GPL projects with non-free code - I don't get it

13 Antworten [Letzter Beitrag]
oysterboy

I am a member!

I am a translator!

Offline
Beigetreten: 02/01/2011

Something has been bugging me for a while, and the recent discussions about LibreJS had me thinking about it.

- The Linux kernel is under GPL v2 (https://www.kernel.org/category/faq.html), but it contains the infamous binary blobs, which should invalidate its Free Software license (you cannot study how those programs work -> no freedom 1).

- A program such as Handbrake is GPL-licensed (https://trac.handbrake.fr/wiki/SupportFAQ#whatisit), yet it contains the non-free FAAC encoder.

- Programs such as tt-rss (GPL) or owncloud (AGPL) contain javascript that is detected as non-free by LibreJS.

Are these GPL-violations? What's the point of carefully picking a GPL-licensed program is non-free code ends up being executed on your machine?

Please enlighten a very confused soul.

oysterboy

I am a member!

I am a translator!

Offline
Beigetreten: 02/01/2011

Cannot edit my post, so fixing a typo here:

Are these GPL-violations? What's the point of carefully picking a GPL-licensed program if non-free code ends up being executed on your machine?

Michał Masłowski

I am a member!

I am a translator!

Offline
Beigetreten: 05/15/2010

> - The Linux kernel is under GPL v2
> (https://www.kernel.org/category/faq.html), but it contains the
> infamous binary blobs, which should invalidate its Free Software
> license (you cannot study how those programs work -> no freedom 1).

The blobs have different licenses [0][1] and are separate programs, it's
"aggregation" allowed by the GPL. The freedom one issue is not
important for non-(free software supporters) who decide to include them.

> - A program such as Handbrake is GPL-licensed
> (https://trac.handbrake.fr/wiki/SupportFAQ#whatisit), yet it contains
> the non-free FAAC encoder.

It's a dependency, not a part of the program. It doesn't have to be a
GPL violation if all GPL-licensed code there has an explicit or implicit
exception for linking with faac (I don't know if it has in this case).

> - Programs such as tt-rss (GPL) or owncloud (AGPL) contain javascript
> that is detected as non-free by LibreJS.

It's not detected as free, since it doesn't have the specific style of
license notices required by LibreJS, it doesn't mean that it's nonfree.
Many free software project have one license file and no notices in
source files, they are assumed to have that license, LibreJS makes this
more noticeable. (ownCloud has standard AGPL notices without the syntax
required by LibreJS, tt-rss doesn't.)

[0] https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/firmware/WHENCE?id=v3.9
[1] https://git.kernel.org/cgit/linux/kernel/git/firmware/linux-firmware.git/tree/WHENCE

oysterboy

I am a member!

I am a translator!

Offline
Beigetreten: 02/01/2011

Thanks for the explanations. I still think it's misleading for these projects to advertise themselves as Free Software projects when the user ends up executing nonfree code, provided by them, on his machine. For instance, I added the Handbrake ppa at one time, confident that it was Free Software as mentioned on its website. But then this is precisely why we use Trisquel repos! In short, it's hard to know if a piece of software that's not in Trisquel's repos really is Free software, without really digging into the source code. The advertised license may not tell the whole story...

Chris

I am a member!

Offline
Beigetreten: 04/23/2011

You make a good point. It would be nice if the FSF started a certification program for software like it has for hardware:

http://fsf.org/ryf

There is a difference between an application not having any non-free dependencies and being under one of the GPL licenses.

Michał Masłowski

I am a member!

I am a translator!

Offline
Beigetreten: 05/15/2010

Probably directory.fsf.org and free distros will solve this problem.
What else such certification would do?

MagicFab
Offline
Beigetreten: 12/13/2010

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2013-07-12 07:47, Michał Masłowski wrote:
> What else such certification would do?

tl;dr: the GPL (or other free licensing) is not enough to guarantee
your freedom or privacy, it's only one of many criteri.

This discussion reminds me of how F-Droid proposes filters to display
its apps. F-Droid is an alternative to Google Play which lets you
install freely-licensed Android apps.

Check out the filtering proposed:
https://l1bre.ca/album/picture.php?/199/category/4

When I saw this the very first time I thought it was great. It is a
good example to explain why some software, even being published under
a free license (GPL or else) doesn't necessarily have your interested
in mind first.

It illustrates the difficulty for end-users (and I include myself) to
actively monitor and carefuly check/choose which apps to install based
on such criteria, nevermind security/permissions (notice the "require
root" criteria). In fact the UI in F-Droid doesn't show per-app
criteria, rather it offers to completely filter out or in any criteria
on that list.

This same checklist could apply to such certification:

[ ] Contains (unethical?) advertising - eg. ads
[ ] Tracks and reports your activity
[ ] Promotes or depends on proprietary add-ons/plugins/extensions
[ ] Promotes or depends on proprietary libraries/software
[ ] Promotes or depends on proprietary SaaS server software
[ ] Promotes or depends on a proprietary build toolchain

The list is a bit longer if you want to also evaluate a project's
health and chances of becoming/being/remaining actively maintained.

F.

- --
Fabián Rodríguez
http://fsf.magicfab.ca

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: PGP/Mime available upon request
Comment: Using GnuPG with Icedove - http://www.enigmail.net/

iEYEARECAAYFAlHgAdkACgkQfUcTXFrypNXVWQCghdHCAPKmgVakqTobtbrOrmrq
UaMAoNbnkTOd3tI+NLCGuLfjRCy8/Que
=/ZP3
-----END PGP SIGNATURE-----

Michał Masłowski

I am a member!

I am a translator!

Offline
Beigetreten: 05/15/2010

> tl;dr: the GPL (or other free licensing) is not enough to guarantee
> your freedom or privacy, it's only one of many criteri.

Yes, it's one of the reasons why I like
https://gnu.org/philosophy/free-sw.html more than the DFSG and OSD and
why I wrote http://b.mtjm.eu/free-software-licenses-freedom.html.

> When I saw this the very first time I thought it was great. It is a
> good example to explain why some software, even being published under
> a free license (GPL or else) doesn't necessarily have your interested
> in mind first.

It is. (Let's assume that Ubuntu haven't explained it completely.)

> This same checklist could apply to such certification:
>
> [ ] Contains (unethical?) advertising - eg. ads
> [ ] Tracks and reports your activity
> [ ] Promotes or depends on proprietary add-ons/plugins/extensions
> [ ] Promotes or depends on proprietary libraries/software
> [ ] Promotes or depends on proprietary SaaS server software
> [ ] Promotes or depends on a proprietary build toolchain

RYF devices have no such antifeatures, some free distros modify packages
to remove them. Stricter certification requirements might be useful.
(I remember several discussions of hardware endorsement and free distro
criteria not being strict enough.)

> The list is a bit longer if you want to also evaluate a project's
> health and chances of becoming/being/remaining actively maintained.

More possible criteria:

- does it use nonfree software for development? (e.g. Github, nonfree
DVCS, nonfree wiki software, RAR for release archives)
- how easy it is to fork it/understand why it was written in such a way?
(e.g. does it use a decentralized VCS or has no public VCS, are issue
reports public)
- does it have multiple copyright holders?

Michał Masłowski

I am a member!

I am a translator!

Offline
Beigetreten: 05/15/2010

These projects don't call themselves free software. There is too much
emphasis on licenses, not user freedom, in open source.

oysterboy

I am a member!

I am a translator!

Offline
Beigetreten: 02/01/2011

Le 2013-07-12 06:46, name at domain a écrit :
> These projects don't call themselves free software.

The Linux kernel explicitely does so on
https://www.kernel.org/category/faq.html :

Is Linux Kernel Free Software?

"Linux kernel is released under GNU GPL version 2 and is therefore Free
Software as defined by the Free Software Foundation. You may read the
entire copy of the license in the COPYING file distributed with each
release of the Linux kernel."

Michał Masłowski

I am a member!

I am a translator!

Offline
Beigetreten: 05/15/2010

Thanks, I've seen many pages about it without reading that FAQ.

Chris

I am a member!

Offline
Beigetreten: 04/23/2011

That might have been true although I think there is disagreement on this now because of the non-free blobs which are included for hardware support.

onpon4
Offline
Beigetreten: 05/30/2012

LibreJS is not omniscient; it guesses at whether or not a script is free based on the presence or lack thereof of suggested comment tags. Most scripts don't have these, so in practice, LibreJS tends to just block everything.

WRT Linux: I read somewhere that Richard Stallman thinks that the binary blobs are a violation of the GPL, but the Linux contributors don't care/haven't taken action.

ssdclickofdeath
Offline
Beigetreten: 05/18/2013

I just installed Handbrake a couple of days ago, now I learn it's not fully free. Now my computer will have one less program.