A superficially modest blog post from a senior Hatter announces that going forward, the company will only publish the source code of its CentOS Stream product to the world. In other words, only paying customers will be able to obtain the source code to Red Hat Enterprise Linux… And under the terms of their contracts with the Hat, that means that they can’t publish it.

  • @carlyman@beehaw.org
    link
    fedilink
    1811 months ago

    Can we avoid clickbait titles? Really hoping the Lemmy community is better than what Reddit turned into.

    • @aranym@lemmy.nameOP
      link
      fedilink
      31
      edit-2
      11 months ago

      …I don’t see how this is clickbait, this is a major damaging move to downstream distros. They can no longer use RHEL source. Also, I just copy and pasted the original article’s title. RHEL is an extremely influential distro, others will follow its lead.

      I actually considered changing it at first because I didn’t think it properly conveyed just how damaging to open source this is. This is an inflection point for the entire space. Red Hat is one of the most influential distros and others will follow its lead.

      If you disagree with my take, fair, but tell me why. Same for all the people upvoting @carlyman’s comment. I want to have real discourse with you all, and I will change the title if you have good reasoning that it is in fact inaccurate. Like you said, we don’t want this to be like Reddit.

      • 13zero
        link
        fedilink
        9
        edit-2
        11 months ago

        It’s also against the spirit of the GPL if not the letter. Red Hat isn’t just required to release source code to its customers upon request; that source code comes with GPL rights and restrictions attached (including the right to distribute).

        Is it legal for Red Hat to require customers to waive their GPL rights? I don’t think it should be, but I don’t think courts are particularly friendly to copyleft holders.

        • IHeartBadCode
          link
          fedilink
          1611 months ago

          I will leave this article from the Software Freedom Conservancy which gives an analysis of the legal impact of the new terms of the RHEL CCS distribution in terms of the GPL.

          In short, it is as you say, not distributing to the public at large is only a violation of the spirit of the GPL but not an actual legal violation. As for redistribution, the new terms stipulate that RedHat CANNOT STOP YOU from redistributing the code (unless you forgot to remove their icons/artwork/copyrightable stuff), but doing so will put you under consideration for a 30-day notice that your ability to access binaries and sources will be revoked.

          Additionally, the SFC has gone ahead and assumed that RedHat will have little inclination to sell a single license to Rocky or Alma for them to them attempt a systematic way to get around their RHEL CCS distribution model. In short, RedHat has come full circle in implementing the full breadth of their hostilities towards downstream projects of their RHEL.

          I know RedHat folks justify it as “None of the downstream projects helped patched anything. That the downstream projects were the ones being hostile and RedHat is just finally responding in like.” I think the “none” might be over exaggerated, but RedHat has indeed submitted easily over 90% of the patches to RHEL’s code base. That said, working with the community to help foster more contributions is the correct answer, not taking the ball and going home.

          All in all, RedHat is basically allowed to do what it is doing. But everyone is free to not like this path RedHat has taken themselves down. I mean, there’s a lot of “questionable” spirit of FOSS that multiple companies that contribute to open source do with their product. cough Java cough.

            • 13zero
              link
              fedilink
              111 months ago

              Some of the changes in GPLv3 seem to address this type of behavior. There might be some narrow gaps that Red Hat is taking advantage of, but the folks at GNU at least made things harder.

        • @aranym@lemmy.nameOP
          link
          fedilink
          5
          edit-2
          11 months ago

          Yeah - even if it technically isn’t legal, GPL violators have a long history of getting away with it. IBM has a legal team that’ll scare almost anyone away.

      • @carlyman@beehaw.org
        link
        fedilink
        311 months ago

        I agree with the sentiment…but hard not to say this isn’t a clickbait title. Let’s not rely on rhetoric…let’s speak with data, details, and specifics to help foster actual discourse and constructive disagreement.

        • Geometric7792
          link
          fedilink
          1011 months ago

          You’re upset that the headline didn’t have data, details and specifics in it?..

          • @carlyman@beehaw.org
            link
            fedilink
            211 months ago

            I prefer to avoid clickbait titles and discussions around soundbites. If you prefer clickbait titles and rhetoric, so be it. I was hoping for something different.

        • @aranym@lemmy.nameOP
          link
          fedilink
          9
          edit-2
          11 months ago

          When most people think of clickbait, there is a disconnect between the content presented and the title. There is no such disconnect in this case. Your interpretation of the word is an outlier, and even if I agreed that it was clickbait, you still haven’t convinced me it is a bad thing in this specific scenario.

          • @carlyman@beehaw.org
            link
            fedilink
            011 months ago

            There is generally some truth to clickbait titles…and the more you agree with it, the less clickbait-y it seems. “Crushing blow” is unnecessary rhetoric in my view (and I’d bet 50 cents AI wrote it).

            I’m actually not arguing the intent of the article…rather just how I hope this community raises the bar in discourse.

            • @aranym@lemmy.nameOP
              link
              fedilink
              411 months ago

              We clearly have a disconnect here. There’s a reason I always put a quote to act as summary in the description of my article posts, they provide more detail than the title could. At the end of the day, I think providing the original title regardless of its perceived quality is the better option when these posts are glorified links anyways. (I assure you it was not from AI, The Register has pretty high journalistic standards.)

              • mack123
                link
                fedilink
                311 months ago

                As a very long time reader of The Register, I actually enjoy their headlines. They have always had a tabloid style to them. Even before clickbait was a thing and I have seldom been disappointed at the contents of anything I have clicked on. So agreed, a quality site.

                Arstechnica and The Register are my tow oldest daily reads.

    • lanbanger
      link
      fedilink
      1511 months ago

      It’s the literal title of the article. If you don’t like El Rog’s style, then jump in your time machine, head back to the late 90s, and ask Magee and Lettice to kindly knock it off.

    • Deceptichum
      link
      fedilink
      1111 months ago

      Can we also avoid idiots like yourself making stupid comments?

      1. The title is accurate

      2. Letting users pick their own title will lead to abuse and manipulation as users try to make a headline fit their narrative.

        • Deceptichum
          link
          fedilink
          311 months ago

          Don’t lie.

          You left reddit the same reason we all did, it’s turning to shit due to the admins.

          If you’d least reddit because you don’t like how people talk you’d have done so at any other time before this big event making us all leave.

        • @HughJanus
          link
          -111 months ago

          Bruh this is just Reddit 2.0. if you thought something would be different you were mistaken.

    • @aranym@lemmy.nameOP
      link
      fedilink
      3
      edit-2
      11 months ago

      Accidentally deleted my last comment… but a summary of what I had said, I don’t think it’s clickbait. This is an inflection point for the entire space and I actually considered changing the title because I didn’t think it properly expressed just how damaging it is. It restricts people receiving RHEL source, compromising existing derivatives and essentially closing off the possibility of any more. RHEL is an extremely influential distro, others will follow its lead. Also, it’s a copy and paste of the original title.

      If you think anything I’ve said here is incorrect or you have a different perspective, I’m totally open for discourse. Just don’t go around leaving negative comments without explaining yourself - I was hoping this community would be better than Reddit too.

      (Lemmy REALLY needs a confirmation box for that. Not the first time lol)

      • 13zero
        link
        fedilink
        211 months ago

        Frankly, I’m more concerned about the precedent this sets for the GPL.

        If Red Hat can do this, then there’s nothing (legally) preventing every other megacorp from ending public contributions to Linux and other GPL projects, forking them, and releasing them under restrictive contractual terms.

        Granted, not everyone would take their code private. Microsoft and Apple make some contributions to BSD/MIT/etc. licensed software even though they are not required to. However, I think we’d miss out on quite a lot of FOSS development.

    • @aranym@lemmy.nameOP
      link
      fedilink
      15
      edit-2
      11 months ago

      Most of their stuff is under the GPL. It’s a GPL violation to not allow their customers to share the source. I’m guessing they’ll reverse this decision (or selectively release everything they’re obligated to) within a week.

      • LeighM
        link
        fedilink
        English
        1411 months ago

        I have to image that their fleet of attorneys would have thought of this before hand.

        • @aranym@lemmy.nameOP
          link
          fedilink
          English
          7
          edit-2
          11 months ago

          I was confused they didn’t think of this either, but the language in the license is very clear. I see no way it cannot be infringing - the only way you can be restricted from redistributing GPLv3’d source is if you publish it incorrectly. If you override these rights in any way, you lose your license to distribute the GPLed software and it turns into piracy.

          That’s ignoring the variety of other OSS licenses used for software in their repositories, many of which have similar (or even broader) redistribution rights.

          Relevant GPLv3 language:

          Section 4. Conveying Verbatim Copies.
          
          "You may convey verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice; keep intact all notices stating that this License and any non-permissive terms added in accord with section 7 apply to the code; keep intact all notices of the absence of any warranty; and give all recipients a copy of this License along with the Program."
          
          
          Section 5. Conveying Modified Source Versions.
          
          "You may convey a work based on the Program, or the modifications to produce it from the Program, in the form of source code under the terms of section 4, provided that you also meet all of these conditions:
          a) The work must carry prominent notices stating that you modified it, and giving a relevant date.
          b) The work must carry prominent notices stating that it is released under this License and any conditions added under section 7. This requirement modifies the requirement in section 4 to “keep intact all notices”.
          c) You must license the entire work, as a whole, under this License to anyone who comes into possession of a copy. This License will therefore apply, along with any applicable section 7 additional terms, to the whole of the work, and all its parts, regardless of how they are packaged. This License gives no permission to license the work in any other way, but it does not invalidate such permission if you have separately received it.
          d) If the work has interactive user interfaces, each must display Appropriate Legal Notices; however, if the Program has interactive interfaces that do not display Appropriate Legal Notices, your work need not make them do so."
          
          • @aranym@lemmy.nameOP
            link
            fedilink
            English
            7
            edit-2
            11 months ago

            Another excerpt from the GPLv3 that explicitly describes and disallows what Red Hat is doing - you are explicitly not allowed to add any restrictions when you redistribute GPLv3 licensed software:

            If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term.
            

            …aaand an additional excerpt which disallows Red Hat’s restrictions:

            Each time you convey a covered work, the recipient automatically receives a license from the original licensors, to run, modify and propagate that work, subject to this License.
            

            (note: “original licensors” is not Red Hat regarding any software other than their own. Red Hat cannot change or infringe upon rights received from upstream.) and ANOTHER excerpt:

            If you distribute copies of such a program, whether gratis or for a fee, you must pass on to the recipients the same freedoms that you received. You must make sure that they, too, receive or can get the source code.
            
            • brie
              link
              fedilink
              English
              511 months ago

              What if they technically allow redistribution, but terminate access to recieving updates for doing so? So you can distribute a copy of version N, but if you do so you will not recieve version N+1, and therefore will not be able to get source code for version N+1. Not sure if this is how it is in their contract though.

              • @aranym@lemmy.nameOP
                link
                fedilink
                English
                2
                edit-2
                11 months ago

                It could be argued that is also a restriction disallowed by the GPL (in my mind any terms that bring negative consequences for expressing your rights given by the license are restrictions), but at that point it’s really beyond my expertise on this subject. I’m not sure if the GPLv3 even defines this at all - maybe Red Hat is banking on that ambiguity.

                • 13zero
                  link
                  fedilink
                  311 months ago

                  They might also be banking on GPLv3 contributors being unable/unwilling to take them to court. The Linux kernel is GPLv2, and its contributors are probably more of a legal threat than anything else in RHEL.

      • chameleon
        link
        fedilink
        1111 months ago

        SF Conservancy analyzed this and found that it’s probably legally OK, if very much on the edge of what’s allowed. RH doesn’t sue you for redistribution or anything, they ‘just’ terminate the contract and the GPL doesn’t force anyone to deal with anyone. It’s the same stupid model grsecurity applied some years ago.

        But regardless of legality, morally, this is just completely and utterly wrong. I’m not totally surprised post-IBM Red Hat went in this direction, but I’m disappointed and angry anyway.

        • @aranym@lemmy.nameOP
          link
          fedilink
          311 months ago

          I find it interesting that even the conservancy can’t really say whether or not it’s OK legally definitively. Here’s hoping someone still takes them to court over this, wins, and sets precedence that it’s a violation of the GPL (extremely unlikely, but a guy can dream)

          I remember people talking about potential scenarios very similar to this when Red Hat was acquired. They were right.

      • aard
        link
        fedilink
        111 months ago

        The problem here is not the source of the applications, but the source of the package build scripts - which in big parts are RedHat property.

        RedHat must provide you the sources - but for that it is sufficient to give you the source of whatever is packaged. In the past commercial distributions just fulfilled that requirement by dumping source packages, which have the source as well as the scripts required to build binary packages. They do not have to provide you with the build scripts.

        The problem with RedHat is that many companies certify their stuff to work on RedHat - so for that to work without running into the occasional obscure problem you need to build the sources the exact same way as RedHat is doing. That’s what CentOS used to do until version 7, and that’s what currently some other distributions are doing. Without the build scripts it’ll be next to impossible to do that - you’d pretty much have to duplicate the RedHat engineering team. But it is completely legal, as they own the scripts, and since they’re completely separate from the application itself don’t have to be GPL.

    • @copolymer__@lemmy.one
      link
      fedilink
      111 months ago

      AFAIK, the source is still available with a free Developer License from Red Hat. Still annoying AF, though.

      • 13zero
        link
        fedilink
        311 months ago

        What stops one person with a free account from mirroring the source?

        • quaddo
          link
          fedilink
          6
          edit-2
          11 months ago

          From TFA:

          Some commentators are pointing out that it’s possible to sign up for a free Red Hat Developer account, and obtain the source code legitimately that way. This is perfectly true, but the problem is that the license agreement that you have to sign to get that account prevents you from redistributing the software.

          So although the downstream distros could still get hold of the software source code, they can’t actually use it. In principle, if they make substantial modifications, they can share those, but the whole raison d’être of RHEL-compatible distros is to avoid major changes and so retain “bug-for-bug compatibility.”

          Of course, they could take a “publish and be damned” attitude and do it anyway. At best, the likely result is immediate cancellation of their subscription and account. That could work but will result in a cat-and-mouse game: downstream distributors continually opening new free developer accounts, and the Hat potentially retaliating by blueprinting downloads and stomping on violators’ accounts. It would not be a sustainable model.

          At worst, though, they could face potentially getting sued into oblivion.

          ETA the full context.

          • RandoCalrandian
            link
            fedilink
            411 months ago

            How are those licenses not in violation of GPLv3, which explicitly prohibits all forms of “restriction” on redistribution?

          • 13zero
            link
            fedilink
            211 months ago

            Got it.

            I don’t see how that could comply with the terms of the GPL.

            • Jeena
              link
              fedilink
              111 months ago

              I don’t think all the code there is GPL. A lot of it is MIT, BSD, Apache, etc.

        • @copolymer__@lemmy.one
          link
          fedilink
          111 months ago

          Idk, I don’t think they’re trying to kill downstreams. IMHO, they’re just cleaning things up. Why should the RHEL source be in the CentOS repos?

  • lanbanger
    link
    fedilink
    711 months ago

    I work with (big, enterprise) customers who are actively migrating away from RHEL where they can. There are lots of free OSS alternatives that are enterprise-grade. Even Amazon Linux is gaining traction, especially in the cloud.

    • Jon-H558
      link
      fedilink
      411 months ago

      Yep reminds me of the sudden rush to adoptopenjdk when jre went stupid and were charging enterprise per instance, I hear they have changed back now