[ale] Red Hat and the GPL

Bob Toxen bob at verysecurelinux.com
Thu Dec 11 16:20:03 EST 2003


My understanding is that Red Hat is charging "per system" fees for
Enterprise Linux and is restricting the use of downloaded patches
received (by the end user) via the Red Hat Network (RHN).  As I understand
it, in order to get the patch service, one must agree to pay the
fee on a "per system" basis and may not share what is downloaded.

THIS is what is forbidden quite clearly by the GPL, IMHO.  One (e.g.,
Red Hat) receiving Open Source software may NOT place any restrictions
on it.  This is why their requiring the customer to agree to one
RHN license per system to receive patches of GPL'ed code is in violation
of the GPL, IMO.  It is also why my client's choice to ignore their
restriction is legal, IMO.

Bob

On Tue, Dec 09, 2003 at 05:07:49PM -0500, James P. Kinney III wrote:
> As I read the EULA, RedHat is not in violation of the GPL. The
> distribute the source with the binaries, the don't restrict the use of
> the binaries. What the restrict is the use of their network access. They
> do restrict the use of the RedHat name and logo. As such, there is a
> single package that contains all of the RedHat branding. If that package
> is removed, The EULA does not restrict the redistribution of the entire
> RHEL. But it is not legal to call it RHEL.
> 
> The EULA from RedHat Enterprise Linux:
> 
> LICENSE AGREEMENT AND LIMITED PRODUCT WARRANTY
> RED HAT?? ENTERPRISE LINUX?? VERSION  3
> 
> This agreement governs the use of the Software and any updates to the
> Software, regardless of the delivery mechanism.  The Software is a
> collective work under U.S. Copyright Law.  Subject to the following
> terms, Red Hat, Inc. (???Red Hat???) grants to the user (???Customer???) a
> license to this collective work pursuant to the GNU General Public
> License.
> 
> 1.  The Software.  Red Hat Enterprise Linux (the ???Software???) is a
>     modular operating system consisting of hundreds of software
>     components.  The end user license agreement for each component is
>     located in the component's source code.  With the exception of
>     certain image files identified in Section 2 below, the license
>     terms for the components permit Customer to copy, modify, and
>     redistribute the component, in both source code and binary code
>     forms.  This agreement does not limit Customer's rights under, or
>     grant Customer rights that supersede, the license terms of any
>     particular component.
> 
> 2.  Intellectual Property Rights.  The Software and each of its
>     components, including the source code, documentation, appearance,
>     structure and organization are owned by Red Hat and others and are
>     protected under copyright and other laws.  Title to the Software
>     and any component, or to any copy, modification, or merged portion
>     shall remain with the aforementioned, subject to the applicable
>     license.  The ???Red Hat??? trademark and the ???Shadowman??? logo are
>     registered trademarks of Red Hat in the U.S. and other countries.
>     This agreement does not permit Customer to distribute the Software
>     using Red Hat's trademarks.  Customer should read the information
>     found at http://www.redhat.com/about/corporate/trademark/ before
>     distributing a copy of the Software, regardless of whether it has
>     been modified.  If Customer makes a commercial redistribution of
>     the Software, unless a separate agreement with Red Hat is executed
>     or other permission granted, then Customer must modify the files
>     identified as ???REDHAT-LOGOS??? and ???anaconda-images??? to remove all
>     images containing the ???Red Hat??? trademark or the ???Shadowman??? logo.
>     Merely deleting these files may corrupt the Software.
> 
> 3.  Limited Warranty.  Except as specifically stated in this agreement
>     or a license for a particular component, to the maximum extent
>     permitted under applicable law, the Software and the components
>     are provided and licensed ???as is??? without warranty of any kind,
>     expressed or implied, including the implied warranties of
>     merchantability, non-infringement or fitness for a particular
>     purpose.  Red Hat warrants that the media on which the Software is
>     furnished will be free from defects in materials and manufacture
>     under normal use for a period of 30 days from the date of delivery
>     to Customer.  Red Hat does not warrant that the functions
>     contained in the Software will meet Customer's requirements or
>     that the operation of the Software will be entirely error free or
>     appear precisely as described in the accompanying
>     documentation. This warranty extends only to the party that
>     purchases the Software from Red Hat or a Red Hat authorized
>     distributor.
> 
> 4.  Limitation of Remedies and Liability. To the maximum extent
>     permitted by applicable law, the remedies described below are
>     accepted by Customer as its only remedies.  Red Hat's entire
>     liability, and Customer's exclusive remedies, shall be: If the
>     Software media is defective, Customer may return it within 30 days
>     of delivery along with a copy of Customer's payment receipt and
>     Red Hat, at its option, will replace it or refund the money paid
>     by Customer for the Software.  To the maximum extent permitted by
>     applicable law, Red Hat or any Red Hat authorized dealer will not
>     be liable to Customer for any incidental or consequential damages,
>     including lost profits or lost savings arising out of the use or
>     inability to use the Software, even if Red Hat or such dealer has
>     been advised of the possibility of such damages.  In no event
>     shall Red Hat's liability under this agreement exceed the amount
>     that Customer paid to Red Hat under this agreement during the
>     twelve months preceding the action.
> 
> 5.  Export Control.  As required by U.S. law, Customer represents and
>     warrants that it: (a) understands that the Software is subject to
>     export controls under the U.S. Commerce Department???s Export
>     Administration Regulations (???EAR???); (b) is not located in a
>     prohibited destination country under the EAR or U.S. sanctions
>     regulations (currently Cuba, Iran, Iraq, Libya, North Korea, Sudan
>     and Syria); (c) will not export, re-export, or transfer the
>     Software to any prohibited destination, entity, or individual
>     without the necessary export license(s) or authorizations(s) from
>     the U.S. Government; (d) will not use or transfer the Software for
>     use in any sensitive nuclear, chemical or biological weapons, or
>     missile technology end-uses unless authorized by the
>     U.S. Government by regulation or specific license; (e) understands
>     and agrees that if it is in the United States and exports or
>     transfers the Software to eligible end users, it will, as required
>     by EAR Section 741.17(e), submit semi-annual reports to the
>     Commerce Department???s Bureau of Industry & Security (BIS), which
>     include the name and address (including country) of each
>     transferee; and (f) understands that countries other than the
>     United States may restrict the import, use, or export of
>     encryption products and that it shall be solely responsible for
>     compliance with any such import, use, or export restrictions.
> 
> 6.  Third Party Programs. Red Hat may distribute third party software
>     programs with the Software that are not part of the Software.
>     These third party programs are subject to their own license terms.
>     The license terms either accompany the programs or can be viewed
>     at http://www.redhat.com/licenses/.  If Customer does not agree to
>     abide by the applicable license terms for such programs, then
>     Customer may not install them.  If Customer wishes to install the
>     programs on more than one system or transfer the programs to
>     another party, then Customer must contact the licensor of the
>     programs.
> 
> 7.  General.  If any provision of this agreement is held to be
>     unenforceable, that shall not affect the enforceability of the
>     remaining provisions.  This agreement shall be governed by the
>     laws of the State of North Carolina and of the United States,
>     without regard to any conflict of laws provisions, except that the
>     United Nations Convention on the International Sale of Goods shall
>     not apply.
> 
> Copyright ?? 2003 Red Hat, Inc.  All rights reserved.  "Red Hat" and
> the Red Hat "Shadowman" logo are registered trademarks of Red Hat,
> Inc.  "Linux" is a registered trademark of Linus Torvalds.  All other
> trademarks are the property of their respective owners.
> 
> 
> 
> 
> On Tue, 2003-12-09 at 14:51, Bob Toxen wrote:
> > The individual copyright holders of the software that comprise the
> > Linux OS and related user and library code should tell Red Hat: "NO!
> > You cannot do that [putting restrictions on GPL'ed code] and must stop now!"
> > 
> > "NO!  You cannot distribute OUR copyrighted code on the condition that
> > the Red Hat customer agree to additional restrictions such as:
> > 
> >   1. Not distributing patches among all of your machines and clients.
> > 
> >   2. Charging fees in excess of reasonable copying fees for distributing
> >      GPL-licensed Open Source
> > 
> >   3. A purchaser of a Red Hat CD-ROM (or downloaded CD-ROM image) cannot
> >      distribute it "because of red hat trademark logos".
> > 
> > Red Hat currently is doing these things and I think that this constitutes
> > copyright infringement in that they are using copyrighted code in ways
> > clearly forbidden by the GPL.
> > 
> > Have a look at the GPL at
> > 
> >      http://www.fsf.org/licenses/gpl.html
> > 
> > as I did in preparing this email.  It appears to me that Red Hat is
> > in violation of the GPL for demanding these restrictions of its customers.
> > 
> > The portions of the GPL that seem most relevant to me are:
> > 
> >      "To protect your rights, we need to make restrictions that forbid
> >      anyone to deny you these rights or to ask you to surrender the
> >      rights. These restrictions translate to certain responsibilities for
> >      you if you distribute copies of the software, or if you modify it.
> >      ...
> >      "You may charge a fee for the physical act of transferring a copy,
> >      and you may at your option offer warranty protection in exchange
> >      for a fee.
> > Warranty protection means, I believe, that Red Hat may charge money for
> > fixing bugs.  However, it cannot put "per seat" or "per system" restrictions
> > or fees on patches for GPL'ed code.  I.e., they must make patches (usually
> > engineered by an Open Source entity other than Red Hat) available for a
> > low cost or at no cost.
> >      ...
> >      "These requirements apply to the modified work as a whole. If
> >      identifiable sections of that work are not derived from the Program,
> >      and can be reasonably considered independent and separate works in
> >      themselves, then this License, and its terms, do not apply to those
> >      sections when you distribute them as separate works. But when you
> >      distribute the same sections as part of a whole which is a work
> >      based on the Program, the distribution of the whole must be on the
> >      terms of this License, whose permissions for other licensees extend
> >      to the entire whole, and thus to each and every part regardless of
> >      who wrote it.
> > 
> > That requirement seems to make illegal Red Hat's published policy of
> > forbidding others from redistributing "Red Hat Linux" in either original
> > or modified form claiming that to do so would be illegally using Red Hat's
> > trademarked images scattered throughout the boot process, documentation,
> > and elsewhere.  It appears to me the "These requirements apply to the
> > modified work as a whole."  requirement of the GPL expressly forbid
> > this practice.
> > 
> >      "6. Each time you redistribute the Program (or any work based on
> >      the Program), the recipient automatically receives a license from
> >      the original licensor to copy, distribute or modify the Program
> >      subject to these terms and conditions. You may not impose any
> >      further restrictions on the recipients' exercise of the rights
> >      granted herein.
> > 
> > 
> > 
> > I suggest that we contact some of the copyright holders of GPL'ed code
> > and see if there's agreement to contact Red Hat and tell them to stop
> > their current practice as it is bad for Linux and the community.
> > 
> > (While I consider myself more knowledgeable in contract and copyright
> > law than the average person, I am not an attorney.  Any statements by
> > myself here are my opinion.)
> > 
> > Best regards,
> > 
> > Bob Toxen, CTO
> > Fly-By-Day Consulting, Inc.
> > 
> > Author,
> > "Real World Linux Security: Intrusion Detection, Prevention, and Recovery"
> > 2nd Ed., Prentice Hall, (C) 2003, 848 pages, ISBN: 0130464562
> > Also available in Japanese, Chinese, and Czech.
> > 
> > http://www.verysecurelinux.com       [Network & Linux/Unix Security Consulting]
> > http://www.realworldlinuxsecurity.com [My 5* book: "Real World Linux Security"]
> > http://www.verysecurelinux.com/sunset.html                    [Sunset Computer]
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://www.ale.org/mailman/listinfo/ale
> -- 
> James P. Kinney III          \Changing the mobile computing world/
> CEO & Director of Engineering \          one Linux user         /
> Local Net Solutions,LLC        \           at a time.          /
> 770-493-8244                    \.___________________________./
> http://www.localnetsolutions.com
> 
> GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
> <jkinney at localnetsolutions.com>
> Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7



> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale



More information about the Ale mailing list