cross-posted from: https://lemmy.ml/post/274345

Reading the rather disturbing (albeit refreshingly honest, compared to some other distros) answer to the FAQ “Can Slackware be recompiled from scratch?” got me wondering…

GPLv3 says:

The “Corresponding Source” for a work in object code form means all the source code needed to generate, install, and (for an executable work) run the object code and to modify the work, including scripts to control those activities.

GPLv2 says something similar:

The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable.

In the absence of reproducible builds, how is it actually legal for third parties (not the copyright holder) to distribute binaries of GPL-licensed software?

Even if I have the corresponding source code and precisely the same build environment that the distributor built a binary with, if the build process is not reproducible then I cannot actually generate precisely the same copyrighted work in object code form which I’ve received.

The GPL doesn’t seem to say anything about how distributing source code and build scripts which can generate a different-but-effectively-equivalent(-but-not-easily-verifiably-so) binary being sufficient to comply with the source code requirement.

So, how is distributing these binaries not copyright infringement?

(Obviously in practice everyone agrees that it is OK to distribute non-reproducible binaries, since most everyone does it, but the answer “the entire free software community just seems to agree that slightly violating the GPL is OK because reproducible builds are too much work” is pretty unsatisfying.)

I think the idea is that downloadable binaries are merely a convenience, but that might be a holdover from a more innocent time.

Arthur Besse
creator
link
fedilink
23M

downloadable binaries are how the overwhelming majority of currently-running programs got distributed; it isn’t merely a convenience, it is the status quo. (and, I don’t think that should change - it would be a waste of time and energy for everyone to run source-based distributions and need to compile everything themselves. i just wish the binaries were reproducible so that we didn’t need to rely on build infrastructure remaining honest!)

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

  • Posts must be relevant to the open source ideology
  • No NSFW content
  • No hate speech, bigotry, etc

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

  • 0 users online
  • 13 users / day
  • 33 users / week
  • 116 users / month
  • 400 users / 6 months
  • 5.37K subscribers
  • 1.37K Posts
  • 4.96K Comments
  • Modlog