 Next is Tom Spott. Callaway. Hi, everybody. So I have like 20 minutes to get through. It's about 45 minutes worth of stuff. So I'm going to talk really fast and try and take some questions at the end. So if something sounds really strange, it's because I'm lying, and you can just embrace that and roll with it. Is that your official looking? Yes. So you can't have a legal talk from somebody that's not a lawyer without having a proper disclaimer. So I'm not a lawyer. I work with them, but I'm not one. So nothing in this presentation. Written or spoken should be construed as legal advice. If you take it as legal advice, that's on you, not on me. You're screwed. I'm not. While I work for Red Hat for 16 years now and are occasionally allowed to speak on behalf of my employer, nothing in this presentation represents Red Hat's stance on anything. Opinions, ice cream flavors, nothing. So I'm co-posting about this on slash.me. Like Red Hat said this, because that's not what that means. All right, though, the past. None of these pictures are loaded. Okay, this is going to be less awesome. Let me find the PDF. Half of my presentation is pictures. And thus, how do I get this to go? Thank you. All right. All right, screw that picture. So in the long, long ago, there was a thing back when dinosaurs roamed the earth called Red Hat Linux. Some of you may be old enough to remember this. For those of you, I'm sorry. But Red Hat Linux was a thing. And then Red Hat decided at some point they didn't want to do Red Hat Linux anymore. They wanted to make money because we weren't making any money. We were selling hats and making more money than we were off of Red Hat Linux. So for all of you who bought a box copy of Red Hat Linux, you made us lose money. Thank you. And Red Hat developed this all entirely in-house. It was all, yes, it was open-source software, but the work that went into it was all done by people that worked at Red Hat. So we would take Apache, we'd bring it in-house, we'd put our patches on it, we'd put it into Red Hat Linux, we'd ship it out the door and we'd support that. When we stopped doing Red Hat Linux, we thought we still want to do something like Red Hat Linux, it's a community. This is a picture of the actual Fedora community. And we wanted them to be able to have a say on what this new Linux looked like. So this new Linux got called Fedora. And so we took Red Hat Linux and we put it in a cocoon and we said it's going to become something beautiful when it comes out of the cocoon. And it came out looking kind of like this. But eventually it looks like this. But for right now in the past it looks like this. So we have this thing and we want the opportunity to let the community decide what goes inside of it. And so we say to the community, we say, okay, you have a little more input into what goes in and what doesn't go in, what color things are, what patches are applied to this. We're going to give you some free rein. But we can't just give you complete free rein. So we created this thing. And no one's quite sure who created this. It is lost in the sands of time. But we created a tag in our bugzilla, which is our bug tracking system. And we said this is FE legal. FE standing for Fedora for some reason, you aren't sure that something should be in Fedora or not. You ought to tag it FE legal. And everyone assumed that someone was looking at this. Because when this was in-house, everyone was looking at this, presumably. And in reality it's just more like this lovely black hole with an name FE legal on top of it. And so at the time the Fedora project leader kind of asked around the people and said, hey, so somebody should probably look at this black hole and figure out where all these things are going and who's handling them. And when we figured out that no one was handling them, I got volunteered to handle them. So when I started looking at these things and I asked the legal department, I said what should we do about these 175 open tickets blocking a bugzilla thing that no one has looked at since they were ever filed during the creation of Fedora? And they said, I don't know. And I said, aren't you the lawyers? Aren't you supposed to be able to tell me what's going on in this? And they were like, well, it's a community thing. You can make the rules. And I was like, really? And they were like, yeah, you can. But maybe you should run those rules past us first. And I was like, all right. So we're making rules. I said, rule number one needs to be free software. We thought about making it needs to be open source. But then everything that was open source was free. And some of the stuff that was open source that was non-free was kind of sketchy and weird. And so we were like, all right, screw that. Free software, we're just going to go with that. And then people were like, that's an awesome idea. And then my internet doesn't work. And we were like, huh, well, wireless might be a nice thing for people to have. Because at the time, pretty much every single wireless chip set in existence, except for that one that was in like two laptops in China, needed firmware to be driven. And so we were like, well, we really don't want to be that distribution that everyone used to use says, well, we used to use that before wireless. And there was enough freeze in freedom distributions that were out there that didn't work on anybody's wireless chip sets that we thought we didn't need to add another one to that collection. So we made it sort of a broad decision as a community that we did want wireless support. So we amended this rule to say it needs to be free software except for firmware that's needed to make free software work. And that has been one of the most controversial points in the history of Fedora. But the fact that everyone on Fedora is using it with wireless today means we probably made the right call. Maybe someday in the future we'll be able to say, hey, all these wireless chips sets don't need this firmware anymore and we can drop that rule. We'd be very happy to drop it. We're not big fans of it. But that's the biggest bone of contention between Fedora and the Free Software Foundation. So the second thing is, this was when the lawyer showed up and said, can we see a look at that list of rules you're generating? And I said, sure. And they said, it needs to be something that we can actually distribute. So what about the community? They're distributing. And then it taught me very clearly that Red Hat is still the legal distributor of this thing that the community made. The community stood around dumping things in the pot and stirring it. And then they handed it to Red Hat and said, give it to the world. And then Red Hat says, I will give it to the world. And so we had to make sure there wasn't, like, dead bodies in there and stuff. And because Red Hat is an American, wait, that's not the right picture for America. Here we go. Because Red Hat is an American, we have to make sure that we actually comply with US laws as crazy and wacky and stupid as they are. So compliant with US laws, this is things like, you know, say, the DMCA. And yes, the DMCA makes me want to feel just like this on the inside and know it makes everybody else feel like this, but we still have to comply with it. So, all right, so this is the rule. It has to comply with the laws. This includes things like patents. So patents, bad, Red Hat, lots of money. People come and say, hey, once you're money, Red Hat, we would like that. And we'd like to not have to do anything legitimate to get that money. So we're going to sue you over patents that we found or we bought or we made up and stuff like that. If you haven't looked through the interesting case law data from the Sun trial in which Sun admitted on the stand that they had a team of employees that were doing nothing other than competing with each other to try to make the worst patents they possibly could. Yes, patents, garbage. But we have to step away from that because no one's going to sue Debian. Because if you sue Debian, you will get exactly $0 in return and your lawyer will still have to get paid. Whereas Red Hat, if you sue Red Hat and you win and there's some money in it for you and Red Hat goes away and we're all very sad about that because I don't have a job. So we need to not infringe known Red Hat, known patents. Now I mean careful with the wording on this because I don't want to turn into a walled spot saying we're all good with this and all that sort of stuff because I firmly believe that there's a high probability that everything we do including breathing is infringing a patent. And so we have to be careful in the way that we act such that when we know something is patented and I will give a specific example, MP3. When we knew MP3 was patented and they told us, hey, this is patented, this is the patent pool and this is how much it costs to join the patent pool, that we were like, well I guess that's patented, I guess we can't ship that now. So the last thing we did was we wanted to make sure the lawyers were very interested in making sure that we respected Red Hat's trademarks. This was in an early sort of proto stage for Fedora in which there was still a lot of the community who knew things like take the Red Hat logo and paint it blue and then say that's the Fedora logo and people were like, no we can't do that, that's not okay. And so when we were thinking about this process we decided that we wanted to go a step beyond what we were obligated to do by law in Fedora because if we want people to respect the Red Hat and the Fedora trademarks, we really want to respect all trademarks. And yes, it is the burden of the trademark holder to come and tell us, hey, stop putting Mario themed games in your distribution. We decided it would be easier just to have the community say we're not going to let these sorts of things in. If it's a clear trademark infringement or if you think it might be trademark infringement, ask and we'll figure it out and we'll go from there. And the community has really taken on that pretty well and we think that that's made it more likely that people are willing to respect the Fedora trademark. Now, we start looking at the bulk of these tickets in this black hole and a lot of them were these license tickets and what happened was we inherited a lot of packages from Red Hat Linux. Red Hat Linux used to have this thing called Contrib and Contrib was this FTP server where if you made a package you could shove it in there and people would be able to use it against Red Hat Linux. And so when the first thing, when Fedora sort of opened up a lot of people took these old packages from Contrib and shoved them in there and said, now they're in Fedora and we all like them, we're happy about this. Because, you know, it's old decisions like we're only going to ship Sendmail, we're not going to ship any other SMTP demons. And then a whole bunch of these other SMTP demons showed up and they had license tags like Distributable. What does that mean? How can I know if that's compatible with something else? And so we started going through people were like there's no actual license tag, we found one package in Fedora that said something like license okay. And we were like, it looks good to me, let's ship that. So we had all these licenses and so we had a list of this isn't actually the right picture. This is closer to the right picture. The number of licenses we started discovering we started pulling back and doing audits and sort of tearing into this and this still didn't happen overnight. This happened over a long window of time. So we started generating a list giving each one an identifier and saying these all going in name. At this point in time we have more than 350 free licenses that were tracking in this list including 16 BSD variants and 34 MIT variants. And quite frankly I found about five more MIT variants but I can't stomach putting them in the list anymore so I stopped adding them. So and then we started saying okay now we've got this license list, we've kicked all the obvious garbage out, we've got a standardized way of marking things so people don't write random garbage in the license tag field on packages. And then Red Hat Legal showed up and said you need to have a CLA on this and we said well we don't really know what you're asking for so we set up our whole Fedora infrastructure for contributing around this concept of having a CLA and then I started noticing as I was getting emailed to legal at fedoraproject.org that people would be like I don't understand what I just agreed to and I'm not comfortable agreeing to this, I really want you to explain this. And what was happening was we also started getting companies that wanted to participate in Fedora as it started to be more successful and they would say things like I'm not willing to agree to these terms and I would say why and they would say I'm not willing to agree to these terms. And it was not a very productive arrangement there and then what finally we boiled down by asking a whole bunch of people that weren't willing to agree is that most of them thought it looked like a copyright assignment which they were really uncomfortable doing. They didn't want to give Red Hat copyright because they knew Red Hat made money. They didn't know we didn't make any money off Fedora but the thought was I gave you something cool, you put it in Fedora, you make a whole bunch of money, I make none of that money because you gave me the copyright. And that wasn't what it was ever intended to do but enough people were confused by this that we were like all right let's redo this. We massively simplified the terms and we said look the only thing we really care about is to make sure that we have what we get from our contributors under a free license. We don't even really care what the free license is, it can be any of the 350 on there but most of the people who are making contributions were doing it in small little corner areas, nothing too big, nothing too large but it was still copyrightable, we still wanted to have a safety that just in case somebody showed up and said hey that spec file that I wrote for that package 10 years ago is now under a proprietary license and you owe me money. We set it up such that basically it says if you give us something and you don't put a license on it you agree to let us use it under a free license. If it's software you agree to let us use it on their MIT, super permissive, compatible with everything. If it's content you agree to let us use it on their Creative Commons license, compatible with everything. And everybody was like that's cool, I mean we even got to the point where we took this to the federal government and the government was like as long as you opt out all federal government employees from having to pretend they own copyright we're good with it and that's why we got to this. So that was where we got to. And in the course of the life of Fedora we've accomplished a couple of really interesting things. We were responsible for fixing the SGI freebie license, making XORG finally free. One of the dirty little secrets of XORG is that it had this giant chunk of code inside of it that was non-free and everyone knew about it, Debian knew about it, Gentoo knew about it, everybody knew about it but everybody was just like we kind of like having graphics so we're going to keep going with this. And we just finally pushed through until the freebie license, the or later clause and they said the MIT is actually version 3 of the SGI freebie. And so everybody triggered over to MIT and all that went away. We can then sun to drop the nuclear clause for most of their Java licensing making it actually free because it had clauses like you can't use this on a nuclear submarine not that we really want to jump on a nuclear submarine to start with really. But and then we re-licensed most of the artistic one only modules in C-Pen and dropped from Fedora what we couldn't fix which was about five. Most of the vast majority of them were like oh that license isn't what you like we'll move to the new one or we'll just move to the same license as the rest of Pearl. And so that, you know, six months of my life I'll never get back but we got a lot of that done. We also worked with TechLive to identify and remove all the non-free components. TechLive is like an onion that you keep peeling back layers and you keep peeling back and keep peeling back and keep peeling back and then there's a guy from 1983 living inside there and he's like could you put those back, I'm in here. So we went through and identified all the non-free components inside TechLive which took forever and then upstream I had this great email in my archives this is basically one of the head maintainers of the time from TechLive and he said do I really have to get rid of these things? Yes, you really have to get rid of these things. So, you're welcome. We also helped a lot of smaller projects to resolve licensing issues. People started to recognize that hey Fedora's not messing around with this license stuff and they started coming to us and saying I wrote this new license and I think it might be and I'll be like stop and then we got a lot of those fixed. We worked with them to resolve compatibility issues and we also fixed a lot of fonts. There was a lot of fonts that were out there that were in common use that weren't just not under free licenses and a lot of times we were the first people that had ever asked this font author hey is there any chance you'd be willing to put this under a free license and he was like oh, that matters to you? Okay, sure, whatever and this was just like Debian and kicked half the fonts out at one point and we just went through and asked every single one of them and they were like sure, whatever. And then we also centralized the Fedora trademarks and we knew that people wanted to be able to take Fedora and rebrand it and re-spin it and do all sorts of stuff with it and so we said all right fine, let's make it easy for people to do that if that's what they really want let's make their lives easy. So we took all the Fedora trademarks, we got rid of all the Red Hat trademarks and we put them all in one package and said hey, you delete this package we even made a package that replaces this one that has no trademarks in it and it was originally intended like a template but people were like hey, now I have generic Linux and we're like oh, okay, generic Linux hey, that's what you wanted. So here it brings us to the present. So these locks represent cryptography and because I couldn't think of anything else better to represent cryptography but we spent a lot of time trying to get ECC back into Fedora because we know a lot of you don't like the NSA reading your email and we thought it would be nice if we covered as much as we could and so this is a long drawn out process to determine when the Red Hat legal team would be comfortable with this going in. The net result is today in Fedora we have all the curves in Suite B plus like P521R1, 256K1 which is the Bitcoin curve the ED25519 curve which was never encumbered by anything just nobody ever asked about it and then this P2214. This took six years for the base functionality to come in and ten for all the curves. So it's one of those things where it's just having to convince people that yes, these things are not as risky as you think they might be and then some things happen in those space that made them less risky over time but it was to say Fedora has ECC now so that's a better thing for us. And then music, music's another big thing. People have been asking us why don't we have MP3 for years. It was because it was obviously patented. The patent holder was making a lot of noise about charging everybody for patents. They were rating conferences and stealing MP3 players that hadn't paid for the patent licenses. So we finally were able to enable decoding functionality because enough of the patents in that pool expired. And encoding is still legally problematic because there's still unexpired patents in that space. I can say all of these things because they have a very public, very obvious patent pool. You can go on their website and see exactly which patents are still alive. The Red Hat desktop team did a lot of the work on this too. It's one of those projects where we've been tracking it on and off ever since they told us to take MP3 out. Fun fact, I have a lot of dates in my calendar for when patents expire and it triggers little alarms and so some days I'll wake up and a patent will be expired. It's going to be a good day. We can add something to Fedora. So people always ask me what's coming in the future. So there's a couple things I'm hoping to see in the future. S3TC. Yeah, that patent that makes it so that when you try to install Steam on Fedora and it installs all happy and then on your games work S3TC. That patent expires on October 2nd and so that's another alarm on my calendar super pumped about. MPEG-1 video, we're investigating that, see if that's possibility because that is old, old, old and we think there's a very low likelihood there's anything still infringing in that space and because MPEG-1 video and MPEG-2 audio are so closely tied together we think we'll probably be able to get both of them at the same time. G729 audio is telecom codec. Earlier this week the patent pool holder released a statement saying that enough of the patents that expired that any patents that were still in the space they weren't sure even existed but that they were releasing the rest of them under a royalty free license and so we should be able to get that in cleanly but again all these things have to go through proper processes so I can't just go and just commit. SPDX Fedora has been talking about that for a while upstream adoption is vital for the full chain of trust for the SPDX complete that's not happening yet and we'd love to see that happening but it didn't happen yet so we support you good work keep it up we'd love to be there but we're considering the value adopting the SPDX license identifiers in the Fedora packaging metadata a couple of other distributions have already done that the biggest problem for us is that we have so many BSD and MIT variants and this is going to make it really hard for us to go through we're going to have to do a package by package file by file audit of every single thing in Fedora to make that accomplished and quite frankly this is why I drink so that's a whole bunch of Fedora legal history past and present in a tiny little presentation are there any questions about anything I can answer about Fedora for you I'm happy to take them now so many things all right if you have any Fedora legal questions I can be found at legal at fedoraproject.org you feel free to send me I will not help you with your divorce but other than that I would be happy to help you out people must have a question yes I knew there was a question this is not courtier your presentation but do you have a shared copy of your patent expiry calendar that you that you publicly keep you're not the first person to have asked that question I I asked Red Hat at one point about that and they were like don't you do that that's a proud idea so no sorry alright thank you enjoy Faustin thank you very much