Translations: Thai (by Wason Liwlompaisan)
This is a transcript of a twenty-five minute presentation by Richard Stallman on Saturday the 25th of February 2006 in Brussels, Belgium - the first day of that year's FOSDEM conference. Stallman was speaking about the proposed third version of the GNU General Public License and the related year-long public consultation process.
The transcript was made and checked twice from a video recording made by Ciaran O'Riordan using a consumer-grade digital camera. A better video of the event is available at ftp://ftp.belnet.be/pub/mirror/FOSDEM/FOSDEM2006-GPL.avi
I am the main author of all versions of the GNU GPL, but I have always had help from a lawyer. In the past it was Jerry Cohen, in this version it's Eben Moglen, who I first began working with in the mid 90s.
The reasons for this revision are many, because the changes are local and mostly small. There is no big change in GNU GPL version 3. There can't be and must never be. The basic idea will always be the same.
We're changing specific parts of the GNU GPL to respond to specific issues. And we've also published explanations of all the changes, in the Rationale Document which you can find on the site: gplv3.fsf.org.
That site exists for the sake of comments. It exists not only so that you can see what we're proposing to do but so that you can say what you think about it and in particular so that you can give us constructive suggestions, so that we can make sure we get it completely right. So please do go to the site and look at the Rationale Document.
Among the changes, the most important four, I will say, concern dealing with software patents, compatibility with other licences, the definition of which parts of the source code and what constitutes the source code that must be included in it, and dealing with Digital Restrictions Management.
I was just reading, the details of a new plot by IBM, Microsoft, Disney - actually I can't remember for certain now if IBM was in it - it was Disney, Microsoft, Sony, and Intel, and maybe IBM was there too. It's called AACS, and it's the new digital restrictions management system, or feature, and it's designed to restrict the use of movies and software.
It involves designing computers such that they are hard for people to take control of and modify. Anyone who is going to be allowed to make devices that can work with high-definition TV would have to sign this, I believe. And these requirements include not only designing the thing such that users can't control and can't modify it but they even are promising to stop making analog outputs.
An analog output is considered to be a security hole. Their idea of the computers of the future is that there will be no analog output ever. You will not be able to connect a computer to any monitor except one that's designed to receive encrypted video.
These conspiracies to take control of our computers away from us are becoming more arrogant and blatant and shameless every year. These companies know that they have too much power, and they figure they're going to use it, and they're going to impose on us their picture of what the world should be like. We have to try to resist this in every way that we have.
Some people have suggested that people should buy this hardware and return it to the store, and buy it and return it to the store. They said that that makes life too difficult for the stores. Well, I'm looking at different way to try to resist these threats and that is to make it impossible for them to corrupt free software.
You see, what they want to do, is distribute to the public software which theoretically is free and practically speaking is not. They want to distribute GPL covered software to the public and say "These binaries are under the GPL, and yes we'll give you the sources if you ask, and the sources is GPL and yes you can modify it, you just won't be able to make any use of the modified work in our computer because if you install it it won't actually run or it won't actually do anything useful."
We came to the conclusion, that that is not really respecting the user's freedom to change, and share software. And the purpose of the GNU GPL is to establish and guarantee that freedom, so the GNU GPL version 3 is designed to make sure you really get that freedom, to prevent our software from being corrupted by Treacherous Computing or Digital Restrictions Management.
But it does this in a very clever way - at least I think it's clever - it doesn't use the obvious method. It doesn't limit what technical jobs the software can do, because that's another principle of free software, people should be able to use the software and run it for any purpose, and change the software to do whatever they like. So we have not said "you can't change this software to do the jobs that you would do if you were trying to restrict people". Instead, we focussed on a different aspect of DRM, which is, stopping the users from controlling the software that runs in their machine. Treacherous Computing is designed such that if you modify the software, it won't be able to do the job.
They use things like checksumming the software and checking whether it has been signed and authorised, and so if you modify the program and you install it, since your version hasn't been signed by them, your version isn't really authorised, so either it won't run, or it won't be able to open the files that you want to open or the network server will refuse to talk to it, or in one way or another you will be blocked from really doing the job that the original version was set out to do.
So what we're doing in GPL version three is, we're saying they're welcome to design free software to do whatever it is they want, and they're welcome to set up the machine such that it won't run a program unless it's been signed, but they have to give you the signature key so that you can sign your own version.
They must give you the signature key so that you can authorise your version at least to run on your machine.
Now, if each machine has a different signature key, they only have to give your signature key to you. Your machine's signature key. They have to give it to you, they don't have to publish it, they don't have to give it to anyone else. They can even promise you that they won't give it to anyone else, but they have to give it to you.
So this ensures that you really have, practically speaking, the freedoms to modify the program, put it into the machine, and have it really run and it must be able to do the same jobs on the same data, which means it must be able to access the same files that the unmodified version would have accessed, or talk to the same network server that the unmodified version would have talked to.
So whatever the program needs to be able to give the network server so that the network server will talk to it, they have to give that to you.
This won't stop distributions from distributing signed binaries?
Not at all. When the purpose is to prove this is "my" version of the binary and it was not changed by someone else, that's a completely different scenario because they're not giving you a machine that refuses to run the software unless it's been signed by them ...and therefore there's no harm in that. So, for instance, if you want to distribute binaries or sources of your program, and sign them so that people can tell they're your authentic versions, you're still free to do that, and they can still get the corresponding public key and check your signature.
The reason that these requirements in the GPL don't apply in this case is that, in this case, the user checks if he wants to. It's not a machine that's checking it and refusing to run the software if it isn't signed by you. If you give them a machine that won't run the program unless the binary has been signed, then you have to give them the signature, but if you just sign your binaries or your sources and say "check them if you wish", the requirements don't apply in that case. The requirements say you must include whatever keys or codes are necessary to authorise a modified binary so that it will function the way the original binary would. If it isn't needed to make the modified binary function, there's no requirement.
This is an issue that we worked on quite a bit, figuring out how to block the corruption of our software for Digital Restrictions Management without limiting the technical features it can have. So instead of attacking the technical features of DRM, we attack the thing that makes DRM evil, which is the fact that it has been taken out of the user's control. So we thwart DRM by insisting that the user must retain the control of the machine and as long as you respect that, you can program the software to do whatever you like.
A second major area was how to deal with software patents. We decided that the implicit patent licences that we were relying on in GPL version two, were not solid enough so we put in an explicit grant of patent licence on the part of whoever distributes the software.
[Richard points at audience member] If she gives you a copy of the program, she is implicitly giving you a patent licence for any patent that she has or controls that you would need to infringe in order to use the software or use its output.
This follows various other free software licences that came out during the 90s.
Suppose someone is distributing a program, and he has a patent licence. So he thinks the program infringes some patent, but he has a patent licence so he's not going to be sued, but you might get sued if you redistribute it. That's not fair, so we put in a requirement that if he knows he's relying on a patent licence, he has to do something to ensure that he's shielding you as well when you carry out the freedoms that the GPL gives you. This is a matter of honesty.
When he distributes the program to you and says "this is under the GPL, you're free to redistribute this", and at the same time he knows that if you redistribute it you'll get sued, even though he can't get sued, that's dishonesty. So we require him to do something to make sure you won't get sued either, if he knowingly relys on a patent licence.
On the other hand, if he's just taking his chances, he doesn't have to do anything special. [skip] that's the most we can ask.
But, this is complicated because there are mega corporations that have blanket cross-licences. Two mega corporations say "we'll cross licence all our patents", and they don't even know what they have patent licences for. So this is why we put in the "knowingly rely on" part, because we don't want to impose a requirement on, say, IBM, to do something for other people when IBM doesn't even know that it has a patent licence for a certain patent. So we put in those words "knowingly rely on". This apparently is rather controversial: exactly where that line should be drawn. But it's actually a pretty small change.
Another big change - comparatively big - is that we've decided to make the GPL compatible with some additional free software licences that are incompatible with GPL version two. It's a practical inconvenience, this incompatibility, and it's nice to get rid of it. We can't get rid of all these incompatibilities because that would require eviscerating the GPL, making it null, effectively. The GPL requires that users must get certain freedoms and we can't allow the addition of absolutely any requirement but instead we decided to list a specific set of additional requires that are ok. So other licences can add requirements of those kinds.
For instance, they can make specific requirements about how to give notice of changes. Or which kinds of credits to preserve. Or statements that "you mustn't use our names for publicity", and also there are a couple of more interesting requirements that are also permitted in the other compatible licences.
One of them is the Affero GPL requirement that says "if you run this for public access, you must provide a command to download the sources". So the Affero GPL is the same as the GNU GPL version two but it has one additional condition which says if you put any version of this program on a public web server, you've got to have a command that the user can use to download the source of your version. So we were thinking of putting a requirement like that into the GPL version three, together with a way that people could explicitly activate it, but then I decided that it would be much simpler just to let this be a compatible licence and put this compatible licence on files that they're programming. So GPLv3 will not make this requirement, but it will be compatible with licences that have this requirement.
And then there's another kind of requirement that the GPLv3 is compatible with, and that is: patent retaliation. There are several free software licences that have patent retaliation clauses where they say that if you sue for software patent infringement, then you lose the right to use and distribute this program. And the details vary, because different licences work this out in different ways, so we drew up a criterion for acceptable software patent retaliation clauses and they are allowed now in GPL version three in compatible licences. So a licence can be compatible with GPL version 3 and contain a software patent retaliation clause - but only certain kinds of software patent retaliation clauses.
There are two kinds that we said are ok. One kind is where retaliation only occurs against aggression. You see, if Party A sues B for patent infringement, the thing B is most likely to do, if he can, is counter-sue. If Party B has a software patent, Party B will look for a way to counter-sue. We've decided we want retaliation only against A, not against B. We want retaliation only against those who commit the aggression. Not against those who are themselves retaliating. So we have a way to make the distinction.
The other kind of software patent retaliation clause that's okay is where it retaliates only from lawsuits directed at the same code or code that was released with it. That is, retaliation for software patent lawsuits that are targeted very close to the same program that would target them.
This creates a somewhat complicated situation because it means that a GPL-covered program can have parts that are under these compatible licences which make certain kinds of other requirements. To help make it clear to the user what the rules are for using any particular program, we said all these licences have to be collected and put in one pile which you can easily find. ...and I think it said it had to have a certain name, I don't remember actually that detail. But the result is that it will be easy to look in a GPLv3 covered program and see all the other licences.
These other licences will be limited. They can't be absolutely anything. They can give additional permissions any way they like, but for making additional requirements, we have this list of five or six kinds that they can be, and that's all that's allowed, and I told you, just now, what they are.
Then the other place where we're doing some work is in the definition of "complete corresponding source code" and what has to be included in that. Some changes that are a bit subtle in the system library clause. The clause that says you can distribute the binary for a non-free system, and it's been linked with some non-free system libraries, there's a special exception.
We've done some rewriting of this, to try to modify it to work the way the new systems work now. And at the same time, to limit it a bit more to avoid loopholes where they want to extend Emacs, with non-free extensions so they write a special library in their system which is the Emacs Extension Library, then they distribute a binary of emacs linked with it and they say "Ah, this is a system library". We're making sure that that cannot be done.
By the way, the GPL version three will be finalised, either in October or early next year. There's plenty of time to comment, but don't wait because we're going to make another draft, in July, I believe, and if you want your comment to bring about changes in that draft, that would be desirable if you've got good comments. Please go to gplv3.fsf.org and give us your comments now. Study the draft, and look at the explanations, and then see if you can see a scenario where this text will not do the right thing, and give us your feedback.
So now on to questions...