 This talk is GPL version 3 and Debian, and your lovely presenter here is Don Armstrong. Okay, thank you. So what I'm planning on talking about today is giving you guys a brief introduction for the first 30 or 40 minutes or so about the GPL version 3. Actually, let me rephrase that, the current draft of the GPL version 3 in about one month's time. There will actually be a second draft being published. Our deadline was last night for getting in revisions, and I'll explain how that works in the process of the talk today. So everything, though, that I'm saying is in reference to the current draft. The current draft is not going to be exactly like the final draft, which will be published in about seven months time. Of course, at any time during my talk today, please feel free to interrupt and ask me questions, badger me, call me an idiot. That's fine, I don't mind. It is. Thank you. It feels like Debian legal already. So let's see if we can get going here. So this is just the brief over line of where I'm going. So I'm going to introduce stuff, which I've just done. I'll talk a little bit about the draft itself and the community review process, so how that works. What your job is in reviewing GPL version three, what my job is, what the FSF's job is, what Richard Stallman's job is. So you guys kind of have an idea of what's going on there. I'll talk a little bit about the current draft, some of the major things that I've seen in the draft that have changed that I think are interesting. Then I will talk about some of the issues with the current draft, some of the problems that other people have had that I don't have, some of the problems that I have had that other people may not have, and some problems that probably none of us have because we don't own them, but I'll talk about them anyway. And then I'll conclude. And if at any point you actually want to see the exact text of a specific section of the GPL in this slide, one of the reasons why this talk has like 130 slides is because the actual text is in here. So we can actually go to the text if you want to see it. So just again stop and let me know and I'll be glad to show it to you. So first off, again, this is a kind of historic process. This is the first time in 10 years or so that the GPL is being revised. For people like me, I actually haven't been involved in free software since for almost that long. So it's actually a really important time. The license is probably not going to be changed for the foreseeable future. Well, hopefully it will not be changed for the foreseeable future because it's an incredible amount of work to do. So in this brief period of time, I hope you guys are all taking part. And so the changes to this license are going to affect a lot of software in Debian that is currently under the GPL. A lot of software in Debian is currently licensed under GPL version 2 or later. And so it's quite likely that some of these works are going to transition to being licensed under GPL version 3 or later. And some others like the kernel may just stay at GPL version 2. So what actually gets into version 3 is going to affect the works that are present in Debian, their compatibility with other software works, what they can link with, where you can copy code from into. So all that is going to play an important part. Obviously it also affects the free software community in general because as some people have noted, the GPL version 2 and the GPL in general is really kind of a constitution or a microcosm of the statements of the free software community. Granted, it is a license. It has legal goals that it has to attain. But a lot of the things that are enshrined in it, the freedoms that it tries to protect are freedoms that the free software community in general feels are very important. I mean, a lot of the freedoms in there are also preserved in our Debian free software guidelines. So it's an important part of the free software community in general. I've already told you that it's important to Debian, so you know that. And so, again, I'm going to talk about the process behind the license, review some of the changes, and then the issues that I've picked up in the license. So there are three major components to the review of the license. There's the community. You guys are the community. Everybody is the community. RMS is the community. I'm the community. You're the community. We all are the community. So everybody who's in here, who thinks about free software, programs with free software, uses free software, wishes they use free software, you're part of the community. And so you need to pay attention to this section. The next group are the committees. I'm actually on a committee. There are four people who are involved in Debian on committees. And I'll talk a little bit about what the job of the committees are. Committees basically are effectively glorified secretaries. We have no power. Our job is just to analyze what the community says and do stuff with it, and I'll explain how that kind of works. The third prong of this license job is Richard M. Stallman. So his job is to take the input of the community as filtered by the committees and then make changes to the current draft of the GPL and to come up with new drafts of the GPL. So his job is to make decisions based on the input provided by the committees. And I'll talk a little bit too about how that's going to work. So I've said you guys at the committee. So your job, and hopefully some of you have availed yourself of this, is to make comments on the current draft of the GPL. So if you go to gplversion3.fsf.org, and I actually have showed you it right now because wireless is down. I can't quite do that for you. If you go to gplv3.fsf.org, you can actually make comments on the current draft of the GPL. So you can select the text that you think is wrong or is really cool or has something that's kind of unfamiliar to you about it. You can type in a quick comment and it goes out and hopefully committees are able to check it. I personally have an RSS to email feed that takes all the comments that get made, sends them to me in an email so I can actually view them since I'm not much a fan of websites. But hopefully the committees are checking them out. Your job again is to make comments on the draft. In your comments, if you see problems, or if you find problems that other people have identified, some of which I'm going to talk about today, if you think of good suggestions or ways of fixing these problems, you should file your comment and indicate that you've got a suggested change to the language of the GPL such that it actually fixes the problem or at least comes close to the fixing the problem. So you don't need to be an attorney to do that. Your work, of course, will be checked by people who are attorneys. So you don't need to worry too much about whether it's legal or not to do it. Just go ahead and make a suggested change that preserves your freedom as users. And again, we're also asking, the committees are asking selected individuals who are experts in certain domains to advise the committees. So attorneys who are experts in certain areas of law, we've been asking them to advise the committees. Of course, attorneys who aren't on committees, well, actually all attorneys who are involved in free software are also part of the community. So they're an important part of this process as well. Also, people who are expert, for example, in DRM authentication and also developers who use free software are also expert in domains and the ways in which they use free software. So in specific instances, we've been asking for directed help from people in the community on the committees. So there are currently five committees. So the first committee is made up of distributions. So we have two people on this committee. Brandon Robinson is representing Dubbian and Greg Pomerance. I don't know if he has actually made it yet. So I had hoped originally to have this more of a round table and to have Greg and Brandon here as well as Benjamin Manco Hill with me as well. So I didn't have to talk to you all day. And we could argue amongst ourselves. So both Brandon and Greg are on the distributions committee. The committees aren't, this is sort of the original way in which they were organized. They actually have cryptic names like committee A, committee B, committee C, committee D. But effectively I've told you what the general makeup of these committees is as I see it. So there are other free software distributions here and major projects as well are in this group. The second group is really the projects. So some of the smaller free software projects are there. The third group has the companies. So these are the large companies like Hewlett Packard and Tell Sun who have a vested interest in what free software is doing. So they have interesting meetings and they have attorneys that they've appointed to sit on this committee. So it's kind of interesting actually to sit in and listen to Evan Moglen explain to the corporate lawyers exactly how free software works and why it's important and what they should be doing. The fourth committee is the committee which I and Mako are on, Mako and I actually. And so this is the randoms as Evan, well I like to call it, I'm not sure if Evan has called us that. But it's basically people who are involved in free software who for whatever reason appear to be heavily involved in licensing and free software legal issues. So I was asked to join that committee as well as Mako. So we've been involved in that particular committee. So we actually have four people again in Debian who are on these committees. The fifth committee I'm actually not sure if we have anybody in Debian on it. I haven't quite figured that out yet. Is the international committee. So because the first conference where these committees were set up was took place in Boston. There's necessarily a U.S. oriented tilt to the committees. So while there were quite a few international people on each of these committees and the FSF tried as hard as it could to bring international people. It's definitely not as wide ranging as it should be. And of course the GPL is an international free software license. It's not a license only for the United States or only for North America or only for countries that have a legal system that allows them to understand English free software is universal. And so we need a license that can scale and be universal as well. And so we need people who are expert in different law systems or are members of different communities around the world to help in the process. So our job as committee members is to identify issues from comments. So all the issues I'm going to point out to you today are actually comments. So if you go to my subversion server it's svn.donarmstrong.com slash Don slash Trunk or sorry. Yeah slash Don slash Trunk says projects at CPLB three slash issue underscore mailboxes. You can actually see all the issues that I think are important in the comments that I've separated out into mailboxes. So what we do is we get comments in I stick them into mailboxes other committee members do whatever they do. And if we think an issue is interesting or important then we bring it to our meetings and we say hey OK. This part of the GPL a bunch of people are saying that there's a problem. I think I agree with them. There seems to be an issue. It's not clear. I don't like what the GPL version three says. It conflicts with the DFSG. Evan was an idiot when he allowed this. I was an idiot when I read it something like that. So when we identify those issues then we bring him and our job then is to take those issues. And make recommendations based upon them. So so we take your comments steward them massage them make sure that your comments cover as much of the area of the issue as possible. And then hopefully make recommendations based on those comments for changes in the GPL or at least help Richard understand the full concept of the problem. So I mean he's normally a fairly open to other opinions but he needs to be explained exactly what the full scope of the problem is. He can make an appropriate decision only when we've explained exactly what all the minute usage cases are. So that's really our job is to make the best case for all the different sub problems are so that whatever the final decision he makes is it's made with a full understanding of the whole scope of the problem. OK so Richard Stallman as you know is of course responsible for both version one and version two of the GPL. He's also responsible in collaboration with Council at the FSF Evan Mowgli for the original draft of the GPL version three. He'll actually be responsible for all the drafts as well in collaboration with Evan in the GPL v3 revision process. So his job is to weigh recommendations and the statements that the committees make and to make final determinations based upon them. So to change the license in any way that he sees fit and again change the license for the next draft. OK so enough of talking about the process. So are there any questions about how the process works. Does anybody still wait. How many members does the committee have. Yeah so the committees are actually kind of interesting. Our committee has something like 12 or 15 members or something. They're really flexible as to how many members they have how they're organized. Committee D for example is pretty much set up in an anarchistic way. We don't have any real set rules. We kind of meet in IRC when we meet. Well actually our meetings are every Tuesday at 2200 UTC in Pound Committee D on Free Node right now. So that's where we meet. Anyone here is welcome to join. But yeah the committees don't have a set number of members. There is kind of a maximal recommended number. But again the committees have been free to select their own membership beyond the initial bootstrapping that was done by the Free Software Foundation. Any additional questions. How many counties are represented in the International Committee. Actually I'm not sure about the answer to that question because I haven't actually been paying attention. Somebody who actually knows can tell me. I'm a member of the International Committee and the Free Software Foundation Europe. Free Software Foundation Latin America and the Free Software Initiative of Japan. And the Free Software Foundation India is a member of the International Committee. As I remember correctly. Excellent. So we have at least five Debian individuals involved. Sorry can I just remind people that when they're posing questions to please also introduce themselves. Because the people following along at home do want to know who's asking questions. Thanks. Are there any additional questions about the entire process as it's laid out right now. Okay so I'd like to move then on to talking about the current draft. And exactly the issues are the things that have changed in the current draft. So there have been a couple of major changes and I'm going to limit myself in this discussion to three of the major areas that I think have changed. The first one are the DRM clauses. So these are the clauses that have actually gotten Linus Dorvalds in quite a tizzy about the need to provide his encryption codes. So we'll talk about exactly what changed the rationale behind the changes. And why those changes are probably a reasonably good idea. And why they're worded slightly suboptimally. And what I've been suggesting to change about them. The second thing that I want to talk about a bit more is license compatibility. So one of the other major changes in GPL version three is the addition of explicit license compatibility. So I'm going to talk about those five clauses and exactly what changed to them and why they changed. The third one is not really much of an issue for us because we don't have as many patents as some people do. Well maybe B Dale has to think about these sorts of things. But for the majority of us it's not a huge problem. But one of the things that changed in GPL version three is they recognize the seriousness of patents. Especially software patents and how it affects free software. When GPL version two was originally written software patents were nowhere near as much a problem as they are today. I mean they were still a problem but only a few people were aware of the scope of the problem. And the serious nature of the problem that we have today. And so GPL version three has tried to step forward. And at least address this in as appropriate ways it can while still balancing user freedom in the balance. So DRM. So the first thing that was noticed is a problem called Tivoization. And so the Tivo and apparently does this I don't actually own one. This is all kind of hearsay I haven't actually done all this work on it myself. Is using hardware DRM to block modification. So Tivo uses some GPL works and what it does is they give you the source. But if the compiled source code or the compiled object code that you make from the source is not signed by key controlled by Tivo. It will load the software but it won't actually allow you to run it because it's not signed by an authenticated key controlled by Tivo. So you've got the source code but you have no way of deploying your modifications to hardware that you actually own. So it's sort of a tricky way of using the GPL against itself version two against itself. And blocking the ability of users to implement changes that they actually like to implement. We're also seeing this change happening as it occurs with trusted computing. So again in trusted computing the idea or treacherous computing is some like to call it. And I don't entirely disagree with that characterization. Again you've got cryptographic keys that enable a specific piece of software running on hardware or even in some cases the hardware itself to be vouched for. So that it's actually been signed by somebody. You know this piece of software doesn't contain any back holes. It runs all the appropriate compliance things. It reports everything you're doing to the appropriate authorities if you do anything illegal. So they can sign all those things and make sure that everything from your computer, the data you receive over the internet to the sounds that you're playing all the way as it goes to your speakers are controlled. Of course they haven't quite figured out yet that they can't quite control the last step of the speaker where you actually activate the sound cone. But maybe they'll go to bone phones or something so that they can actually have DRM all the way to your ear. So that's the background of this. And so it's a serious problem that we saw at first in Tivo that was obvious to everybody. But as it goes on it's going to become more and more of a problem. And we need to have ways of making sure that GPL software, no matter what hardware implementations are put on top of it or other software is running alongside GPL works that users of GPL works have the ability to modify their works and deploy those modifications. Hi this is BDL again. Just to throw a different sort of thought in about this. I'm actually not a big DRM fan personally but I would like to point out that the TPMs and a bunch of the fundamental technology elements that are going into platforms to enable trusted computing stuff are generally useful bits of technology. And a lot of times people get wound up about the sort of worst case scenario around the trusted computing model and as a result sort of get a bad taste in their mouth for all of the bits of technology that are part of the solution. What I'd like to point out is the only reason the implementation in something like the Tivo is bad is you can't turn it off. And in all of the desktops and notebooks and so forth I think being in a situation where for some usage models it's possible to turn on some or all of these behaviors is probably a reasonable technology flexibility to provide. And some of those underlying technology components like the TPM itself can be pretty handy for other things. But you're absolutely right. I mean the risk that's trying to be addressed here is a risk that we end up in a situation where we no longer have the ability to modify the behavior of some device that we own even if it's using GPL software. Absolutely. And in fact that's one of the things that when we talk about the issues that I really want to make clear is that we need to allow both the cryptographic signing of keys like we do or packages like we do in Debian so that it's obvious that yes this package came from a source. Okay the RMS or the FTB masters have vouched that yes okay this really is the archive, the release file has been signed so that we know that those packages have come from somewhere appropriate. But on the same account the user has to be able to say no I don't care what you say I want to install this package anyway and they have to be able to do that. And so that's really the balance that has to be made. And so in the issues I'll talk a little bit more about a suggestion that we had to fix this problem in the current draft because the current draft actually doesn't make it clear whether it's blocking, it even appears to be blocking the way that Debian does its signing. So it obviously wasn't the intention but the actual language of the license is a little bit suboptimal in that area. So yeah so the major change here was that the complete corresponding source code and you're going to hear me use that word a whole lot. In fact in this talk it's actually an acronym for CCSC so I don't actually have to type it anymore. So this has been clarified to actually include the codecs and the codes needed to deploy the software. So if you are interested in that text it's in section one and section three so you can see what's going on there. I have one question from Norway or from Skuldenix and we had a big discussion about the new EUCD legislation that prevented people to use their own machines as they want to play their MP3 and play their films. And the Norwegian consumer authority has already looked into the issue with Microsoft Music Store iTunes and the other music stores because breaking I believe five Norwegian laws. And I wonder how this would affect GPL3 and Debian. I call the license a kind of legislation here. How is this compatible with EUCD? So I'm not quite sure what the exact directive is in the EU involved with... Okay so I mean the ability though to actually control your computer to run anything you want on it is one of the things that the GPL is trying to ensure you're able to do. So in any cases where it's less than clear that it's not enabling you to run anything that you want to run on your own computer it's probably a bug in the license. The thing is that the Norwegian legislation seems to say that people should choose their own hardware as they want to. They should play MP3s, films, whatever. If you have paid for it you choose your hardware in the private home but you can't just copy it into internet. That's not allowed. Okay so this is a tricky thing because the American interpretation of this US is much more in what they call it not in favor for the consumer point of view but the European are if you understand this right. So it's more in accordance to the GPL3. I just tell you that it's because you should probably see into what they have said really said in EUCD directive. Okay thank you. Thank you. So yeah so this is one of the major areas that needed to be addressed in GPL version 3. So the next thing I want to talk about briefly was the different license compatibility clauses that were dropped in. So most of these are fairly non-trivial and in fact probably everybody in this room had assumed that these licenses were effectively compatible with GPL because I mean there's no unless you were a lawyer and looking for various ways of suing other people it just made sense. So the first addition so licenses now there's certain limited areas where other licenses that are not the GPL can be made a derivative work in combination with the GPL work and have additional restrictions placed upon a GPL work and so there are five additional restrictions currently that are allowed to be replaced on a GPL version 3 work. This is in market contrast from the previous GPL version 2 draft in which no additional restrictions were allowed to be placed on a version 2 GPL work. So none of these things were technically allowed to be blocked on a work. You could of course grant additional permissions and in fact in the current version that's been made explicit. So granting additional permissions in your copyright statement has been made explicit. Of course nobody else has to include those additional permissions if they don't want to but pretty much everybody who's nice does that. So I mean it's always appropriate to remove additional permissions from a fork of a work if you don't think they're reasonable and that's again made explicit. So the first one again is explicit BSD compatibility that's 7A. Everybody pretty much knows what the BSD says and that's not that exciting. Sorry. Yes. So when I'm saying the BSD I mean the BSD with clause 1, 2 and 4 with clause 3 removed. Some called the fixed BSD or the three clause BSD kind of confusingly because it's really clause 3 that's removed but yes. So yeah I'm not talking about the four clause BSD which is what OpenSSL is licensed under. The second thing is that there's a different warranty disclaimer that has been put in. So you can allow slightly differing warranty disclaimers. It's one of the favorite pastimes of attorneys and lawyers to write warranty disclaimers. They love them. And so odds are if you've got a license or even people who have been influenced by warranty disclaimers like to write their own. So it's allowed to have slightly differing warranty disclaimers. It's kind of a no brainer so I don't even think it really bears mentioning much. The second one is kind of aimed at complying or allowing linking with Apache license works. So as you know Apache license works don't allow use of specific trademark terms. The problem with Apache and to a lesser extent PHP licenses is that they explicitly indicate that the word itself or the letters itself cannot be used and they don't indicate that it's not appropriate to use it outside of the scope of fair use or outside of the scope of trademark law. So they're trying to use copyright law to enforce trademark which in my mind anyway seems rather wrong. You should use the appropriate legal tool to do the appropriate legal job. So but this allows you to prohibit the use of names and trademarks outside of fair use for publicity and such. So just to point out why this is a problem the PHP license currently disallows you from creating a derivative work on PHP called telegraph poll for example because it contains PHP in the name. So it's really a stupid idea but it's what they've got. And so it's probably not anything that anybody would get up in a tizzy about but it's what the license technically says. The third or sorry the fourth clause is actually one of the more controversial. Are you saying that's prohibited by the D. Bill or that you're allowed to prohibit that. Yeah that's a good question. I really don't know. So I would assume that I mean again of course I'm not an attorney so I'm not qualified to give legal flights in the U.S. Definitely not in Mexico. So I would assume that this should be allowed because it seems to be fair use and it's not covered by trademark. I would imagine that it wouldn't. Okay so the question is whether or not the PHP license is actually compatible with the GPL license based on this particular clause. And that's a really thorny question. My gut feeling is that it wouldn't be but I imagine that if you got good attorneys they could say that it was and would argue successfully for it. So it's kind of a what we like to call lawyer bomb. So whoever has the most expensive lawyers can win out the day. So I mean I'm not I can't give you a clear cut answer so it's definitely not obvious that it's compatible. The fourth thing is the AFRO compatibility or AFERO depending on how you pronounce it. And so those of you probably know the AFERO GNU public license or AFERO general public license whatever the acronym actually stands for. It contains a clause which requires you to maintain a functioning facility to provide users with complete corresponding source code upon demand. So that means that it's basically set up to be for ASP setups where you've got a web application. So you can click on a button and you can download the tar ball or something of the source code. So they've allowed explicit compatibility with this section. This is actually one of the clauses this may come can tell you that I'm least happy about. And so hopefully in the issues and round table part we'll have more to talk about that. The other part is again limited software patent retaliation compatibility and limited patent retaliation. So some licenses as you know have brought in patent retaliation clause. And so this allows compatibility with licenses that revoke copyright authorization and permissions based on aggressive patent suits. So by that I mean patent suits that are not retaliatory. So if I just decide to sue you OK claiming that the GPL work violates my patents then I lose any rights that I had to use the GPL works and any of the patent grants contained therein. However it protects me if you sue me claiming that I violated your patents or something. And I sue you saying that OK that's great but look at all these great patents that I've got. I know you're violating some of them. That protects me. Of course since most of you don't have huge patent portfolios it's kind of a null operation. But if you're a big corporation with huge amounts of patents it starts to become a bigger concern. Of course most bigger corporations with a lot of patents have realized by now that software patents are really a serious issue and they need to do something about it. Even if that means that they need to glom together with other corporations and do massive cross licensing something needs to happen. And so for the most part most of the corporate attorneys have been really picking away this clause and trying to figure out how they can this clause and another clause in the license which grants patent rights explicitly and how they can make it fit in with their corporate model and protect them as well as protecting you and me even in case we get sued for patent infringement or something. OK so I talked a little bit about the Afro clause and I think I'm going to wait to talk more about that. I'm going to talk more about that in terms of the issues themselves with the license. Another change was in my opinion the rather stupid geographical limitations clause where somebody said that OK you're not allowed to distribute this work to such and such a country then you couldn't distribute it to it. Luckily almost no one knows that that clause actually existed in GPL version 2 unless they read through the whole license very carefully. So no one used it and so Richard and Evelyn decided that there was no reason to have that clause anyway and it seemed kind of stupid. So they removed it which I think was a good idea. The other thing is that they've made it even more explicit in GPL version 3 that it's not a contract thus forestalling one of the favorite long standing flame wars of Debbie and legal. You just said my name is Andy Bart and I'm come from Germany which is quite important for my next comment. You said at the very beginning that is not in US only license which is of course very very true. But according to German legislation anything that grants your rights to use something is a contract. But of course you can still write that in the GPL otherwise it just void in German terms of speaking and also on the other continental European law systems. That's just a difference between common law systems like the US and the continental laws that we have in Europe. Right and that's kind of a difficult question. The main reason why they didn't want to make it clear that it's not a contract is because in a lot of countries in order to be a contract there are a whole host of legal setups that you have to comply with. So in the case of Germany if it has to be a contract I suppose it will be one. Of course it turns around that if you don't think that it's a contract and you want to argue that it's not and therefore void then it does what it's supposed to do. Then you have no rights to use the work at all. So I mean anybody who's going to argue that it's not valid is pretty much cutting off both feet. So even if that may be a valid argument I don't think anybody will actually make it. Perhaps it might be a good idea. I don't know if it's really a good idea but perhaps it might be a good idea to explicitly say okay into such common law system it's not a contract. In the continental types ones where what a contract is basically defined by different it is one. I don't know if it's possible and useful to do it. That's a good point and I would actually suggest that you make a comment talking about that. So the comments are basically the equivalent of bugs in the bug tracking system for the GPO version 3. Since I'm of course not an expert and not even in US law so that would be a good thing to do. Even if you could suggest language on how to do that. Another thing that was brought in that I mentioned briefly was there's actually patent shielding now. So what that means is that if you're a big corporation and you have massive cross licensing agreements with other corporations and you are knowingly relying upon those cross licensing agreements in order to distribute your work. So that means that if you distribute it those companies aren't going to sue you because they have cross licensing agreements. You have to act in such a manner as to shield your downstream users from those patent claims. So that basically means that when you're actually setting up these patent licenses that you need to do it in such a way that everybody downstream of you can distribute the work as well. So it's pretty much putting the onus on the big corporations who have the ability to make these large patent cross licensing agreements to protect you and me from the outfall of them. So again the digital rights management is currently an open issue which we talked about. The other ones are again treacherous computing which we also mentioned briefly. The next one is the ASP loophole which I'll talk about a little bit more and what I think should be done there. I forget what I was talking about with section 6. Oh that's actually a change that I'm suggesting for the ASP loophole. Again the patents so again not much of a problem for you and me but a problem for big companies. And the final thing is my own little pet peeve is the fact that the GPL itself isn't free software. So I wanted to talk briefly about that. So the main thing again with DRM is that we wanted to prevent devosation. And so that's the overarching background of this entire clause. So what we really need is we need the keys necessary to update the device. So if it's possible to disable the keys that should be fine. If it's possible for the user to generate their own keys and replace the keys existing on the device. That should also be okay. So long as the device when it's updated like that is able to communicate with everything it was able to communicate with before that should be appropriate. It's also not intended that the current clause is written as it seems to some to say should require users who are encrypting stuff for example with GPG intentionally to provide the decrypted output or their keys to anybody else who asks. So it definitely wasn't intentional for that to be written that way but a lot of comments were made saying that it seemed that you had to provide your private key and the hash to unlock it so that other people could read all your mail and stuff. So that was definitely not intentional. And so the other thing that it seems to make you provide currently is API keys. So for example just to pick one that I thought up when I was thinking about this the Google API currently requires that you have some sort of key to uniquely identify you and want to make more than about a thousand requests a day of their API. So obviously an application who is writing something for the Google API is not fully functional unless you have such a key. But it seems silly that the maintainer of the package should have to give you their API key. Perhaps they've paid for a full up license to get, I don't know, whatever else a full up license at Google gives you. So if it's possible for you to get an API key without paying anything additional then you should be able to do that. Yeah. Andreas has a question. Just another question. If you look for example at the Linux kernel currently they are doing something which says that's a tainted flag. So if you load modules which are not provided by the original you use kernel Torbol to get tainted to that. Which is of course a good thing and it's more or less enforced by the license currently. Would that be compatible with GPL VC? It's not technically protected, it's only forbidden to change it currently. Right, since it's probably enforcing the license I would imagine that it's compatible. And of course since you've actually got the source code you can remove all that code anyway. So I mean it seems like you've got all the keys that you need all the keys to the castle that you need to do it. So it seems reasonable to enable it. Any questions about this? So I know this is really the issue that Linux Torbol had problems with and GPL version 3. So basically the current change that I've made so yeah. Just another question. Yeah, a question with respect to keys by the way I'm Yuri Osilevsky. Is it enough for there to be a way for you to work around the existing key like disable that functionality, replace them, get your own through Google or whatever or that should be the default key. They should be by default disabled. I think it's probably enough for you to be able to trivially disable it. And by that I mean that you don't have to go in and they can't say that oh yeah well you can disable it by twiddling this bit in the file. You have to disassemble first and then reassemble. So I mean it has to be something that you can actually disable. But it doesn't have to be the default case. No, I mean it could be the way currently written it seems like that but in my understanding it should not be the default case because it's perfectly legitimate for a default install of Debian for example to have the packages being signed so that users who don't know what they're doing are aware if they're downloading from a site that's been Trojan or something. Thank you. So that's the major change that I'm trying to make and I've actually prepared a position statement on this in the current draft. And frankly if you think about the Tivo case it's completely legitimate for a company like that to want to ship a product where they have control over the bits that are running particularly while the user wants to stay within the bounds of a warranty or something like that. I mean this is an interesting question and it's come up before with respect to indemnification and all sorts of other sort of legal boundary case issues is you want to provide the ability for any end user under the spirit not just the letter of the GPL to be able to modify and enhance and prove and then run the stuff that they've done and share it with others and so forth but it's also completely reasonable for a company to say okay but when you do that you're not actually running the bits that we gave you anymore so there has to be some boundary on our responsibility for whether it works or not and so I don't even have any problem if something like a Tivo wants to ship in a mode where it won't run somebody else's you know compiled executables unless you do something explicit to turn that on and in the process have the chance to be presented with a banner that says by the way you're now walking outside of the bounds of what we as the company produce this product know how to warrant and how to support I think as users those of us who are into working on our own stuff and making it better all the time would consider that a button we happily press and keep going and that would completely resolve the philosophical issue in my mind don't think again that you know there's no use or there's no value in the world for these sorts of mechanisms we just have to have some way to turn them off and keep using the stuff Right exactly yeah I mean part of the problem too though becomes difficult because one of the things that you can do with those flags is you can then take and say hey this thing has been modified so now you can no longer interact with the Tivo network as you were before so it's kind of a question whether you can disallowing warranty may be appropriate but breaking the interoperability of your Tivo device with other Tivo devices however that actually happens based on the fact that you've modified the software even if you fix the bug in Tivo and it's working better than it was before is in my mind anyway not acceptable so it's one of those things where actually writing this clause and the replacement for it is still suboptimal Seth Schoenberg is continually emailing me huge missives telling me exactly where my latest attempt at fixing this is fundamentally broken and the cases where it allows people to be locked into DRM or where it disallows use cases that are appropriate and so it's really been a very difficult task to write a clause that actually works in this aspect in fact if you're actually interested in seeing my current attempt it's the same SVN directory it's just issues instead of issue underscore mailboxes and you can see exactly what I've currently written on it and what I'm currently thinking about and you can send me mail telling me that I'm doing something completely wrong that I should be doing something else instead that's always fun so yeah so this again is the major one of the major issues with the current draft and so it's one of the things that everybody really should think about because you all use work you're all going to be affected by DRM in the Tivo case wouldn't it be appropriate for Tivo to include a statement in their service agreement with a customer saying that if you use an authorized software we cannot provide you the service and wouldn't that then be outside the scope of a GPL license then what the problem is is they're using GPL works and they're using GPL works in such a way that they're basically breaking the freedom of the users to modify them so I mean while they probably could do that I don't think it would be appropriate as far as V3 is concerned because it would break the interoperability of the GPL V3 work even if all they did was just recompile it and it was still working exactly the same so I mean if they wanted to do that and it may be an appropriate business model for them they shouldn't be using GPL works to do so because I mean otherwise they're basically using GPL works and piggybacking on the work of a lot of free software developers and using it to lock in their users we have another question over here Hi Andrew McMillan when the GPL V3 comes into effect for these situations will that mean that code that's been licensed for GPL V2 or later at your choice will enable people to put cases against the Tivo kind of code? No so once code has been put under V2 you could take V2 code, fork it and say that I'm going to add bits to it that are V2 only and so it will still be possible at any point in time assuming you've got V2 or later code and to make it just compliant with V2 So the license choice there applies to the Tivo people not to the ultimate recipients of the code? So the ultimate, yeah so it's the person distributing so the users unfortunately the way it works is the distributor has to comply with the license not necessarily the users although there is an interesting case that we'll talk about in a second with the Afro compatibility clause that's kind of changing that notion Another issue that I had is there's a section in the GPL V3 which disallows illegal invasions of users privacy so obviously illegally invading your users privacy is quite reprehensible it's not something that you should be doing but there are already extant criminal procedures used to prosecute people who legally invade users privacy of course the only people who wouldn't be liable to be prosecuted criminally or at least civilly are companies or sorry not companies governments yes I'm confusing the two they seem very similar these days so governments of course wouldn't be the major people who wouldn't be prosecuted criminally but of course governments are in a unique position to be also the arbitrators of their laws in their own country so it doesn't help to go after a country saying that you violated copyright in quite a few countries anyway because a country could just say well okay that's fine your copyright is great but we need it in order to do X so we hereby disavow your copyright within the limits of our country or whatever they need to do so it's kind of a clause that has a nice idea but it's not particularly effective the other problem of course again obvious it has an obvious connection to the Sony DRM debacle I'm actually not sure since I'm not Richard M. Stallman even though I have long hair I'm not sure exactly whether he was thinking about that when he wrote this clause but it definitely seems appropriate in relationship to that whole root kit fiasco and some of the other really invasive DRM clauses the problem for Debian of course is that this clause quite clearly conflicts with DFSG section 6 and so this is the as I like to call it the anti-no-nuk clause so there's a couple licenses that aren't very popular anymore because very few people actually think well I guess everybody thinks about nuclear working still but there used to be quite a few licenses that disallowed the use of software for example nuclear controllers and nuclear reactors or nuclear submarines or people who are using it to wage war and all sorts of stuff and so DFSG 6 is basically the restrictions on fields of endeavor and so as reprehensible as it is illegally invading users' privacy is probably a field of endeavor that the FBI and probably the NSA in the US currently does quite a bit of well as far as I understood the clause now it just says it's not allowed to make illegal invasions of the user's privacy whereas the FBI claims to make legal invasions so and I really doubt a bit that the DFSG number 6 really prevents one to say okay you're not allowed to illegally use software we can discuss about that but of course it's not okay to say you're not allowed to build power plants so that's not okay but not to say you're not allowed to do illegal actions because we're out of scope anyways if you do illegal actions the problem though is of course the question is which illegality are we talking about which legal system so if you're living in a country for example that has a really authoritarian government like the US which wants to really control what people do then it may be much things that you would actually consider doing are illegal so I mean even trivial works would be illegal and it seems silly to have the copyright license revoked for something that normally you'd be civilly liable for or criminally liable well it's a lot of silly things but not all the silly things are forbidden by the DFSG of course but I'm saying that this is a case where DFSG section 6 explicitly states out and says that restricting fields of endeavor is not appropriate thing for the license to do well I disagree but I don't think that we will have anything if we continue this discussion but in the end I think it would be good to get rid of that clause anyways right exactly the clause doesn't really gain anything for the license so that was just one minor issue that I picked up that was actually pretty straightforward I just deleted it back on the previous slide I'm a little bit confused because the DFSG isn't a license itself it's just a set of guidelines about what licenses have to do so how is it anti no new clause so the idea behind it was that there were specific licenses that were saying that you cannot use this software in a nuclear power plant which is a very specific field of endeavor and so that's why I like to call it that but it's just my but that's actually both the DFSG and GPL3 would not allow that so the GPL version 3 so that's section 6 or subpart 6 or however you want to call it of the DFSG that has this clause so the GPL doesn't say anything about use of nuclear power plants or anything I guess I don't see the conflict between the no legal invasion of users privacy and DFSG6 yeah maybe I'm just missing something okay yeah DFSG stops people from having licenses that say you're not allowed to use this in a particular field of endeavor that clause in the GPL is attempting to stop criminals using the GPL code that is a field of endeavor so effectively we're saying we would like criminals to use Debian as much as anybody else so another issue in the license is the anti-DMCA clause there's a clause in the license in section 3 that tells you that this work is not an effective method of copyright control or access control the idea behind that is to explicitly disclaim any attachment of the DMCA to a GPL version 3 work so somebody can't come and tell you that oh look I've encrypted whatever I'm doing with GPL version 3 and then sue you under the DMCA because the license has told you that it's explicitly not a DRM or a effective means of encryption I was wondering about this because it seems to me from a legal standpoint that merely saying this thing which is quite clearly blue is not blue I'm not sure how that would stand up in court right exactly and that's one of the reasons why this clause an issue because a lot of people have pointed out that it's not clear that this clause is actually able to do what it attempts to do so I mean I don't really know whether it would actually be able to do the other problem is of course a lot of countries don't have the DMCA so a lot of people are wondering well why do we need this stupid clause that doesn't have anything to do with our country which is enlightened and doesn't have this law and so a lot of people have been writing to say that it's a problem as well and one modifying argument for it is that at the worst case it becomes a null op so I mean it doesn't hurt you it may help in specific cases so I don't know whether it actually will stay or not I don't really have a strong opinion on it either way I just know what the problems are with it Hi my name is Jimmy Kaplowitz and one solution could be instead of saying that this work doesn't meet the legal definition in the DMCA it would be to say that the copyright holders granting this license waive any rights to pursue legal action under you know under the charge of an accusation of circumvention of technological measures or something along those lines I don't know the right wording right and I think let me actually show what it says so you can kind of get an idea oops that's not working well unfortunately the sim links are all busted well I can't show it to you right now but the idea behind it was that it was set up so that the copyright holders who were licensing the work the original distribution were saying that yeah this thing isn't really doesn't really qualify under the DMCA so that was the intention was to do exactly what you mentioned if whether it does it or not sufficiently whether it's clear or not it seems definitely clear that it's not clear enough because of all the comments that we've had about it so it's definitely something that could be clarified yes but I was suggesting if a legal or if a statement that it does not meet the legal definition is unenforceable because a court might find that it does meet the legal definition instead of phrasing it as a statement of fact you could phrase it as a waiver of rights to pursue such a claim which would probably be more unambiguously enforceable that may be a good idea to add even in addition to the statement of fact is saying that that yeah I would suggest that you actually file a comment on that section so it's section 3 it's like couple paragraphs down in section 3 there's actually one question from online Thomas Martins and asks over ISE if it actually does work legally to just explicitly state that your works are not under the MCA will that hold up in a court? that's really a question that I have no idea what the answer to because of course there's no case law that I'm aware of covering this exact issue in the US so an attorney would probably have to make a judgment call and any attorney who tells you cart blanched one way or the other is lying so you should get odds on what the outcome is from them so yeah of course the other problem of course is that all countries don't have the DMCA and so that was just causing confusion any more questions? sorry well about other countries not having the DMCA the way I see it is that it's it's sort of missing the point to say in my country there is no DMCA so why should I have to include this clause in my license because even if in your country there is no DMCA there's no reason why you couldn't go to the US and sue somebody who's trying to interoperate with your software in the US that's true yeah Edgar that was Edgar any more questions about this another thing that I wonder is if because I mean Stallone is in the US and he cares about the DMCA but there's like funky laws all around the world so that opens like if we do it for the United States shouldn't we do it for like every other sick laws wherever like this software is not an act of God under the law of the island of or this software is not you don't have to put like a sticker from the Italian corporation of editors if you distribute this software because it's not a musical performance I don't know that comes like strikes to me that there should if you put that then there should be like a breakdown of and it would become fairly funky I guess I know it sounds kind of US centric and which makes me a bit bitter but I could see it useful but it's kind of a kind of warms that is a question behind you too is it written in such a way that it explicitly spells out the DMCA or is it written to say you know any law that tries to make these restrictions isn't covered because I know that Hollywood is trying to push you know and somebody mentioned one going on in Europe that Hollywood is trying to push this into every country and it might not be a bad idea to have a clause that protects about the general case yeah it is actually a general case it basically says that the work does not constitute an effective means of access control or content control so it uses the language of the DMCA but it doesn't refer to the DMCA so it basically uses the clause of the DMCA and the wording of it to say that it's not valid as far as including more countries with bad laws I'm not sure if that's such a bad idea actually if there are countries with significant free software presence and we need to rat around laws that may be something that needs to be thought about more part of the thing with the US is that our problems dominate I mean everybody knows about every single little issue that the US has so sometimes it's hard for people who are sitting inside the US to recognize and see the problems that other countries legal and other institutions legal issues have set up so I mean it's probably just a case that they weren't aware because they happen to be living in the US any additional questions about this particular clause so my favorite clause so Mako and I have argued quite a bit about this we have very different ideas as to what should be done about the ASP loophole so the ASP loophole for those of you who aren't familiar is the application service provider loophole and so the idea behind this is that you could have an application service provider for example Google being a very popular application service provider which provides an application which uses GPL works but the users of that application no longer have access to the source code there's no way for them to deploy their modifications and by use of the ASP model they've effectively removed the ability of users to either control their data or to modify the source code fix bugs, enable the software to do things that they want to do so obviously there are a bunch of ways that this can be dealt with the current method that it's dealt with is that it's written as a restriction on modification so they've basically imported the current wording of the Afro GPL wholesale into this clause this is 7D and it's written so that you must maintain functional facilities which enable the user of the work to obtain the complete corresponding source code and so obviously that's a restriction on modification if I'm running a name registry like a domain registry and I'm using a, I set up a website using Apache or other open source code to have a website so people can register their names or even a hotel registration or something like that I'm providing a service and am I going to be expecting to provide the source code with that reservation system just because I'm offering it as a service I'm a little confused with this so that's actually one of the major questions about this particular clause so it's actually currently written as an additional restriction that can be put in so it's primary purpose was of course to allow explicit compatibility between the Afro GPL and GPL works because the Afro GPL was written in sort of close collaboration with the FSF and there was always an assumption that they would be able to share works between each other I see both sides of the issue just consider the normal case what we have we all run some sort of web server also which is based on the software even a lot of GPL software beyond it I'm having some things the user can download is it already enough to invoke such a clause that I need to offer everybody to download my kernel sources for example which would be in my opinion insane on the one side on the other hand side I see tenancies web to zero as it's called where you do some total applications only via the web like you do your web processor via the web and then of course it's useful to say the users have access to the source code so I think there's some way between it's possible to go along in both sides right and that's currently one of the reasons why this clause is optional so it's set up so that you have to explicitly enable it by combining a GPL to work with the work that uses this clause or in some other fashion turning on this clause this is probably a stupid question but if you've got a GPL configuration file and you change the passwords do you have to publish them my name is Philip Hans if you've got a patchy and the configuration files are GPLed except it's a patchy that's a bad example but web server and the configuration files are GPLed when you change them you've modified them right so you put a new password in dot dot dot what is there an exception for that sort of thing yeah there's not one that's currently written and again that's one of the other issues that has been brought up in the yeah in the flame war on Debian Legal about the FRO GPL and why it's not DFSG compliant one of the problems like for example in really creptacular PHP scripts you can actually put in the passwords in the script itself a lot of them for some reason so of course any time that you accidentally forget to accidentally on purpose or something forget to load the PHP module and somebody browses the website they get all your passwords which is so wonderful so yeah this is an issue that has to be really thought out and in fact that's one of the reasons why I've been going round and round about it it's because I don't know of a good way to break the loophole and also stop the evil sorts of uses of GPL works that restrict users' freedoms I think about this it's interesting to see where the line is I quite like this close generally write a web application like that is obviously used by the user and it can only run on a server like a PHP application in no way I can enforce that users can actually get modified source code if they use it but where does using stop like is the user using my Apache or is the user only using my PHP application or is the user using the PHP engine is the user using my Linux kernel so another complex thing is actually where to draw the line that you consider the user using it so it should have source code or the user is actually not using it I am using it so it's modification for my own personal use and I don't have to give it away unless they sell it or blah yeah exactly and in fact in one of the fixes to this we're trying to think about is allowing the user to have non private use i.e. performance or something satisfy any of the parts of section 6 so that you didn't have a functional requirement for an explicit functional module that had to download the source code and no matter what you do did you couldn't remove that functional bit but it still gets back we still get stuck in what's use and who's a user and when is use non private when is it a performance and these are really difficult questions to answer in any sane amount of context and even worse have it applicable to most legal systems it's quite difficult my name is Simon Law and I was wondering how this particular clause differs from the existing section 2c of gplv2 which is the interactive copyright and warranty display restriction so it basically says if the modified program normally interactively one run you must cause it to continue displaying this and you're not allowed to remove this code so what's the difference here in terms of objection that's actually a good point I'm not entirely happy about 2c as well so one of the molifying aspects of 2c is at least it tells you what it has to provide so it says okay right it says that it has no warranty and where the license can be found it doesn't tell you that you have to keep it exactly the same way it doesn't tell you that you even have to have it in English it just has to have those things so at least it has that molifying aspect and it's also set up in such a way that it only triggers when it's run non interactively in the most trivial way so that means you can easily disable it by putting in .files and all sorts of environmental variables so while it's an issue and it may be a strict GFSG compliance issue if we were to ignore clause 10 it's at least there are methods around it that don't make it as near pain in the butt as it is with the aphoroclaus as written I'll say Matt Sagra Bellny does the passwords for PHP, scripts and whatnot like that does that really differ from keys for DMR for cloud kernels and things like that as long as you can circumvent the DRM and generate your own keys that's similar to generating your own passwords has that issue been brought up that's actually an interesting point the problem is that as currently written and most of the ways that these things are done it basically just dumps out the source code out of your web directory so I'm not entirely sure whether it would be easy to set up the work such that it can rip out the passwords since most PHP projects seem to be kind of one-offs it's probably a little suboptimal for them Margarita Manterella from Argentina I don't know if you are familiar with the open source license the OSL version 2 but it looks like this aphoroclaus might make open source license compatible with GPS I'm not actually sure with all the terms that are in the OSL license so I can't really state go ahead next question about this is basically if you say user should retain the full sites to modify the software even if it's running in an ASP or an ASP that basically means they need to have access to not only the software but other environmental stuff which could be quite hard so in the end I feel you couldn't get to any solution that's something else then forbidding to use the software at an ASP so you're wondering whether or not the subsidiary things like for example if you wanted to run a copy of Google like Google file system would enable you to do what it does and that's an important point but that's the same issue that you have on different for example GPO the works that run only on Windows I mean they have dependencies that you can't get access to to modify so or Java, yeah for example Aigarh Smachinos from purely legal standpoint I'm not a lawyer but I've been told that copyright license cannot restrict use it can only restrict distribution so basically this clause even be in effect and it is from my point of view we can only talk about what HTML code or Java script can be distributed to the client and what license that has it cannot even touch the scripts that are running on the server yeah and so one of the things and the way in this which this is written is it's set up such that you can no longer actually remove this functional facility and because at least in US copyright law the preparation of the derivative work is one of the rights reserved to a copyright holder they can actually restrict you from making this kind of modification of course I love to argue about it because I have the delusional belief that private modification is sacrosanct you should be able to take copyrighted work and if you want to face it, burn it, it's your job it's not your work, it's not your copyright but it's your physical copy you should be able to delete it I mean it should always be appropriate to if you don't like windows to delete it so yeah I kind of even though that's technically what the law says in the US I'm not such a big fan of it but of course it wouldn't be the first time that I'm not a big fan of what the US law actually says well now I have to play a bit devil's advocate and just say okay what do we actually do usually we speak about what do we need if you distribute this code, if you distribute some binaries you need to put the source on if you distribute the source you must allow everybody who gets the source to make certain actions for this like modify, distribute so basically have freedoms and what this now is that we are going via a set of distributing and basically doing the same as a large music companies do and say okay you can buy this music to but only play it if you do this and that and that and that's basically something that we consider very ever and very non free right exactly and in fact that's really my primary objection to this clause I mean I see the ASP loophole as a serious problem that we need to find some way of solving I almost wish that we wouldn't have to solve it that users would learn that they're not safe using ASP models they should figure out that these are not things that they really want to be using their data is locked up they can't modify they should stop but given the number of users who are still using Windows a lot of them haven't got the message yet so I mean I don't know what to do it's really trying to solve the problem I don't know if it's the best way I kind of think it isn't but I haven't thought of a better way and I've been thinking about this for I don't know probably two years now so I still don't know a good way we're moving forward but it's still just a slight clarification oh my name is Peter Samuelson by the way to what you were saying just a minute ago copyright does actually allow you to restrict certain uses it's not just about distribution private use of copyright material is generally I mean I guess that's what we consider fair use and they can't really do much to you but public performance which I know Don has talked a little bit about and certain other kinds of public use can be restricted by a copyright owner this is why if you want to show a movie in your own home at least in the United States you can do that but if you want to show a movie in public you have to pay somebody extra money for it you don't just have to buy the DVD you also have to enter a license agreement with the copyright holder to show it in public and probably share some of your profits with them and so forth right well yeah it's getting at the performance question so I was asked about distribution but it's really not just distribution it's really the public performance aspect because you're not technically distributing a copy well I mean unless you think that having it burned into the retinas is a copy I guess if you're the RIA your drums are a really important thing or so okay any additional questions really quick we're got about five minutes left let me see if I had any more slides I don't want to talk oh yeah so one of the other things is the fact that patents are now an explicit grant so it always was before that patents were set up as an implicit grant if you basically had to give any rights that you had to end users it's now been made explicit there's a real clause that's saying that hey if you've got patents you're explicitly granting them to end users patent shielding I mentioned before I also talked about before it was limited patent reciprocity there are currently a lot of licenses that do ridiculous patent reciprocity clauses and so those need to be basically rewritten a lot of them are written by people who have done a lot of license proliferation unfortunately the OSI is a little bit guilty of approving licenses that they should have not done and they should have told the authors that you don't need to write any license go back look at these other licenses which you should use instead but that's something that they haven't done so in conclusion really quick participate please read the license for yourself see what it says think about it make comments about it on GPOV3.FSF.org the second thing don't believe anything I've said find out for yourself what it says find out what it says in your own country is not your country I understand my country different from your country even if you live in the US you have a different understanding of the US than I do you live in different places for example very few of you actually live in California I don't know if you're familiar but states in the US all have slightly different laws in some cases it's a unified code there's federal code but there's also state laws and they're all slightly different so if you know your state's laws you should also be thinking about them the final thing is do it soon the second draft is being written as we well the issues that are going to be taken into account into the second draft were due yesterday the second draft will be being reviewed and being written in the next couple weeks the second draft will come out in a month or so then once the second draft has come out there will only be two more drafts if that so you need to get involved now to make sure that your contributions and the changes that you need to have made are made in a license or at least properly addressed if you don't do that you'll be stuck with a GPL version 3 that you're not particularly happy with and so I don't want that to happen to any software developer here I want you all to be able to willingly license your works GPL v2 or later and later GPL v3 or later so please participate and make sure that the GPL v3 does what you needed to do last minute questions since I think we may have a couple more seconds my name is Daniel Bauman I'm not a lawyer but I'm a bit familiar with Swiss law and the German law I would like to precise what Andy Bart says at this first point where he has talked about concerns about the GPL is a license or a contract in the German law in fact it does not matter at all if it's a license or a contract for German law and for Swiss law and most European countries it's also not important if you would like to read it from a lawyer there is a book from O'Reilly written by the IFR OSS that's an institution of lawyers who takes care for legal advice for open source projects and this book is readable online on the O'Reilly website and they state that that's no difference for European law especially German law if a license if the GPL is a license or a contract because it's all the same only USA does distinguish between them any additional questions in the closing moments? more like a comment than a question well I'm Edgar Rosera and I am not a lawyer either but I have it from good authority that there might be a problem with explicit granting of patents in Mexican law so my wife is an expert in intellectual property and she's particularly studied Mexican and Canadian law and she was saying that it is not valid according to patent law to grant a patent that you don't already have and there's something in the wording of the of the draft for the version 3 where you grant all patents that you might eventually have and stuff like that to make it invalid under Mexican law of course one of the modifying aspects is that every time you do distribution you're re-granting those rights so as soon as you get a new patent you do a distribution you've now granted the rights to those patents so I guess it's a continuous thing so I suppose if you distributed stop distributing and then got patents it may be different but then hopefully those patents only cover the GPL of the work so if we won't be a big issue there's one more question because of back what about compatibility between version 2 and 3 of the GPL so as written they're currently incompatible because there are additional restrictions that the GPL version 3 has that v2 does not and that's one of the serious problems with licensing as the kernel has done and in fact they've been told multiple times repeatedly that's not something that was a wise idea to license under v2 only so what's probably going to happen is hopefully people will eventually clue in and start licensing stuff v2 or later a lot of things actually in the kernel probably already are that way so eventually we can transition to a more sane license that actually deals with some of the problems that we have now as opposed to the problems that we had 10 or 15 years ago last minute questions do we have any more hello I just wanted to thank Don and the others in Debian who are spending a lot of their time representing the interests of Debian and free software and that we really appreciate that a lot thank you I'd also like to thank to all the members of the committees the people who have commented and also Debian legal as flame-ridden as it may be every now and then things come out of there that are pretty important so they're actually there even though you may disagree with them all the time so thank you Don we have one last minute question I feel silly asking another question after all the applause but does the GPL3 actually give you additional rights over the GPL2 or is it only restrictions so the it's kind of a tricky question so it's definitely not less it depends from the perspective so if you're talking as a user it gives the users more rights does it is it closer to the BSD license no it's not I'm talking more about the perspective from the developer because if you make the license say GPLV2 or later then basically you could you can't change that anymore later right so you can use some of your rights as a developer well as a developer though you have rights to do whatever you want so you can always take a work that you've licensed under V2 or later say V3 or later or sell it to Microsoft and say hey you can use it but you can't do that retroactively well yeah once you open up the cat's bag it's out but since it's even more restrictive there's I mean if it was less restrictive there may be an issue but since it's more restrictive preserving more user freedoms I really don't see why a distributor would have a problem with it of course philosophical problems are something completely different