actually, thank you.
EDIT I don’t think this is the RHEL EULA license and support agreement. I think this is a standard license for all RedHat branded products, like Fedora et all. Will dig.
EDIT 2 NOTE there is a confidentiality agreement in the US version of the RHEL contract posted at RedHat:
https://www.redhat.com/en/about/agreements
https://www.redhat.com/licenses/Enterprise_Agreement_Webversion_NA_English_20211109.pdf
The article says with
You don’t have to read it but they have to show you the EULA. That’s the whole EFF argument there is that they aren’t checking hard enough to make sure you read it. The reading it part isn’t exactly what I meant and you are either being pedantic or clueless.
Buying it isn’t entering into the EULA agreement though. They are talking about software you purchase usually from a brick and mortar store that don’t provide the EULA before purchase. Online you can usually even see the EULA before purchase but either way I was talking about it before agreeing to it.
As I said:
https://law.stackexchange.com/questions/80566/are-contracts-of-adhesion-that-require-you-to-agree-to-them-before-viewing-them
It’s literally not legal and completely voids the contract.
No, EFF also complains one doesn’t get the shrinkwrap agreement until after the product is bought. Often with little to no means to refuse and return for a refund. So it’s coercive.
This is relevant to the RedHat issue here because my reading of the public facing RHEL US agreement at that link I posted is that there’s a nondisclosure agreement you must agree to in order to purchase a subscription for support, but what specifically you’re agreeing to not disclose will be made clear only after signing a contract and paying the fee.
See Section 8.1 under Confidentiality.
I further note that the Stackexchange link you post only makes my point for me on what Redhat is doing here.
Further, under Section 10 RedHat reserves the right to Audit your facilities for compliance for up to one year after termination of the contract. And…
Under Section 12 they require you agree to any dispute resolution in North Carolina courts as a venue, and to relinquish any rights under New York or California state laws (which I assume is not to their advantage).
Again, we aren’t talking about the time of purchase, we are talking about the time of agreement. The shrinkwrap agreement is still shown before it takes effect or there is a way to access it. Typically during the installation process.
But the agreement is still available to you before you agree to it. I’ve entered into a few business agreements like this. You sign an NDA then you get the agreement to sign or reject but you can’t tell people about it or that you were even in talks due to the NDA. You still get to see what you agree to beforehand. Besides this steps outside of consumer law since it’s an enterprise agreement which specifically wasn’t what I was talking about nor was the EFF.
Either way, this is so far off-topic that it’s silly. RHEL isn’t denying redistributing the GPL 2 binaries, as per the EULA RHEL agreement I pointed to.
No, it is not. What are the terms of that nondisclosure agreement I would sign were i to agree to and pay for a RHEL subscription? Can you show it to me? A question you asked me only a few comments prior.
And why does that contract jnclude on-site auditing of one’s facilities to verify license compliance for ostensibly open source software? For up a year after termination of the subscription. Sheesh.
This is not silly. The EULA you pointed to does not relate to RHEL subscription licensing and contractual obligations. So the question of constraining subscribers from releasing source obtained from RHEL portals is not answered by the document you cited.
https://www.redhat.com/licenses/Enterprise_Agreement_Webversion_NA_English_20211109.pdf
You’ve already pointed to this document. That’s the NDA inside of that agreement. I don’t see the confusion you are having here. This is an enterprise-level service agreement. This license does not prevent you from distributing RHEL source code without Redhat trademarked images.
It’s not a license for the software, it’s a license for the service. At the end of 8.2, it explicitly states that information covered under open source is not confidential information. The license for the software is located at https://www.redhat.com/licenses/Red_Hat_GPLv2-Based_EULA_20191118.pdf which is the EULA, not a service agreement like the above. Please direct your attention to Section 1. It explicitly allows you to follow the GPL v2.
The two do not relate legally. The service level agreement is for the service. The EULA is for the software. This is perfectly fine to do from a legal standpoint.
Note that you can download and redistribute RHEL at no cost https://developers.redhat.com/products/rhel/download
Creating an account is free and the terms are here: https://www.redhat.com/wapps/tnc/viewterms/72ce03fd-1564-41f3-9707-a09747625585 (not sure if this link changes.)
Overall, redhat has a lot of legal documents here, all are provided on their site without an account. When you go to register, they provide links and check boxes to what you are agreeing to. I do not see this as a problem. If you do, then more power to you. See if you can get a lawyer to fight whatever battle you think is here.
The software and service are tied by coordinated legal documents. And no, I don’t believe RedHat discloses all of the stipulations one is bound by in their public documents.
I’ve signed many NDAs in my career. I don’t oppose them outright. For example, an architectural firm requiring an NDA to view proposed building plans under bid. If I have need as part of project work? Sure, I’ll sign. No problem.
This is different. Because I think the constraint here leads to a massive copyright violation. Think of it this way, suppose a company requires I sign an NDA protecting them from my disclosing their widespread piracy of Adobe products. If I disclose, I’m sued. If I don’t, I’m an accessory to a felony.
Now, is what RedHat doing here a felony copyright violation? I don’t know and that’s not my point. Instead, I’m arguing it as a hypothetical. Thousands of contributors who’ve chosen the GPL to protect their work must have their copyrights respected. RedHat - and IBM by extension - must respect those copyrights.
Can we agree on that?