[CentOS] Re: Vote For CentOS :)

Bryan J. Smith <b.j.smith@ieee.org> thebs413 at earthlink.net
Thu Jun 2 22:03:45 UTC 2005


From: me at prestoncrawford.com
> I blame it for a lot already, thanks. :-)

In reality, there are good reason for it.
E.g., people who had Cobalt systems assumed they were running Red Hat Linux.
They were not, just running a heavily modified version.

So when people tried to patch and update, they got upset with Red Hat.
When the reality was that the distro should have _never_ had Red Hat's name on it.
This was just one example.

I still hear non-sense from Cobalt users on this.  It's funny to see them
come full circle on the logic.

> This is what I don't get, though? What's the difference between internal
> and external?

Whatever the lawyers can prove it is.  ;->

In a nutshell, there is no "cheat sheet" to respecting IP -- be it copyrighted
GPL, trademarked IP or patents.  You must document before you distribute.

If you are using something like GPL, trademarks, etc... "internally" -- you
must guarantee they won't be redistributed to guarantee you won't be
distributing something without a license.  That's all.

No different than any other software.  The GPL does not trump copyright
or any other IP law, although copyright holders are free to clarify what
is and isn't allowed.

> I know, I know, it's all about the trademarked logos, names, etc.
> But at the end of the day, the source code is still the source code.

And we have Red Hat to thank for a lot of it too.

> And it's still GPL. So they have to provide (assuming they're distributing
> a GPL product) if you ask for it, regardless of whether it's internal to your
> company, external, whatever.

Whomever you distribute it to is the only one you are required to give the
source code to.  And you can't put any restrictions on that source code,
or anything required for it to work.

If I do something within my company, my company isn't going to consider
it redistribution.  My company is aware that I am using something under
circumstances that are not public.  So there is no need to abide by the
GPL license in how I use it, and no need for a trademark license either.

But once I start redistributing that outside the entity I work for, then
that's when the legal issues mount.

If I am redistributing additional code with the GPL software that modifies
it in a way that it works differently, then the original copyright holder,
under the granted terms of the GPL, says I have to offer the source code
of those modifications under the same terms, without restriction.  If
I don't, then I am distributing the copyright holder's work without a
license, and he is due damages.

Same deal with trademark.  Once I start redistributing Red Hat's trademark
publicly, I am doing so without a license.  And they are due damages.

Lack of Red Hat's trademark and artwork does not prevent the GPL
software from being used the same as with it.  That's the difference.
Red Hat -- like other distros -- are merely branding their work, into a
packaged unit.

> Once they've distributed GPL-based software, they have to offer the
> source. Period.

Yes, and they do.  They could claim that Fedora Core SRPMS are
everything, except for maybe the kernel and a few other SRPMS.
That's what other distros do.

Most commercial distros have 2 versions:  1 redistributable, 1 non.
The commercial distros then only redistribute the source packages
for the redistributable version, and not for the non.  Red Hat is one
of the very few that do for _both_, so things like CentOS can exist.

And it depends on who you redistributed it to.  That's why I used the term
"publicly" redistributed.  Because unlike the MPL1.0 (or is the opposite,
and 1.1?) and many GPL-incompatible licenses, the GPL does _not_
require you to return any modifications to the copyright holders _unless_
you redistribute it.  The MPL and most off-shoots _do_.

GPL gives you the right to do what the heck you want with it -- even
merge it with proprietary source code.  But if you redistribute that
modification outside of our own, internal uses, then that's when it
becomes an issue.

> They can ask that you not include the trademarks,

On a "public" redistribution.  What is done internally is not a violation
of Trademark Law.  I'm not mis-representing some product or service
I redistribute as "Red Hat(R)" by merely using it.  So there is no
redistribution of the trademark without a license.

> but that aside, they can't tell you that since it's "internal" it can't be
> redistributed.

Huh?  I think you are confused on what I meant by internal/external.

If you use it internally and don't redistribute it, then you are free to
install RHEL on as many systems as you want.  You can even have
a field day and put "Red Hat sucks" all over their trademark.

Unless Red Hat can prove that you are misappropriating their trademarks
_publicly_ -- their mark in the trade -- then they can't prevent you from
installing it on as many systems as you want, and doing what they heck
you want.

At least on the GPL/LGPL portions.  MPL, IBM CPL/IPL, Sun SCSL/etc...
will differ.

> That's not my understanding of the GPL when it comes to source.

GPL source code has nothing to do with this.  The GPL source code
does not require the Red Hat(R) trademarks to operate.  You can
freely bundle anything you want with GPL as long as it's not required
to work.  So for all intents and purposes, there is nothing wrong with
bundling GPL source code with Red Hat, SuSE, Mandrake, etc...

I can even take the SRPMS, rebuild them, and install them on my
systems, with_out_ removing the Red Hat trademark.  But if I'm
providing services for others -- at cost or not -- with Red Hat's
trademark, then it gets a bit more messy.  Why?  Because Red Hat
can claim I'm mis-appropriating their trademark.

That's what got Red Hat into trouble before.  They let everyone freely
use the Red Hat(R) trademark, and it came back to bit them when they
tried to get select vendors (Cobalt, Sun, etc...) to stop leaving it on
massively modified versions.  It was killing the value of their trademark,
because people were assumed something was Red Hat Linux when it
was nothing of the sort.

But that's when Sun barked back and used Trademark Common Law
against Red Hat.  Hence why Fedora(TM) became a reality.  The other
aspects to Fedora Core were already established in Red Hat Linux
in years prior.

> Understood. But their trademark is different from the other
> 99.99999% of the distribution, which is Open Source code.

The trademark is bundled with the GPL code, but it is not required for
it to operate.
 
> I never said anyone had the right to binaries. I'm simply confused
> as to how you can put licensing restrictions on source code simply
> because it's "internal". That is the issue in question, I believe.

There is _no_ "licensing restrictions" because it is "internal."
You can use Red Hat trademarks as you see fit as long as you are
_not_ proliferating their "mark" in the "trade."

The latter is "external"/"public" redistribution.  Which is where you
can get into legal trouble.

> They could not do the latter as far as I understand it. Because
> Fedora Core is not the source code (letter for letter) of RHEL.

Every RHEL package as a 1:1 version to Fedora, typically Fedora
Core, possibly Fedora Development (as it seems MySQL 4 was).
This is fact.  Nothing goes into RHEL without going through
Rawhide/Development first -- if not into Fedora Core.

If you read Red Hat's own development and lists, packages that
have "EL" are typically subsets of the FC version.  Most of the
time, it's due to locale -- Red Hat strips out unsupported locale.

In other cases, there might be supersets, like the kernel.  In those
rare cases, yes, Red Hat needs to redistribute those source changes.

> So they HAVE to make the RHEL source code available somehow.
> Even if it's "pay us for the CDs". 

Nope.  Not at all.  As long as the package is the same between
Fedora Core and RHEL, no need.  One of these days I'm going to
finish a book on Red Hat Configuration Management and show
an _exact_ lineage of a RHEL release built on Fedora Core.

Trust me on this, I've built Fedora Core systems that were _exact_
package equivalents to RHEL -- with the only real exception being
the kernel.  I typically had to "hold back" on versions from what
was "current" in Fedora Core, as well as align up the Fedora Core
version to RHEL.

But they are 1:1 -- versions are everything.

SuSE does the same thing for SuSE Linux v. SuSE Linux Enterprise
Server.  They don't redistribute a lot of the latter.  Xandros is the
same on many of its details, etc...
 
> I agree. What I don't agree with is this idea that once the SRPMS
> are out there in the wild that somehow Red Hat can put restrictions
> on the distribution of the source.

There is no redistribution restriction on the source.  But there are
redistribution on the trademarks if you rebuild from source.

> They just can't, as far as I understand the GPL.

If you outlaw any bundling with GPL code, then you're going to 
outlaw 99.999% of the GPL distribution in existance.

> Once the source has been made available to SOMEONE, regardless
> of whether it's internal, external, whatever, it can be passed on.
 
Yes, without any IP that are not required for the software to function
anyway.

> That's good that they stick "closer" to the letter. I'm not so sure
> they're following it completely, though.

They are.  Ask the FSF.

Too many people put Red Hat under the microscope when there are
other distros are doing far, far less "community friendly."  It's a
double-standard I quite tire of.




--
Bryan J. Smith   mailto:b.j.smith at ieee.org




More information about the CentOS mailing list