[CentOS] The elephant in the room: Oracle

Mon Oct 30 22:45:24 UTC 2006
Paul Heinlein <heinlein at madboa.com>

On Mon, 30 Oct 2006, Johnny Hughes wrote:

> On Mon, 2006-10-30 at 13:25 -0800, Trevor Benson wrote:
> > > Not at all. rhn access would be all that's required, and centos 
> > > has such accounts. If not I'm certain that we could come up with 
> > > a few such accounts for donation, and be right back to business 
> > > as usual. GPL protection is a wonderful thing.
> > 
> > Providing the source (as required by GPL) could be in tar.gz 
> > format. This would be adequate for GPL compliance.  Nothing in the 
> > GPL states that a company is required to hand out their SRPM's and 
> > the Spec file they used, or even tell you the build environment 
> > they used to accomplish this.  Thus the source RPM and Spec file 
> > that make CentOS possible could be ripped out of RHEL's offerings 
> > to clients, causing harm to CentOS.
> 
> That is not true ... here is the quote from the GPL:
> 
> "The source code for a work means the preferred form of the work for 
> making modifications to it.  For an executable work, complete source 
> code means all the source code for all modules it contains, plus any 
> associated interface definition files, plus the scripts used to 
> control compilation and installation of the executable."
> 
> The SRPM is the mechanism by which the binary file is produced (ie, 
> it controls it's compilation in RHEL) and it contains pre and post 
> install scripts that control the installation. Therefore it must be 
> distributed to anyone who has had the binaries distributed to them 
> if they ask.
> 
> If you legally obtain the binaries, and ask, the source code must be 
> provided ... and in the case of an RPM based distro, that would be 
> the SRPM.  If someone is not providing that and you legally obtained 
> the RPM as a customer, it is a violation of the GPL.

I'm mostly ignorant on these things, but wouldn't Red Hat be obliged 
to supply only those SRPMs used to build software released under the 
GPL? What about Apache, BIND, Kerberos, OpenLDAP, OpenSSH, Perl, 
Sendmail, SQLite, TeTeX, Vim, X.org, and others?

Non-GPL licenses account for roughly 30% of packages on a 
representative login server:

$ rpm -qa --qf '%{name}: %{license}\n' | grep -v GPL | wc -l
270
$ rpm -qa | wc -l
851

Not that Red Hat would do such a thing! Still, it seems to me at least 
legally plausible.

-- 
Paul Heinlein <> heinlein at madboa.com <> www.madboa.com