The world of Linux has seen some disquiet over recent weeks following the decision of Red Hat to restrict source code distribution for Red Hat Enterprise Linux (RHEL) to only their paying customers. We’re sure that there will be plenty of fall-out to come from this news, but what can be done if your project relies upon access to those Red Hat sources?
The Red-Hat-derived Rocky Linux distro relies on access to RHEL source, so the news could have been something of a disaster. Fortunately for Rocky users though, they appear to have found a reliable way to bypass the restriction and retain access to those RHEL sources. Red Hat would like anyone wanting source access to pay them handsomely for the privilege, but the Rocky folks have spotted a way to bypass this. Using readily available cloud images they can spin up a RHEL system and use it to download their sources, and they can do this as an automated process.
We covered this story as it unfolded last week, and it seemed inevitable then that something of this nature would be found, as for all Red Hat’s wishes a GPL-licensed piece of code can’t be prevented from being shared. So Rocky users and the wider community will for now retain access to the code, but will Red Hat strike back? It’s inevitable that there will be a further backlash from the community against any such moves, but will Red Hat be foolhardy enough to further damage their standing in this regard? They’re certainly not the only large distro losing touch with their users.
I can see a firewall rule added that requires a login to allow access to download.
Wouldn’t that violate the GPL?
Everything IBM is doing is to violate the GPL. But it will need lawyers to prove it. And that will be costly.
The Free Software Foundation has lawyers and the means.
Has GPL ever really been tried in court? A court could rule GPL as unenforceable, and that would be a disaster.
Steve Jobs negotiated out of court (NeXT was violating it with their compiler front end), and so GCC got ObjC support. Currently Apple avoids GPLv3 like the plague. Google forbids AGPL. Big companies do not seem to want to test, specially newer versions.
Anyway, RHEL includes more than GPL code. They could stop distributing all the BSD, MIT, etc code at all, making derivatives hard or impossible.
Yea, so? :)))))
In what way? GPL requires you to provide source code to anybody you distribute your binary to. If they have not distributed their binary to someone, there is no obligation to distribute source code to that person.
Seems like they are already violating the GPL pretty good.
In the early 2000s, I worked at IBM.
I recall a message (Note) from management about their decision to go Open Source. The message casually mentioned “in a few years we’ll own this thing!” (Maybe it is not an exact quote, but the arrogance implied was a jaw dropper to me.)
It is technically not against GPL license to stop people who have not access to their software to see their source-code. GPL license ask the code source to be available to anyone who have access to the product.
Where the problems start is on their EULA, they have agreement that you have to agree with that if you redistribute a product based on their source-codes, they could terminate instantly your Red-Hat subscription and so stop you from having access to their source-codes. This contract of service goes directly against the spirit of GPL.
Sure, they couldn’t sue you to distribute the source, since it is part of the GPL license that you have the complete right to do so, but they can stop you at their will to access any further updates. So what what Red-Hat try to do is going at the very edge of what is legal for what I understand. And the worst part is that what they were selling was the support, not the OS itself for what I understand, but now you need a license to be able to used their software.
Anyways we will see how Red-Hat react against the subscription-need bypass that Rocky have found.
Easy to solve from a technical sense, but by license if they’re distributing rhel then red hat has to provide the sources.
Interesting that they’re using the cloud services as a work around, very clever as I’m sure that red hat won’t be changing Amazon’s policies.
> Easy to solve from a technical sense, but by license if they’re distributing rhel then red hat has to provide the sources.
They have to provide sources to whoever they provide RHEL to. However, the incredible evil thing they did, is they say “sure, here are the sources under GPL, however, if you distribute those, you lose your RHEL license”. So they don’t tag anything extra on the GPL license, as that’s not allowed, but they tag something on their support license to counteract GPL.
It’s like a shop offering free apples, but if you take one out of the shop, you’re never allowed in the shop again. Sure, the apples are free, but not free to take.
Making support less useful for those that need it. Also those that don’t still have the issue of access being behind a gating mechanism (no license, no access). Tivo would be proud of their sneakiness.
Yeah, they could try to claim they are only distributing RHEL to the cloud providers, and not to the users of those systems. And then require cloud providers to block the RHEL source downloads from their cloud servers.
After all, it is well established that a GPL website does not distribute itself to everybody browsing the site – there is AGPL for that. Cloud servers are different in that you can go and download the binaries, so in essence it is distributing but I doubt there are any court cases about that yet.
Looks like the parasites are getting angry. The days of downloading without contributing are over.
Couldn’t agree more. The freeloaders complaining are the ones who never paid a dime to Red Hat or other open source projects, but want to profit personally from it. Nobody works for free
Are you actually talking about Linux?
If you honestly believe that the GPL was set up by parasites to trick contributors into writing for free, you might want to explain how. The Linux community have not traditionally equated sharing with parasitism. You might want to research why.
Looks like you don’t understand in what ways so called parasites are contributing and how IBM is the actual parasite here
So if Rocky is there, where is Bullwinkle? And I’m sure Boris Badunov and Natasha Fatale are trying to steal the source code for Fearless Leader in Pottsylvania.
Imagine if there was a distro that RH can create to be similar to Rocky or Alma… This sarcasm goes to anyone at RH thinking that CentOS was just a mechanism to drive engangement that was to end and be monetised. Unfortunately this is not how it works, this is not how any of open source works, and no, you cannot convice people they don’t like open source just because you want to make money.
Next RHEL derivative will be called HolocaustOS:
https://en.m.wikipedia.org/wiki/IBM_and_the_Holocaust
Thanks for the link!, i had no idea about that part of history.
Yeah. IBM has a lot of bad blood on their hands, figuratively and literally.
You gotta be dumb to believe all that crap :))))
Trolling doesn’t make you right.
Long live Debian!
Why doesn’t Red Hat just fork freebsd or something, make it proprietary/source available and be done with it
It worked for apple!
Nobody would use it. Businesses currently use RedHat software because they’ve done that in the past, their hardware and software is already configured for RHEL. CentOS, Alma, Rocky are popular because they provide 1to1 compatibility to RHEL. Now imagine them forking BSD, it’s not compatible at all. From ABI to basic configs. FreeBSD is POSIX compliant, while Linux is not.
> FreeBSD is POSIX compliant
Yes, the three people from 1995 who care about POSIX really care about FreeBSD.
Welcome to 2023. POSIX and GOSIP and OPENthisandthat are history. Go quantum your blockchain AI crypto meta cloudverse and have a great day.
POSIX – A joke without a punchline.
Absolutely right. Of course IBM’s wider strategy is to destroy demand for free software and increase their market, so they have to go to war and convince people that RH wrote all the code in their distribution, or that ALL contributers secretly wanted to publish under restrictive licences. It as to be cheaper than actually rewriting everything.
You mean will IBM who’s known for these type of dirty games strike back? Perhaps a solution would be to pay for stuff even if little. I mean I totally get RHs point. This has been long coming and everyone that’s been around Linux should not be shocked. Back when Novell took over SuSe you saw what greedy companies can do to a good thing. However when SCO tried to screw the pooch in a big way if you recall by claiming that UNIX code was in Linux, IBM fought for OSS and took them to court and won. That case is the reason why you still have FOSS. So, I get the big picture here and the need to make money but at the same time there must be room for these kind of community projects. In short, this is a complicated issue folks one that may not end up good for the little guy. I’m telling you.
I agree. If you buy it, you get the source code via the GPL requirements. Otherwise, …. no. Seems like a reasonable business practice.
Ah all the IBM hates from The Register are now here too … lol
The move is mainly against Oracle Linux, Rocky and Alma are just collateral.
Also the creator of Rocky is a f. shady guy. First he sold the open source Centos to Redhat, then he said they can’t kill it and creates Rocky which he will eventually hand over again.
And actually this decision was not IBMs but Redhat. They wanted to do this for a long time, now they just have the mean to do it.
Greg K was not a part of the CentOS Project when it was sold to CentOS.
While IBM may not have given a direct order to do this exact thing (even though I wouldn’t rule it out), I wouldn’t say that they didn’t have a hand in it. They are relentlessly pushing for more and more profit from Red Hat during a major economic downturn. The Sales numbers are dismal this year for RHEL, but the reason isn’t because of competition or companies rebuilding RHEL, it’s that companies are shrinking because of the economy. Red Hat Sales Teams don’t get paid on renewals, only net new. Yet Companies don’t buy more when their budget is now less. None of this matters to IBM though, all they care about are the numbers. So Red Hat is having to do some very unlike Red Hat things to try and prop the numbers up in the short term. They sold their ideals and culture for a quick payday from IBM, and now have to deal with the consequences of dealing with the devil (see Holocaust link above for info).
So, Yes, IBM’s relentless push for a return on their investment has everything to do with this decision.
IBM bad history with the holocaust is a tragedy. But you can’t be serious using this as argument here. And btw there were enough US companies working with Nazis.
“Although neither Ford nor General Motors ever fully conceded that they had willingly participated in the use of slave labor, they both were massive contributors to a fund started in 2000 for Holocaust survivors.”
And agreed, is about the numbers, but it’s absolutely about the competition. Oracle Linux is takes the work RedHat did, and uses it to power they own cloud to make money off this, that revenue or part of it should do to RedHat. Oracle does not give anything back. Both RedHat and IBM are big contributions to OpenSource Software, or the Apache to Eclipse Foundation, so your arguments don’t hold any merit.
If someone from Red Hat has the guts to publicly say, “Simply rebuilding code, without adding value or changing it in any way, represents a real threat to open source companies everywhere.” in an official capacity, they can also be trusted to be blunt about IBM’s involvement in these decisions. But almost every Red Hat employee has publicly denied this accusation. Therefore, I don’t believe IBM shot themselves in their foot either. But you are free to believe what your heart says.
No, the Holocaust thing is an aside, it was not the crux of the argument (and its strange that that’s what you took from that whole thing). The argument is that IBM wants to recoup all the money they invested, so they are pushing Red Hat hard to generate revenue. Its literally all we are directed to do internally nowadays (Yes, I am a Hatter). If it doesn’t generate revenue, we aren’t to work on it. Since the economy is down, Red Hat is having a hard time convincing people to buy, so they are grasping at straws to keep our IBM overlords happy. Attempting to eliminate competition is just the way our inept CEO choose to do it.
So yes, I would say my argument holds a lot of merit.
Also, Oracle actually does give back, they do development on the kernel just the same as Red Hat does.
https://blogs.oracle.com/linux/post/contributing-to-the-core-of-linux
As for that “revenue should go to Red Hat”, it would be a better argument that that revenue should go to the original developers. While yes, Red Hat does give back, a vast majority of the code in RHEL is not of Red Hat origin. With your argument, since Oracle is also contributing, should not a portion of Red Hat’s revenue go to Oracle? No? Well exactly, that isn’t how any of this works. Including the down streams. With Open Source, there is no responsibility to “give back” in order to use it, as long as you abide by the license. With Copyleft licenses, you only have to give back if you change it, etc.. not if you use it (or give it away or even if you sell it).
I am sure Rocky and Alma will get there eventually to where they are giving back to the kernel and elsewhere, but they are both still pretty young and small comparably. Red Hat was once that size too, and at the time they were concerned with getting the business started and surviving as an Open Source company then “giving back”.
It seems that if you completely by pass writing your OS from scratch to stand on the substantial foundation that is Linux then it’s on you to figure out a way to earn money and STILL supply free public access to your additions. If you don’t want to do that then write your own OS from scratch.
Richard Stallman, the visionary behind the Free Software Movement and the Free Software Foundation, frequently underscores the significance of “free as in freedom” over “free as in free beer.” Back when I initially delved into the realm of GNU/Linux three decades ago, the Free Software Foundation actually required payment for access to software documentation. Stallman has repeatedly emphasized that his intention behind “free” was never solely related to costlessness.
I sense a GPL v4 being created because of IBM
Copyleft licenses have experienced a decline in popularity. Here are the current rankings:
MIT: 44.69%
Other: 15.68%
GPLv2: 12.96%
Apache: 11.19%
GPLv3: 8.88%
BSD 3-clause: 4.53%
Unlicense: 1.87%
BSD 2-clause: 1.70%
LGPLv3: 1.30%
AGPLv3: 1.05%
Moreover, it is worth noting that the proportion of GPL code in a typical Linux distribution is currently estimated to be around 3%. Considerable efforts are currently underway to rewrite the remaining pieces of code. Estimates suggest that within the next five years, the Linux kernel will be the sole remaining component using the GPL license.
I was aware that copyleft licenses were in decline but not that bad. Do you have a source for this information, especially about Linux distributions that replace the GPL?
I apologize for not providing proper citations for the information I shared. I would like to clarify that a significant portion of the information is based on my experience as a GPL Compliance Auditor and Development Strategist in the company I work for. Verifying these claims would require more extensive work than a simple response to a post and would be more appropriate for a dedicated article.
> Estimates suggest that within the next five years, the Linux kernel will be the sole remaining component using the GPL license.
That seems like a weird thing to say, as GNU/Linux is composed of both GNU and Linux, both are completely GPL, and that isn’t going anywhere. Systemd, YUM and APT are also GPL (I’m considering LGPL as a GPL variant), as well as all of RedHat system tools. All the other things are optional, but GNOME and KDE are both completely GPL, as well as most other desktop UIs. Built-in programming languages – such as Python, Perl and Ruby are distributed under their own licenses (but these are few and also use pretty uncommon licenses – I’ve never seen any other software under a Ruby license or a PSF).
I wonder what huge trove of “core Linux” software is there that isn’t GPL?
Most Linux distribution also distribute a lot of additional applications to be used on top of Linux, such as databases, web servers and such – these are indeed often not GPL licensed and there are definitely more “Linux applications” software packages (and “Linux applications” lines of code) then there are “Linux core” packages, but I really don’t think that bundling a lot of non-GPL applications with a Linux operating system makes the operating system itself “less GPL”. Definitely not to the point of 3%.
(I know there are non-GNU Linux operating systems, but no one treats Android as a Linux operating system – I thought we are talking about RedHat and RedHat-like Linux OSs).
It’s not like there aren’t other commercial support-offering distros. SUSE Enterprise Linux and Canonical both offer excellent choice offerings.
So soon they forget when the foo was on the other ….
https://en.wikipedia.org/wiki/Red_Hat,_Inc._v._SCO_Group,_Inc.
Don’t really like the decisions that have been made at Red Hat for a while now. I understand needing to have a business model, but they’ve got a functional one already.
Red Hat doesn’t want a lot of money for the source code – you get it with your $350 RHEL seat license (or for the hourly price of an EC2 VM). What you don’t get (at least according to the Red Hat subscriber agreement) is permission to redistribute the source code – which is what the GPL is supposed to specifically allow, but Red Hat wouldn’t sell you this permission for all the money in the world.
You can redistribute the source code if you remove trademarks. That’s actually very common in GPL code. Firefox does the same thing. In fact, in the United States, if you do not defend your trademark, then you actually lose it. Trademarks are important because they can help convey something that people can then trust. Unlike copyright, design, patents, or technical patents, they are very narrow and only convey and identity. I think they have a very justified place in open source.
Yes – the GPL license allows you to redistribute the source, but RedHat subscriber agreement forbids you from distributing the code (quite explicitly: https://developers.redhat.com/terms-and-conditions). If you exercise your right to distribute GPL code you got from RedHat, you will find your RedHat license immediately revoked, and possibly facing a lawsuit.
“This Agreement establishes the rights and obligations associated with Subscription Services and is not intended to limit your rights to software code under the terms of an open source license.”
sounds like GPL compliant to me. They said you cannot redistribute the subscription service… That basically means you cannot give other people access to your account… can people read?
After reaching out to the Freedom Law Center regarding this matter, I was informed that the actions of RedHat/IBM are completely legal. While it may not be morally acceptable, it falls within the bounds of the law. By severing their relationship with a customer who chooses to share the source RPM packages, they are essentially conveying the message of, “Alright, we will provide you with the source code, but we have decided to no longer maintain you as a client or someone to whom we distribute software.” The GPL does not explicitly require them to distribute any code to individuals like you or me. However, it does state that the rights granted under the GPL apply to those who legally obtain the GPL software.