Hello, hello.
You can take that one.
Hello everyone and welcome to the 2024 legal and policy dev room.
It's the 12th annual.
We're really glad you're here. We've got a short program, but it's packed with exciting content.
I'm excited to hear what people say.
We're going to probably just, do we say our names real quick?
Yeah, go ahead.
Hello, I'm Tom Marble and thank you so much for coming.
Tom is the founder of the dev room. I'm Bradley Kuhn, one of the co-organizers.
I'm Matthias Kirchner, also one of the co-organizers.
I'm Alexander Sander from the FSFE also co-organizer.
And I'm Karen Saylor.
And I'm on this panel. Without any further ado, shall we begin?
Hello everybody. It's cool that this room is so full again, but it's not a big surprise.
I'm Marcus Falner and I'm going to be the host or moderator with this wonderful panel with Liam, Karen and Penny.
And I'm pretty sure you already know what we're going to talk about.
So here we are.
Me, I'm Marcus. I'm an open source journalist.
I've been doing writings for Linux and open source for many, many years.
And I have disclaimer. I was working also for Susie once.
And actually today I was thinking which hoodie to wear because yesterday I got a CentOS hoodie at the CentOS Connect event.
And I have a Susie hoodie, but I thought both of them wouldn't be appropriate.
So I'm here without any advertisement.
And on this panel, we're talking about Red Hat, CentOS and hopefully also the general move that at least I see.
And I hope that others also see towards an old demon that is sort of waking up again.
And that's the demon, as I call it, of open core.
There was an open core summit and there is open core investment funds that invest into open source, but only if you're doing open core.
And that all came to my interest as a journalist because I was writing articles about the topic last year.
And then I found lots and lots of articles of a guy from England that I knew from the past.
And this is already where I hand over sort of to the self introduction of my, our guests here.
So I'm not starting with the ladies. I'm very sorry because I already mentioned Liam.
And okay, I'm not just briefly, Liam, open source journalist at the register.
Everybody knows Karen. She has already introduced her just a minute ago and from the free software conservancy.
It's actually software freedom.
Software freedom. I'm so bad at that. Sorry.
The slide is wrong too.
The slide is wrong. Oh, good.
Yeah, the slide is wrong.
Oh, thanks for giving me an excuse.
Yeah. And it's Benny Vasquez from the board of directors and the chair of the board of directors of the Alma Linux OS Foundation.
So I hand over to Liam, who actually is a very skilled and long time writer.
And yeah, he, I even hired him when I was at Susie. I was team lead documentation.
And so Liam, watch what you're saying. I'm not your boss anymore.
So we have them.
Can we ask, can we ask you a question first?
Yes, please.
Why did you choose such a controversial title?
Why did I choose such a controversial title?
Oh, you don't know, you don't know me that much.
I'm, yeah, I'm, I have quite a reputation in, in what I write.
I often write technical things, but I also like doing some kind of investigative stuff.
And so I have also some, some friends out there in the world of free or not so free on the open source software.
The FSVE can tell you lots of stories.
We've been working together a lot of times in doing research.
So last time that was about data port phoenix, German, the story about a public institution being funded with lots and lots of millions for developing open source and never delivering anything in open source.
Many years before I did lots of writings about the Luca app in Germany and an app, a tracking app for health services during the Corona epidemic, pandemic and similar things.
So I'm kind of, yeah, I like to go where it hurts sometimes in journalism.
I guess that's my reputation, isn't it?
Yeah.
So Liam, you just take.
I think we have one.
Hello.
Okay.
As you like.
So yes, hello.
My name is Liam Proven.
These days I write for the register, a UK and US IT news site.
I'm the open source guy at the register these days.
For the previous roughly eight years, I was working in the area of tech documentation.
And before I went to work for the register, I worked for SUSE for about four years where for a while, Marcus here was my boss.
And before that, a couple of jobs before that, I worked for a short time for Red Hat.
I actually moved to the Czech Republic to work for Red Hat and did not pass my probation period with the company.
I moved to a whole new country for this job.
And as was recommended in the onboarding pack, I started a flame war on the company wide mailing list.
This is a recommended way to get to know people in the company.
Mine ran massively out of control and resulted in me being let go after just two months.
I am not a big fan of Red Hat.
Now, I've been using Linux for about 30 years now.
And Red Hat Linux back in the 90s was one of the first distributions I used.
I wrote quite a lot about it back in the day.
I do not generally use any Red Hat products or services anymore, but bizarrely enough in the Red Hat CentOS source code,
I have found myself in a very strange position of defending the company and defending its actions.
And I think I might be doing so here again today.
Just for context, one of the articles I wrote, which Bradley kindly linked to from an SFC article analyzing this,
I had at one point simultaneously a thread attacking me on hacker news for being an obvious Red Hat shill,
and they told me that I should quit my job and go and work for Red Hat Public Relations,
while simultaneously another guy on Twitter backed by multiple Red Hatters was saying that I was an evil hostile troll
who obviously hated Red Hat, Linux, open source and everything it stood for, and I should be ashamed of myself.
So when those came to a peak simultaneously, I just told them go and talk to each other and sort it out.
But by the way, I'm not going to go and work for Red Hat because those guys fired me, so no, I don't have the option.
So yeah, my position is a strange and conflicted one. But let's see.
Karen, you never worked for any distributor, did you? Did you work for Red Hat?
No, I've never worked for it.
Susie?
No, no, my path goes straight from engineering school to law school to corporate law to nonprofits.
So my perspective is really from the public interest of software.
My interest in software freedom originates from the fact that I have a pacemaker defibrillator.
I have a heart condition. That's actually quite common.
I just, like, we found out as a society recently.
It's really exciting, but I've been at a very high risk of suddenly dying, so I need this defibrillator.
I can't see the source code in my own body.
I was shocked unnecessarily while pregnant.
The whole thing is just wild, and it really makes you wake up and say,
boy, I really care about what happens with my software.
I really care that we have control over it.
I really care that we can take collective action.
And so I'm at Software Freedom Conservancy as executive director.
I am a lawyer, but I'm not your lawyer.
I've never been Red Hat's lawyer.
And I'll just say that everything from my analysis is just what's going to be good for the state of software.
And that's why we also have Benny here on stage as one of the persons representing one of the entities affected by Red Hat's moves in the last years.
Yeah, so I'm Benny. I work with the Amalenics OS Foundation.
My path to this is through, shall we say, I started as part of the CentOS community.
I was a user for many, many years.
When I started using CentOS, I didn't know that Red Hat existed.
It was just, I walked into a place where we were using CentOS, so that's what I knew.
And the last 20-ish years have been a wild ride, shall we say.
And I'm excited to be here because the perspective that we have is 100%.
As users of CentOS, we needed a solution.
So that's where we came from.
I also had some points in my career where I got in contact with Red Hat.
Both as a journalist and also with many, many people, of course.
As I said yesterday, I was on the CentOS Summit and I talked to Red Hat.
And I'm very happy that we have a panel here with such exquisite friends, I have to say.
Because, believe it or not, the number of people that said, yes, yes, I want to be on that panel
that agreed to me when I asked them, exceeds the size of this panel by double, I would say.
So we had like, I have like six or seven people that said, yes, I would come and then they said,
oh, we are sorry, but corporate and things you know.
And so that's, it seems to be a very controversial topic if anybody had ever needed that proof, after all.
And controversial, controversial, there was one on this panel that I wanted, I have Liam, the journalist with him.
You made yourself kind of an expert in this topic because when I started writing about it,
I found lots of your articles on the register and I read them and they sort of,
they changed my mind, my attitude to the whole thing because at the beginning for me everything was clear.
Well, Reddit is doing something evil here and I need to write about it.
And I wanted to find out the true facts and then I read your stuff and there seemed to be over the, since 2021,
when Reddit started or did the harsh moves, let's say against Centaurs,
there has also been a change in the public opinion about what they're doing and why they are doing.
So last sentence, yesterday I talked to people from Centaurs and they said, well, it's actually not against us,
it's more against Oracle, this move, and or not against Alma, more against Rocky
because those two entities are trying to make money out of Reddit code.
So can you give us a short introduction about what happened and why in opinion what...
Okay, so, well, okay, context setting first maybe.
I have been a journalist mostly freelance since about 1995,
but I freelanced for the register for about 15 years before I joined them full time.
So I've been there just over two years now.
I have learned some very interesting things about people's reading skills.
An awful lot of people are completely unable to skim.
However, they don't know that they are completely unable to skim.
So they will read a headline and have a look at an article and read a paragraph or two
and jump around a bit through the later bit.
And they think they've got the gist and they move on.
Now, gist is an important word here.
Amongst other things, I'm an English teacher and I used to be a professional English teacher.
Scanning for gist is a key test of skill when you're reading in a foreign language or speaking in a foreign language.
And it's something as a teacher, you look for people's ability to get gist.
What I've discovered as a writer is an awful lot of people reading technical stuff online
cannot extract the gist of a piece of text that they have read.
So when I started hearing about Red Hat changing the terms of the license under which...
The terms under which the Red Hat Enterprise Linux source code was distributed,
a lot of people got very angry and started going,
well, this contravenes the GPL.
No, it doesn't.
What it means is an awful lot of people feel entitled to talk about the GPL
and either they've never read it or they've read it and they didn't understand it.
Because I get people every day for two and a half years who read stuff I wrote and didn't understand it.
This is a really big problem and I'm willing to bet half the people in this room to pick a random number
will read stuff and not understand the gist of what they've read.
The GPL says if you sell software that is based on open source code,
you have to provide the source code to the customers to whom you sold the software.
And that's all.
It does not say you have to give the software to the world.
You have to give it to your customers and nobody else.
That's a really big point of the GPL which I think most of the people getting angry about GPL infringement have not grasped.
Secondly, not everything in a Linux distribution is GPL.
There's GPL 2 and there's GPL 3 and there's MIT and there's X.
There's loads of licenses in there and some of them are much more permissive.
But Red Hat said the license to the REL source code means customers get the source code
and now only customers get the source code.
But it's GPL source code.
Once you get the source code, you can then do with it what you want.
You can then put that source code on GitHub and give it to the world.
That is fine.
But Red Hat are then perfectly free to say, hey, we sold you the source code.
We sold you the product.
You got the source code.
You have infringed your customer agreement by giving it to a million other people on the Internet.
So we're terminating your customer agreement.
This is my basic understanding of the situation here.
That they provide the source, still, yes, the version that is compiled into REL, but only to customers.
It's still open source because customers get the source.
However, customers are not free to share the source with anybody else and stay customers.
And that's the critical difference.
How does that affect CentOS?
Can you briefly say what Red Hat did with CentOS?
Was upstream downstream from REL before?
There was CentOS stream and there was some article saying that CentOS stream, Red Hat kills CentOS stream.
No, Red Hat kills CentOS by introducing Red Hat CentOS stream.
Do you want a whole potted history of CentOS Linux?
Just a sentence.
Can we just take a quick seat and respond?
I just want to clarify that explanation of the legal situation.
There are some bits of it that are a little more nuanced than that.
If you have an offer for source, it needs to remain valid.
It's not just simply your obligations continue if you've got an offer for source available.
I also just want to say that while this kind of issue dances up to the line of GPL compliance,
you're looking at the really tight letter of the license and wondering where is that line.
Frankly, I would prefer that many of our analyses are not about how do we just follow the very tight license,
but instead to say what's in the spirit.
It's crummy to ask customers to have to choose between distributing the source to customers who have a right to habit,
which is the spirit of the GPLs, and choose between that and support.
I otherwise agree with your analysis, but it leaves out that important component.
One, since an awful lot of people don't actually understand what the license says about the source code,
what the letter of the law, if you will, says about the source code.
Trying to analyze the spirit is a whole other and much more difficult problem.
Look, if you've chosen to pay for a commercial Linux distribution, then you're not on board with the whole, it's all free for the whole world thing.
If you pay for corporate support, you're buying into a corporate subscription.
And if you're buying into a corporate subscription, that puts you in a different market segment to all those
Debian and Arch and Gento and whatever users who don't have a commercial version and are exclusively relying on the community for support.
Suzer and Red Hat are in this almost unique position that they sell support subscriptions for a corporate tool.
There's also free products you can use if you so wish, but you don't get the support.
You're not buying the software, you're buying a support subscription. This is important, but is it against the spirit?
I don't know. Can somebody show me a strict documentation of what the spirit is?
Because there's a strict definition of what the GPL is and half the people haven't read that.
Let me ask the lawyer about the letters of the law. In our case, it's the license and the spirit.
Because I'm pretty convinced that what Red Hat is doing here is both legally and license wise correct.
That is an opinion. I consider it legitimate if I see what the target is.
I think it's like many others, I think they did bad marketing on it, definitely.
But the thing is, I think it's against the spirit of open source if they don't share because they are so sorry.
I think it's kind of stupid to have big letters on the Red Hat website what open source is.
And that says, developed in the community, shared publicly and everything.
So they really on their own website, they have these words and then they make part of their product only available under limitations,
which is again something that is nitpicking, I would say. It is limitations.
You are free to use it, but you shouldn't share your gun. That is for big customers. That's a threat.
If you lose support from a big, that's a threat.
So I think it's against the spirit of open source.
Karen, can you explain why it's also against the letters?
This is so interesting because I'm going to agree with both of you, even though you're disagreeing,
which is to say that I agree that here the customers are sophisticated.
This is like a different type of... Oh, can you all hear me when I have it over here?
Yeah. So the customers are sophisticated.
So the result of the violation, if there is a violation, or the result of the policy is different
than if you have consumers who are less sophisticated, who are in a negotiating position,
who aren't knowingly entering into it. So I agree with that.
But then on the other hand, I also agree with Marcus that we are not about necessarily expecting contributors
in the free and open source software space to just do a bare minimum all of the time.
We are here because we want something better.
So I am not going to secure and say that this is a violation. I'm not.
But I am going to say it was sure nice when we had sent us and we could see, like, you know,
we had like a canary in a coal mine in a way. We knew, you know, we had access.
And now we don't have that canary. The canary is gone.
And so we may be... Benny wants to say something about this.
No, go for it. You guys are doing a good job of fighting.
I don't even think we're fighting. I don't think we're fighting.
I'm prepared for getting asked.
I completely agree with you that everybody should read the GPLs, like, read those licenses.
Some of them are easier to read than others, but like, check them out and like, especially read the offer.
I'm kind of torn on CentOS because I do not use it personally.
One of the things that shocked me when I joined Red Hat is I had not really looked at a Red Hat product since Red Hat Linux 9.
And they gave me a laptop and they said, you got a choice. You can run RAL and you get support or you can run Fedora and you're on your own.
We don't support staff running Fedora. Obviously, server-side stuff, yeah.
But all your colleagues mostly run Fedora.
So junior management and so on ran RAL, senior management, have Max, and all the actual techies ran Fedora.
So I put the latest Fedora on my staff-issued laptop and it didn't work.
The touchpad didn't work right and the graphics didn't work right and it broke if I undocked it.
And I asked on the support list inside the company, I went, yeah, it does that.
What? I mean, it took me two days to install this wretched thing because your installer is so awful and it doesn't support the hardware it was written on.
Yeah, we know. We're going to fix it one of these days maybe when we can if we can get open source drivers and stuff.
But for now it doesn't work. And I went, this sucks. The user experience for Fedora 14 was awful.
I defected over to Ubuntu in about 2004.
Talk to them about...
The 90s were hard.
But I started a thread and I said, look, I have not used Red Hat in over a decade, but I am a bit of an expert in some of your rival products.
I use Ubuntu, I use Debian, I use some related products and the installation experience is considerably worse.
The driver support is considerably worse. The stability is not good.
Is there a team in the company looking at rival products that wants to help?
If so, I'd like to join. And if there isn't, can I start one? Because I think we can do better.
And that got me kicked out because I offended the company code.
But you know what? About the free distro and do you get the source code and stuff?
The question of the killing of CentOS Linux as opposed to CentOS Stream, well, that's a whole other question.
But I think... I don't like to say it. I don't buy Linux-based server operating systems.
I'm very happy I don't run servers anymore.
But if you buy into a commercial Linux, you're buying into a different kind of deal too if you use a free Linux.
And if you complain that the paid-for one isn't like the free one, well, why do you pay for it then?
Well, in some cases you pay for blameware, so I like outsourcing the blame.
But the thing is also, I talk to many people these days and they said,
well, if you're CentOS, Rocky, Alma, all of this is just people that want to use Red Hat style software but don't want to pay for it.
So, and that is where I'm asking you, Benny, is that what impact did all of that Red Hat movement over the last years have on a project like Alma Linux?
I mean, once you get on...
Yeah, so as I said before, the move is said to be more targeting Oracle and not actually that much CentOS because Oracle and also, I was told, Rocky,
they are doing business with it undercutting Red Hat prices, which Alma is obviously not doing.
So you're kind of the good ones in this game and that's also nice to have you on the stage here.
But how did it affect Alma Linux over the last years?
Yeah, so, well, let's start with the supposition that the people who are using CentOS and Alma Linux and Rocky Linux are the ones that don't want to pay for Red Hat.
That is not true.
The number of people that have come to me and said, I used CentOS and now I use Alma Linux, not because I don't want to pay Red Hat,
but because I was never going to pay Red Hat.
I was always going to look for a free Linux.
So the idea that we're somehow pulling funds or customers away from Red Hat is incorrect.
There are certainly people, certainly companies who use a Red Hat-compatible operating system to decrease the amount of money they have to pay Red Hat,
but that is not our primary audience at all.
So we start there.
But if you just look at the impact of what changed in December 2020, we were all, was it 2020 or 2021, whatever it was,
we as users of CentOS were very frustrated, very uncomfortable with the idea that we weren't going to have CentOS 8 as long as we wanted,
and we weren't going to have any CentOS 9 that was the Linux version, right?
We all needed it for a variety of reasons.
Everything from, I got to meet somebody today who uses Alma Linux to serve museums in Sweden.
All of the point of sales stuff is done using an Alma Linux server.
They were never going to switch to an operating system they had to pay for.
They want an operating system that serves their need and is free.
That's the kind of people that have come to us.
In June, when things shifted again, it completely broke our pipeline, right?
We had a built pipeline that was very good and very secure and very stable.
When our pipeline was broken by the changes where the licenses or where the code was stored,
it was, again, frustrating and uncomfortable.
But Open Source did what Open Source always does, which is solve the problem.
We will get around it. We'll find a way to do the things that we want to do,
whether or not we have access to the source code.
In this case, we do. We find it in other places to do the things that we want to do
without violating RID hats agreements.
It's easy for us to, I mean easy, relatively easy, right?
But it's still possible.
When I hear that, that kind of fosters my opinion that it's not really in the spirit of Open Source,
what's happening here.
But there may be different views from different sides on the whole thing.
I think Red Hat is doing this also because of business model topics.
There is business models like Oracle Linux or Rocky Linux,
which Red Hat is not very happy about, and you are kind of like the collateral damage to that.
To a certain degree, yeah.
To a certain degree, sure.
I do, just to be fair to Rocky and the people who work on Rocky,
I do want to distinguish slightly between Rocky Linux and CIQ.
CIQ and Rocky Linux are obviously very closely tied, but there is difference, right?
So yeah, CIQ has a commercial thing.
Red Hat has a commercial approach.
We don't have customers. We have users.
And it is, whether or not it's, like we get into the letter of it, right?
It is certainly harder to do the things that we want to do,
but I think that it proves the strength of Open Source.
Whether or not they are violating the spirit at all.
And I would add about the spirit that, you know, the problem with trying to do the bare minimum going for the letter
and not thinking about the spirit is that you get so close to that line
that it is easy to cross over it in other circumstances, right?
So my colleague Bradley Coon who is here actually wrote a blog post that I actually was referring to earlier,
that identified a couple of violations that we had had in the past.
And that's what happens when you're looking for the bare minimum.
And so I think you just have to be cognizant of that.
So I guess that's also the point where we want to open this discussion up to you,
as seen where many hands raised.
Yeah, so many people. Just like 200 questions we will accept, I guess.
Correct?
We have 20 minutes.
Yeah, so my main question, you were so right with that.
My question that is on my mind is, do we have to change something in the open source community?
Do we need a GPL4 that also covers the issue of not only to customers
or that is maybe more precise or more clear on the limitations?
Because I think what Red Hat is doing here is posing the limitations on those that get the source code.
They are not really, but in a way, that is the effect and it has some side effects.
And so maybe, so I start here.
Thank you.
I mean, I hope it's alright that I don't answer your question,
but I want to say something about the spirit again, because I think,
I wasn't involved in any drafting of the licenses and stuff like that,
so it's just like from what I've read, but my understanding is when you read the writings of stall men,
can you think further away?
Okay, better like that?
Okay, cool.
I think it's very clear to me that the intention, one of the intentions of the copy left movement was to prevent software monopolies.
And you can comply with a copy left license, and I'm not saying Red Hat is doing that, right?
I have no idea, I am no position to judge that, but hypothetically speaking,
if a company starts hiring all the developers of a software ecosystem and pay for their livelihood,
and then go to the customers and say, of course you can go out on your own and be on your own,
and no longer be a customer of us as a company, but good luck finding anybody else
and just a technical skill to do anything with that software, because we control like 90% of the ecosystem.
I think that is a problematic situation as a community to have that, right?
Whether it is legal or within the rights of the license, I think to me, it is very clear that this is a problem.
And to bring it back with two sentences to the questions you've asked,
I honestly, I have no idea if that is a problem that can be solved by the legal framework,
because it is so far beyond just copyright and copyright issues with the licenses
that I don't know what the solution can be, I am very sure that it is a problem
and a problem that we need to think on, because these are monopolies that are coming up in very new and very different shapes.
And that is something that I came across with the research on these articles,
so there is an open core conference, an open core summit that happened first time last year,
the year before last year, second time this year in December,
and it is driven by a company or entity, open source software.oss.capital,
and they promise investment capital if you are doing open core.
So they are, and Redhead founder, John Ewing, is it John or Jack Ewing, I think?
Mark?
Redhead founder, you are talking about the one who was at that open course?
Yes, exactly.
Bob Young.
Bob Young gave an opening speech on this event, and so that is where I came across and I thought,
okay, there is a lot of money that is looking for a new home,
and they see that open source is a threat for investment,
they see it as a threat to investments, because if you don't own intellectual property
or all the developers on a certain market, then the investment money can vanish,
because everybody else can do what you did before.
And so that is also a very important matter in this thing, I guess,
because what Redhead is doing is trying to avoid others from making money off their development.
Which is the opposite of what Bob Young said.
He talks about it at the open course, so it is interesting because he, you know,
I don't want to be the only one who is here saying, you know, I love them and I hate them,
I am here giving a positive view and really I am at heart, I am negative,
I did the keynote this morning about outreach and I gushed about...
...
...
Thank you.
So you said the question is about who is a user and Redhead is talking about customers.
Is that correct?
So Karen, can you say something about that?
I mean, a user of the software is everybody who gets it, right?
They are only handing it out to their customers.
Is that wording? Is there a difference in any way? Can you say something to that?
It's really, you know, the license is written so that the obligations flow,
so that the obligations flow downstream.
So you are asking for distinctions that are not that relevant in the way you analyze the license
and the company's obligations are when they distribute the first code.
So now we have got to resolve the technical issues and the new microphone is running around.
To answer the next question I can't see.
Yeah. Hi up there.
Come in, Houston.
To everybody at home, this is a room like two kilometers long and one mile up on the left
is a very nice friendly guy asking a question.
Hi, I'm Jim from Oracle, otherwise known as Big Evil in this crowd.
So section six of the GPL provides, and pardon me, in part,
that you may not impose any further restrictions on the recipients' exercise of rights granted herein.
The Redhead subscription terms provide that you may not redistribute the software,
and if you do, it's a material breach.
It doesn't just say we can terminate you.
That gives them the right to sue you.
Beyond that, they could also say just as easily, you don't have the right to modify,
you don't have the right to make copies.
If they are allowed by contract to restrict the rights granted under the license,
how does the end user end up with any of the protections that the license is intended to provide?
How is the license meaningful?
Can Vizio, by way of example, provide a license with its TV that says,
if you ask for the source, it's a material breach and you owe us money?
Well, in my readings, I learned about the term in at least US law,
that is the caveat-emptor thing, that means actually something like buyer-beware.
I'm looking forward a lot to how European law will see this whole situation,
but in the end, it's the freedom of a vendor by law to choose his customers.
And if I'm doing messy things with the stuff they give to me, because of the GPL,
they cannot infringe my law to use it and share it and change it,
but they can still say, stay away, we will give you no support.
You can call us 20 times a day, we won't do anything for you.
Did I get that right again, Karan? The caveat-emptor thing?
I mean, I'm not...
You're not our lawyer.
Let's move on in the conversation.
Okay.
Here.
Yes.
Thank you. Hi, I'm Christian.
I have to say I'm in the spirit of free software, so what I say now is a bit against my own conviction,
but I think we have to put things a bit different.
Reddit, Linux is not consistent completely from GPL software.
There's different licenses, so we have permissive licenses in there and it doesn't apply.
And then the next thing is the question of packaging it is, consider the right work
or is it just a way of distribution, just as Storman wrote,
it's okay if you put it on the tapes back in the 1980s and if you sell these tapes,
you can charge money for this.
So this is the question I have to you, Karan Phelps, as a lawyer,
and putting that way,
if it is derived work, then I think it's in conflict with GPL
to not provide the packages as the derived work
or not allow the customer to provide the packages on their behalf to the wider community
because they have the right to share.
On the other hand, for permissive license stuff, that's not true.
If it's not derived work, then it would be okay for Reddit to just cite the sources
because you still get the software from the Internet,
but you have no right to basically get their distribution work.
I don't really know, so I'm very interested in your answers.
Armand Linux is completely out of the packaging of CentOS, right?
There's no packages anymore, anyhow, right?
So you're doing packaging yourself?
Yeah, so we pulled the source code from a couple of different places.
Shameless plug, if you want to know exactly where we get it from,
you can come to our talk at the distro's room tomorrow at noon.
Thank you.
The packages where the code that we pull is from...
Where's the other microphone?
I don't know.
That's not the anthem.
The code that we pull is from CentOS Stream,
or from other places you can get it where it's free.
And pulling that code and repackaging it from everything that we've seen
does not violate anything, right?
The reality...
I think the thing that I would like to talk about at this point
is kind of the question that we started with.
This is going to continue to be a thing because humans are the way they are.
We are going to end up in situations...
This isn't like a new cycle to what we're doing, right?
But he said openwashing is coming around again, because that's what happens.
How do we, as an open source community, react to that?
That's the thing that's interesting to me.
Like debating whether or not Red Hat is violating GPL is...
We've got 230 people in here and 230 opinions.
I think how we fix what we're doing going forward
is going to be the interesting conversation.
Do you have a question?
My question was more legal one.
For instance, if we look at the GNU or FSF website,
we have a GPL FAQ.
And that's inform us on how to interpret the license, for instance.
And as I understand, this has some legal weight.
In the GPL v3, there is also a section about terminating services.
Does that give us some information, even if it's not about source code distribution,
but installation of software or modification of software?
Maybe.
I think it's really up for debate, if any commentary outside the license.
At least from a US law perspective, it's really...
The license says what it says.
I mean, for my personal, like, two pence worth, a tough enough worth,
I think Red Hat made a huge mistake in, so to speak, acquiring CentOS in the first place.
That was a really dumb move, because they legitimized and sanctioned
what was effectively a free rival to their commercial product.
Now, when I've said this in print, people have said,
oh, well, CentOS was dying.
They rescued it by adopting it.
Well, tomato, tomato, it doesn't really matter.
It was a really dumb move to start supporting and offering a free rival to their own product.
But that was a long time ago.
They decided to stop offering it.
Okay, fair enough. They're within their rights to do that.
It inconvenienced a bunch of people.
Well, they'd mainly inconvenienced rivals.
But, yeah, I think it probably is against the spirit.
Yes, I don't argue with that, and I do not wish to defend them.
But since we can't really codify what the spirit is,
somebody's got to pay for all this work.
My basic overall position here is, right,
I started my career with DOS, Novel Network, and tools like that,
which were tiny and maintained by tiny numbers of people,
and most of them were not written in C.
The industry has gradually shifted to vast and vastly complex stacks of software,
the lower levels of which are built in the most unsafe programming language known to humanity.
Okay, that was a dumb move.
Right?
And the result of that is a vast multi-billion, in fact, nowadays, multi-trillion dollar industry,
and paying people to fix it and maintain it and document it and try and make it all work together.
Rightly or wrongly, that's kind of where we are.
There are free products. There are paid for products.
You've kind of already taken a seat on the edge of the shark tank if you started using one of the paid for products.
I think life would have been simpler if there'd been a much clearer line between real official Red Hat Linux
without an enterprise and a totally free one, which is not official.
But that isn't where we started from.
I think the company was repairing a mistake.
So, I would like to add a thought to the question, how could we act as a community on this,
and I think this goes right away to the panel later this afternoon.
What can we do with additional obligations that someone tries to add onto the GPL?
So, I think we could agree that Red Hat tries to add some obligations.
I would even go a step further and say they made at least an unclear subscription agreement,
and you can read it as you have to pay for every copy which is made,
and we have an extra right to terminate your subscription if you should dare to redistribute the code.
So, I would say if this is the right reading, you would have a conflict with the GPL,
but if I were to have made it unclear by intent that you can always say,
no, no, no, we just may consider the fact that you made distributions.
So, from a political side, I would say Red Hat already partly won the debate
in a sense that we are always saying, well, but Red Hat may most likely not renew your subscriptions,
but the subscription terms are more harsh, way more harsh than what you actually are saying.
So, I would like to ask to the panel, did you get the gist of the Red Hat subscription agreements?
Yeah, personally for the article I even got an explanation which was, as Leon said, very open and clear from Red Hat,
how they handle it and they will say they are free to kill the subscription contract with the user at any time,
at any given time once they find out he or she or they changed and shared it.
So, it's very simple. If they want, I don't think they are that ill, but if they want, they can just from today to tomorrow,
they say, oh, we saw you flipped a bite here, no, we don't support you anymore.
And I would really recommend I was briefly in Bradley's talk just before and the few minutes that I saw there
made me really want to watch the video as soon as possible because you were also talking about companies imposing limits on their employees
in terms of open source and transferring intellectual property and things.
And first, before I give a word to Bradley, I saw...
You could just say whatever.
You sure? Karen? Okay.
You can respond.
Yeah, so...
You wanted the mic right after that.
Yeah, so I think, so I'm not on the panel because I talk about this issue too much
and so I really shouldn't have the microphone, but Don gave it to me.
So, I...
You're in your hands.
That's true.
I thought he wasn't going to give it to me.
So, when I first was given a copy of the rel, I think at that time it was called the Red Hat Enterprise Linux Agreement,
in 2001 and asked, does this comply with the GPL?
I never would have imagined this many people would be in a room to actually care about that question
because it was kind of a how many angels dance on the head of a pin question at the time
and in some sense it still is.
It's an incredibly nuanced question.
I think everyone wants to give these very pithy answers, Jim Wright from Oracle being glad to give us an incredible pithy answer,
that of course it violates the GPL.
I think that Red Hat is extremely sophisticated in their drafting
and I have read every single version of the rel services agreement that's ever been published
and on paper, I don't find a GPL violation.
The problems that I have discovered are of the nature that I've often called,
if a GPL violation falls in the woods and nobody's there to hear it, did it actually occur?
And I say that because there are probably hundreds of Red Hat salespeople who walk in and sell seat licenses
and there are hundreds, possibly thousands of Red Hat customers who believe they own seat licenses to rel.
I have met many, dozens of people who tell me their company has N seat licenses to rel.
That's not what the agreement says but that's what everyone believes is happening.
And that I think goes to your earlier point, that there's something happening that is perception
and while the letter of the rules don't violate the license, everybody believes it's proprietary software
and I don't know how we solve that problem but jumping to a conclusion either direction
of it must be a violation or it can't be a violation is not going to get us very far
in figuring out the community problem that we face.
That goes for me that also goes in the direction of the caveat emptor thing.
So you, like, I mean in the US it seems to be very normal to assume that somebody that you're buying something from
might be trying to fool you or to get some more extra money out of you.
And so that's probably also the biggest failure or the biggest mistake that Red Hat did in all of this.
I talked to them and they said, yeah, marketing wasn't very good on that.
So obviously, oh no, shit man.
But the thing is, is there anything that we as a community can do to be maybe more precise or whatever
to counter these things? I don't think so. Actually it's the market, huh?
I'll try to keep it short because I have two things now and one of those really got my blood boiling.
So I try to start with the more nuanced one.
And the nuanced one is we can quote the current GPL to each other all day long, right?
But from what I understand from the history, the reason that a GPL exists is because GPL was written at a time
where something like the cloud was in nobody's mind.
And I think we're at a point now where nobody ever thought that there might be a player in open source
who has just war money to buy 80% of the developers of an ecosystem and provide for their jobs
and comply with the license. And there is no doubt in my mind, like Bradley, as you said,
I'm completely certain that they comply with the license and I believe REL is free software.
If they distribute REL to you, you get free software. You're free to exercise your full rights, right?
But they have built something that we didn't think of when the license was drafted. So that's the one.
And the second one.
Let me keep it because Liam wants to directly answer to that.
Okay.
But the second one with the emotional one, I already wonder if it was something I said or he said
because that's usually how the reactions that we get with it.
I think it was more Liam.
Can you answer?
Absolutely.
And then keep the thought.
We're running out of time, so maybe we should move to the next question.
I think you've got this completely backwards in how you should look at this.
And I speak as a former member of staff. It is not. Oh my God, one company owns 80% of Linux developers.
No. One company, rightly or wrongly, and I am no fan of theirs, came up with a very, very lucrative model for selling Linux distributions.
And that has enabled them to pay for something like 80% of the development of Linux and associated systems.
I don't like them. I enjoyed working there. Don't get me wrong.
There are friends here at FOSTEM this weekend that I have spoken with that I made in my short time at Red Hat.
It was a fun job. Well, actually, the docs are very dull, but you know.
But it was a fun job. It was a great community.
It's a friendly company as long as you don't violate the company religion that there is only one Linux and its name is Red Hat.
But that's a whole other question.
One company found a way to make Linux very lucrative and they pay for a vast amount of development, and that's a really good thing.
I agree.
Because Debian can't do it. Ubuntu, Canonical can't do it. Nobody else can pay for all this stuff.
It's not they've got a monopoly. They're funding us and they're keeping us in a job.
This is a last question here.
We have something like two or three minutes left.
So maybe a slightly different point of view.
So I'm working for a large company and because the company pays my salary, I can do open source work.
I'm a maintainer for open source projects and I like to do this.
But I'm getting some kind of paid for this.
And I guess for all open source that someone develops, all the people need to do a living.
I'm getting paid for the work that I do for the company.
I'm doing private open source project and I don't want to have money for that.
But in general, someone needs to do a living by writing open source software.
So this is something that we need to secure.
And we've seen in the past that like elastic search or something,
if big organizations take open source, provide it with their business model and let's say deny small companies to earn money,
then we will lose open source.
And I had discussions with Red Hat.
I had discussions with lawyers of Red Hat and they made it very clear up to this point,
we will talk friendly to you, but the next stage will only be possible if you pay money.
You're using our open source software, so you will not get further answers.
I don't think that is a good habit, but I would like to get back to what Bani said
because it's what do we about this, not necessarily against Red Hat,
but how do we as a community, how do we just get around it?
So let Red Hat do what they want to do as long as we can have open source software on the right side.
That's exactly the last question that I have on my list for the panel actually.
That's exactly the question that I'd like to hear from all of those guys, those experts here,
telling me what they think we should do or if we should do something about it
or if we should just wait.
So who wants to start?
So what are we going to do?
We're going to do what open source always does, which is fix the problem.
I said it earlier.
The reason open source continues to exist from my perspective is that we all continue to care about it.
We continue to put in our time, we continue to put in our effort.
We, whether or not somebody is getting paid for it, we show up because we care.
There will always be people who commercialize it.
There will always be people who feel fundamentally that open source is the way to go.
And we're going to end up hopefully continuing to balance each other out.
With people like that.
I run Debian. It works pretty great.
Maybe we're on Debian.
I don't think this is a problem to be fixed.
I mean, you know what? It might be nice in the spirit of doing it, but you know what?
Somebody's got to pay for all this.
My last three FOSDEM talks were more or less on the subject of how can we find a way to dump this entire stack from line one of LS and replace it with something a bit better built because I think that's what we should do.
And I'd like that to be open source as well.
So, are you still unmated?
Thanks for joining us.
We're out of time.
We are done. Thanks for joining us.
Thanks for joining us. I'm very sorry that we couldn't answer all the questions.
Goodbye.
I'm sorry.
It's okay.
Yeah, I know I'm sorry.
What was it that made you emotional?
I don't know.
I don't know.
Thank you.