jdev - 2020-03-09

> Essentially every business uses GPL Linux Do note there's a collective effort among businesses to move away from GPL. Replacing gcc with clang and everything gpl'd with alternatives in freebsd is one such example. I believe one of the reasons behind Google's development of Fuchsia is to move away from the gpl'd kernel too.

"collective" or "google and apple" ?

Yeah that's also how I read it

I was actually thinking about this earlier, how hard it'd be to run any type of business without touching linux

you'd need windows servers and laptops, fine, what router can you use? also no android phones, and certainly no "cloud" anything, not even backups, and no CDNs or anything

I seriously doubt any such business exists, if they use a computer, they use linux

> "collective" or "google and apple" ? Freebsd isn't maintained by google and apple is it

As much as I hate to get drawn back into this, I'm sick of these arguments: It's not that people aren't using anything GPL, people aren't including libraries and other things that would trigger the GPL. No business cares if they're using Linux on their servers because they will never have to spend any extra money or time making sure they're GPL compliant because most business aren't contributing back to Linux and it's not going to trigger their own products having to use the viral provisions of the GPL and be GPL themselves. It may be unintentional and in good faith, but the "businesses still use Linux" is just a strawman argument. I thas nothing to do with why businesses avoid the GPL.

However, if a library they're linking into their own products is GPL, or a binary they have to ship with their products is GPL, most businesses will try to avoid those products and use an alternative because they risk being sued if someone thinks their product should have been GPLed as well by extension, or they have to spend time upstreaming patches which they don't want to do, or they have to upstream something that's actually business critical and they want to remain proprietary, etc.

Are you only talking about GPL or copyleft in general btw

I've never seen a license that requires upstreaming changes, or anything more than putting a source archive on a website someplace

yeah that's goodies but not actually required

and you are talking about very specific businesses

Depends on the license, but I suppose copyleft in general? Most larger businesses I've worked at have a document with what licenses are okay and what should be avoided. Generally AGPL/GPL is an absolute no and they'll make you use something else if the auditors find it in the codebase, MPL is a yellow "needs approval first", BSD is okay, etc.

I work in the healthcare sector, we have a few large apps, and use plenty of GPL software, because we don't release it

Putting source on a website someplace is something that takes time and effort, even if it's minimal. And if you forget to do it, or pull in something by mistake, or someone just does it wrong, you could get sued.

we run it on servers and such, employees use it, but there is no problem whatsoever using GPL libraries

I wouldn't like to work in these companies you've worked at then..

Yes, we also run plenty of GPL software because we don't release it, that's what I was saying.

pep., yah, I agree, I hate them, but I've never found a job that would let me work almots exclusively in Open Source except Docker, but they went bust right after I joined at sold me to Mirantis. Although even they had a "no GPL" policy.

maybe it's just whatever the manager's opinion is at the time or something

It's a policy set by lawyers in all the medium to large companies I've been at. Not an individual manager, comes from the legal team working for the CEO or the board or whomever.

I was recently blindsided by a manager being shocked we used open source code because, and I quote, "open source is insecure, because anyone can see it, and anyone can modify it"

this was an IT security manager ^

heh, I've only ever seen that sort of nonsense once and it wasn't even that bad

in the same meeting he also said "what is Java" and "what is a JVM" so I was briefly worried I had been teleported back to 1995 :P

but yea, I appreciate the examples, it's all a mess...

there's always the "what if" etc

moparisthebest: > we run it on servers and such, employees use it, but there is no problem whatsoever using GPL libraries Technically, your employees / server admins may ask the developers for the source code of the GPL-infested application and put it on github the next morning.

In the case of apple, they don't want to use gpl3 because of the patents stuff in it, gpl2 is fine for them (and linux is stll gpl2). i think the situation for freebsd is similar

For fuchsia, there are probably other things to take into account, mainly the fact that linux is "upstream your changes or you will never be able to maintain your own drivers", and this leads to android things running on outdated/unmaintained kernels. Fuchsia is a microkernel, drivers are more sandboxed and easier to port to newer/fixed versions of the os. I don't think there is a license problem at play

Doesn't the gpl require that all changes to the code be published, except the blobs? I seriously doubt google cares about devices being up-to-date. They might be considering changing their planned obsolescence policy from "buy a new device every couple of years or be stuck with an out-of-date rom" to be akin to that of apple, i.e. "we'll nag you until you install our updates which will make your device run slower". But that doesn't seem to be the case: Fuchsia will allow vendors to modify the kernel as much as they want without releasing the changes, thus making alternative roms like Lineageos flat out impossible, so that devices will receive even less updates. ✏

The vendors don't necessarily want to modify the kernel and do dirty unmaintainable hacks. Give them a prebuilt kernel and a clean api and sdk to plug their drivers to and they'll be very happy to do that. Linux has failed to provide such a thing. And the problem for Google is not on two year old phones, it's that even on still supported phones, security updates are out of their control because they have togo through the manufacturer to rebuild a kernel. If there is a microkernel with separate drivers, Google will be in charge of updating the kernel and could do so through the playstore or whatever without involving the manufacturer at adl

If that works this way, it would actually make things easier for lineageos because they would just get the binary drivers and run their own kernel and userland with them. But if the drivers are not published, it will indeed be a problem for replicant, which wants to have everything opensource

That only improves anything if drivers are bug free

>the vendors don't necessarily want to modify the kernel and do dirty unmaintaiable hacks Judging from their current behaviour, I'd say given the opportunity they would. Just like they create their own UIs, and I mean not only launchers and apps but also general outlook and funcitonality modifications. Every vendor's android is different. And altering the kernel in an uncompatible way would also be in their interest as it would give them more control over the devices, thus helping them to enforce the current planned obsolescence policy. ✏