A superficially modest blog post from a senior Hatter announces that going forward, the company will only publish the source code of its CentOS Stream product to the world. In other words, only paying customers will be able to obtain the source code to Red Hat Enterprise Linux… And under the terms of their contracts with the Hat, that means that they can’t publish it.

    • aranym@lemmy.nameOP
      link
      fedilink
      arrow-up
      13
      ·
      edit-2
      1 year ago

      Most of their stuff is under the GPL. It’s a GPL violation to not allow their customers to share the source. I’m guessing they’ll reverse this decision (or selectively release everything they’re obligated to) within a week.

      • Leigh@beehaw.orgM
        link
        fedilink
        English
        arrow-up
        15
        ·
        1 year ago

        I have to image that their fleet of attorneys would have thought of this before hand.

        • aranym@lemmy.nameOP
          link
          fedilink
          English
          arrow-up
          8
          ·
          edit-2
          1 year ago

          I was confused they didn’t think of this either, but the language in the license is very clear. I see no way it cannot be infringing - the only way you can be restricted from redistributing GPLv3’d source is if you publish it incorrectly. If you override these rights in any way, you lose your license to distribute the GPLed software and it turns into piracy.

          That’s ignoring the variety of other OSS licenses used for software in their repositories, many of which have similar (or even broader) redistribution rights.

          Relevant GPLv3 language:

          Section 4. Conveying Verbatim Copies.
          
          "You may convey verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice; keep intact all notices stating that this License and any non-permissive terms added in accord with section 7 apply to the code; keep intact all notices of the absence of any warranty; and give all recipients a copy of this License along with the Program."
          
          
          Section 5. Conveying Modified Source Versions.
          
          "You may convey a work based on the Program, or the modifications to produce it from the Program, in the form of source code under the terms of section 4, provided that you also meet all of these conditions:
          a) The work must carry prominent notices stating that you modified it, and giving a relevant date.
          b) The work must carry prominent notices stating that it is released under this License and any conditions added under section 7. This requirement modifies the requirement in section 4 to “keep intact all notices”.
          c) You must license the entire work, as a whole, under this License to anyone who comes into possession of a copy. This License will therefore apply, along with any applicable section 7 additional terms, to the whole of the work, and all its parts, regardless of how they are packaged. This License gives no permission to license the work in any other way, but it does not invalidate such permission if you have separately received it.
          d) If the work has interactive user interfaces, each must display Appropriate Legal Notices; however, if the Program has interactive interfaces that do not display Appropriate Legal Notices, your work need not make them do so."
          
          • aranym@lemmy.nameOP
            link
            fedilink
            English
            arrow-up
            6
            ·
            edit-2
            1 year ago

            Another excerpt from the GPLv3 that explicitly describes and disallows what Red Hat is doing - you are explicitly not allowed to add any restrictions when you redistribute GPLv3 licensed software:

            If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term.
            

            …aaand an additional excerpt which disallows Red Hat’s restrictions:

            Each time you convey a covered work, the recipient automatically receives a license from the original licensors, to run, modify and propagate that work, subject to this License.
            

            (note: “original licensors” is not Red Hat regarding any software other than their own. Red Hat cannot change or infringe upon rights received from upstream.)

            and ANOTHER excerpt:

            If you distribute copies of such a program, whether gratis or for a fee, you must pass on to the recipients the same freedoms that you received. You must make sure that they, too, receive or can get the source code.
            
            • brie@beehaw.org
              link
              fedilink
              English
              arrow-up
              6
              ·
              1 year ago

              What if they technically allow redistribution, but terminate access to recieving updates for doing so? So you can distribute a copy of version N, but if you do so you will not recieve version N+1, and therefore will not be able to get source code for version N+1. Not sure if this is how it is in their contract though.

              • aranym@lemmy.nameOP
                link
                fedilink
                English
                arrow-up
                2
                ·
                edit-2
                1 year ago

                It could be argued that is also a restriction disallowed by the GPL (in my mind any terms that bring negative consequences for expressing your rights given by the license are restrictions), but at that point it’s really beyond my expertise on this subject. I’m not sure if the GPLv3 even defines this at all - maybe Red Hat is banking on that ambiguity.

                • 13zero@kbin.social
                  link
                  fedilink
                  arrow-up
                  4
                  ·
                  1 year ago

                  They might also be banking on GPLv3 contributors being unable/unwilling to take them to court. The Linux kernel is GPLv2, and its contributors are probably more of a legal threat than anything else in RHEL.

      • chameleon@kbin.social
        link
        fedilink
        arrow-up
        11
        ·
        1 year ago

        SF Conservancy analyzed this and found that it’s probably legally OK, if very much on the edge of what’s allowed. RH doesn’t sue you for redistribution or anything, they ‘just’ terminate the contract and the GPL doesn’t force anyone to deal with anyone. It’s the same stupid model grsecurity applied some years ago.

        But regardless of legality, morally, this is just completely and utterly wrong. I’m not totally surprised post-IBM Red Hat went in this direction, but I’m disappointed and angry anyway.

        • aranym@lemmy.nameOP
          link
          fedilink
          arrow-up
          4
          ·
          1 year ago

          I find it interesting that even the conservancy can’t really say whether or not it’s OK legally definitively. Here’s hoping someone still takes them to court over this, wins, and sets precedence that it’s a violation of the GPL (extremely unlikely, but a guy can dream)

          I remember people talking about potential scenarios very similar to this when Red Hat was acquired. They were right.

      • aard@kyu.de
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        The problem here is not the source of the applications, but the source of the package build scripts - which in big parts are RedHat property.

        RedHat must provide you the sources - but for that it is sufficient to give you the source of whatever is packaged. In the past commercial distributions just fulfilled that requirement by dumping source packages, which have the source as well as the scripts required to build binary packages. They do not have to provide you with the build scripts.

        The problem with RedHat is that many companies certify their stuff to work on RedHat - so for that to work without running into the occasional obscure problem you need to build the sources the exact same way as RedHat is doing. That’s what CentOS used to do until version 7, and that’s what currently some other distributions are doing. Without the build scripts it’ll be next to impossible to do that - you’d pretty much have to duplicate the RedHat engineering team. But it is completely legal, as they own the scripts, and since they’re completely separate from the application itself don’t have to be GPL.

    • copolymer__@lemmy.one
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      AFAIK, the source is still available with a free Developer License from Red Hat. Still annoying AF, though.

        • quaddo@kbin.social
          link
          fedilink
          arrow-up
          6
          ·
          edit-2
          1 year ago

          From TFA:

          Some commentators are pointing out that it’s possible to sign up for a free Red Hat Developer account, and obtain the source code legitimately that way. This is perfectly true, but the problem is that the license agreement that you have to sign to get that account prevents you from redistributing the software.

          So although the downstream distros could still get hold of the software source code, they can’t actually use it. In principle, if they make substantial modifications, they can share those, but the whole raison d’être of RHEL-compatible distros is to avoid major changes and so retain “bug-for-bug compatibility.”

          Of course, they could take a “publish and be damned” attitude and do it anyway. At best, the likely result is immediate cancellation of their subscription and account. That could work but will result in a cat-and-mouse game: downstream distributors continually opening new free developer accounts, and the Hat potentially retaliating by blueprinting downloads and stomping on violators’ accounts. It would not be a sustainable model.

          At worst, though, they could face potentially getting sued into oblivion.

          ETA the full context.

        • copolymer__@lemmy.one
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          Idk, I don’t think they’re trying to kill downstreams. IMHO, they’re just cleaning things up. Why should the RHEL source be in the CentOS repos?