Re: [GNU-linux-libre] Good practices for removing nonfree code found in source code.

[Denis 'GNUtoo' Carikli]

On Mon, 4 Oct 2021 05:02:11 -0400
bill-auger <bill-auger@peers.community> wrote:
[...]
> > However anyone getting a copy of that source code can leverage the
> > rights given by the GPLv2(+) to make it way easier to produce a free
> > firmware: In many jurisdictions, there are heavy legal requirements
> > around reverse engineering, decompilation, using (semi-)automatic
> > tools to reconstruct source code, etc, but as I understand the
> > GPLv2(+) removes many of these requirements.
> 
> how is that legit? - if the copyright holder does not provide
> the source code to _someone_ who is using the software under the
> supposed GPL, then it is impossible for _anyone_ to comply with
> the GPL - that surely invalidates the GPL
I think that the source code of at least one of the firmwares in
linux-libre-firmware was obtained precisely though this way. 
So this is something that works and that isn't hypothetical.

And here I'm just telling that while the FSDG compliant should not ship
software without corresponding source code, that firmware binary is
still useful to people working to produce complete and corresponding
source code of the binary.

And once that's done the source code is typically integrated in
upstream projects and/or in FSDG compliant distributions, and the
firmware is then built from source and shipped like other firmwares are
in FSDG distributions.

> i think i get your point; but firmware is not a representative
> example - firmware is an edge case, where efficiency is
> paramount - the author could always claim that it was written by
> hand in machine code; so no CCS exists - the blob is already in
> the "preferred form for modification" - it is reasonable to
> extend the benefit of doubt, for something so specialized to
> drive a very specific piece of hardware - for most software
> though, that same claim would be very weak
I was only pointing at possible good practices for handling the
specific case of firmwares lacking source code in order to
potentially help people fixing the issue instead of worsening the
situation for them.

> On Sun, 3 Oct 2021 20:01:19 +0200 Denis wrote: 
> > So in cases like that it would also be a good idea to archive that
> > source release somewhere, ideally in projects like Archive.org or
> > Software Heritage
> 
> but only the copyright holder could publish proprietary code,
> _anywhere_ - it seems to me that automated archivers such as
> Software Heritage have a huge liability there - people who
> publish code on the hosts which Software Heritage pulls from
> (github for example), grant permission to that one host (per
> their TOS), to publish code on their behalf, which is otherwise
> proprietary; but do not extend such permission to anyone else
> (look but dont touch)
> 
> if Software Heritage notices any proprietary code in their
> repos, presumably they would delete it - so, i dont think it
> could be used for the purpose as you describe, without consent
> of the copyright holder
This indeed increases risk. 

Here I'm assuming that there is some legislation or legal framework
that enables project like the Internet Archive to archive web pages for
instance, because most web pages are under copyright, often without a
license.

But unfortunately not only I'm not a lawyer, but I don't know if these
legislation exist, where they exist, how they look like, etc.

Denis.

pgpUNOlhOcV9O.pgp
Description: OpenPGP digital signature