I want to be clear on my bias here: I firmly believe that open source would not be a ‘thing’ if it weren’t for Red Hat. Linus Torvalds himself once said (albeit 10 years ago) that the shares he received from Red Hat before their IPO was ‘his only big Linux payout’. I don’t think anyone would disagree with the statement that Red Hat has had a major significant positive impact on Open Source across the world.
This morning I listened to an excellent podcast called “Ask Noah” where he interviewed Red Hat’s Mike McGrath who has been active on the linux subreddit and other social media. It seems that Mike has been involved in the decision to restrict Red Hat’s sources on git.centos.org:
https://podcast.asknoahshow.com/343 (listen at ~20 mins)
It’s really worth a listen. Mike clearly lays out the work that Red Hat (I was surprised to find out that it is NOT the Rebuilders) does to debrand the Red Hat sources, why they’re pulling that back on those unbranded sources, and that they understand the ramifications of doing so. It’s also interesting that Mike is of the opinion that there is nothing wrong with doing a Rebuild, and he defends them by stating “that’s the cost of doing business”. Noah and Mike go into many of the nuances of the decision and again, it’s really worth listening to. Mike also talks about “bad faith” when dealing with the Rebuilders at 40:30, which I think explains Red Hat’s decision. I got the distinct feeling he’s bound by some ethical code so he won’t/can’t say too much though.
There’s also this discussion about Rocky Linux securing a contract with NASA:
https://news.ycombinator.com/item?id=36417968
that had a lot of internal discussion at my company this week, which given what’s just happened may shed some more light on Red Hat’s decision.
There are always two sides to every story but in this case there are three sides to this story.
On one side, you have Red Hat, a long time champion of open source software, that has poured billions of dollars into open source development, and which has 1000s of employees who not only on ‘company’ time but in their own time manage, develop, contribute, and create open source code. They have funded countless successful and unsuccessful projects that we all use.
Against Red Hat are two largely distinct groups. The first is the Rebuilders themselves, who Red Hat has claimed ‘don’t offer anything of value back to the community’. This is not meant to be a statement on the usefulness of the rebuilds (Rocky, Alma, Oracle, etc.) but rather a very directed statement on whether or not the rebuilders are providing bug report, feedback, and contributions to the packages that Red Hat has included in RHEL.
The second group, which stands somewhat behind the Rebuilders, are the Rebuild users. One could argue that the users are caught in the middle of Red Hat and the Rebuilders, however, I think it is better to look at them as being an equal ‘side’ in this discussion.
The Rebuild users are in a very unfortunate position: they’re about to lose access to a free product that they’ve come to depend on. They are, as expected, unhappy about Red Hat’s decision to stop providing access to RHEL sources. My next statement is callous, and I expect it to be read as such: You get what you paid for. That is not meant to indicate anyone is cheap, it’s just that you shouldn’t have expectations when you are using something for free.
Here’s the interesting part for me. As far as I can see, none of the users are jumping to the Rebuilder’s defence of Red Hat’s accusation that the Rebuilders provide nothing back to the community. And, as far as I can tell across various social media and news platforms’ comments sections, largely the user community AGREES with Red Hat’s position. Informed users – not all users – are using a RHEL Rebuild knowing that there is no benefit in doing so for the community.
I have yet to read a reply from the Rebuilders where they categorically deny that this is the case. And to me, that’s glaring and damning of the Rebuilders’ position. Even the ‘defenders’ (for lack of a better word) of the Rebuilders have yet to provide a response.
GPL explicitly states you can’t have additional restrictions on redistributing the source. Arguably having a support contract that explicitly says you can redistribute the sources to GPL software seems problematic and a likely GPL violation. That is the problem.
I’m not an expert on the GPL and I’ll go out on a limb and assume you’re not either. But it certainly seems like experts have weighed in and have said what Red Hat is doing is valid under the license: https://sfconservancy.org/blog/2023/jun/23/rhel-gpl-analysis/
[Edit: valid. Although I admit, like many others, I am uncomfortable from a ‘spirit’ of the license point of view.]
I read that same link and took it to mean maybe RedHat is violating the GPL. Only way to know for sure is to go to court, which involves risks to both sides. The more I’ve thought about it the more unsure I am.
I am uncomfortable with the direction they’ve taken and fear this will start up another round of open source license proliferation, but hope not. That has never been helpful for open source and only served to make business hesitant to use it.
Did RedHat add that restriction? GPL requires source to be distributed along with binary, but the distributor can still decide who to distribute things to. If the only way to access binary is through being a paying customer, I don’t see why RedHat can’t say only paying customers can get access to source.
What’s the GPL violation in that, or did I misunderstand RedHat’s new policy?
From GPL 2.0: https://www.gnu.org/licenses/old-licenses/lgpl-2.0.html
It has been reported that the support contract from RedHat says you can’t redistribute the source you receive as part of being a paid customer and they reserve the right to cancel your support contract. The above says you can restrict someone’s rights granted by the GPL. I’m not a lawyer, but lawyers who deal with open source say this might violate the GPL. I’ll defer to them, but wish I had saved some of the links I’ve been reading.
Where is the report? I mean yeh if that’s what RedHat said then they have chosen the path of getting sued to oblivion, but that’s not what the initial argument is about, and that’s also not what Rocky’s new path forward indicates. (https://www.phoronix.com/news/Rocky-Linux-RHEL-Source-Access)
I responded to only one part:
GPL might be violated with what they are doing, so people are pissed about it all and calling RedHat names. When IBM bought RedHat some people predicted doom, the end of open source, that RedHat is now destroyed, etc., etc. Probably some of is those same people coming back out and yelling “TOLD YOU SO!”. They are just stirring the pot to make themselves feel better. The sky is not falling for open source, things are just changing. If the GPL is being violated it will be figured out and fixed, just might take awhile.
Unfortunately I didn’t save the links, like I really wish I had. Alma, Rocky, and Lemmy posts have linked to them. I’ve been reading up on this since last week as it could affect my job and I’ll need to provide my profession recommendations at some point. Right now my advice is to wait and see, but be prepared.
So the issue comes as if you redistribute then you are effectively removed as a customer. Not directly a GPL violation but in kind of bad taste.
Did RedHat say that? This is a pretty problematic statement so I would really love to see the exact text in which they set their position.
https://almalinux.org/blog/impact-of-rhel-changes/
Jesus. Now I understand why Rocky Linux’s path forward looked a little cumbersome.
Thanks for helping me finding that text!
It is still futile, but thinking about it in this term really does leave a very bad taste. Like, I could respect them for saying “we gotta make money so we will only ship source to paying customers.” I can’t respect them for doing this dirty little trick that doesn’t actually work. Makes them look stupid.
It does seem that both Rocky and Alma could have done more to work with Red Hat though, such as recommend Red Hat as the enterprise support (rather than roll their own) and have a script to help convert Rocky or Alma to RHEL etc.
Although I do feel that Oracle are the worst of the players and possibly the main issue.
Interestingly the “workaround” Rocky has put into place is to spin up a RHEL based cloud image/container and grab the SRPMs from that. Cheeky but very legal in terms of the GPL.