[personal profile] mjg59
(In order to avoid any ambiguity here, this is a personal opinion. The Free Software Foundation's opinion on this matter is here)

Canonical have a legal policy surrounding reuse of Intellectual Property they own in Ubuntu, and you can find it here. It's recently been modified to handle concerns raised by various people including the Free Software Foundation[1], who have some further opinions on the matter here. The net outcome is that Canonical made it explicit that if the license a piece of software is under explicitly says you can do something, you can do that even if the Ubuntu IP policy would otherwise forbid it.

Unfortunately, "Canonical have made it explicit that they're not attempting to violate the GPL" is about the nicest thing you can say about this. The most troubling statement is Any redistribution of modified versions of Ubuntu must be approved, certified or provided by Canonical if you are going to associate it with the Trademarks. Otherwise you must remove and replace the Trademarks and will need to recompile the source code to create your own binaries.. The apparent aim here is to avoid situations where people take Ubuntu, modify it and continue to pass it off as Ubuntu. But it reaches far further than that. Cases where this may apply include (but are not limited to):
  • Anyone producing a device that runs an operating system based on Ubuntu, even if it's entirely invisible to the user (eg, an embedded ARM device using Ubuntu as its base OS)
  • Anyone producing containers based on Ubuntu
  • Anyone producing cloud images (such as AMIs) based on Ubuntu

In each of these cases, a strict reading of the policy indicates that you are distributing a modified version of Ubuntu and therefore must either get it approved by Canonical or remove the trademarks and rebuild everything. The strange thing is that this doesn't limit itself to rebuilding packages that include Canonical's trademarks - there's a requirement that you rebuild all binaries.

Now obviously this is good engineering practice in a whole bunch of ways, but it's a huge pain in the ass. And to make things worse, Canonical won't clarify what they consider to be use of their trademarks. Many Ubuntu packages rebuilt from Debian include the word "ubuntu" in their version string. Many Ubuntu packages will contain the word "ubuntu" in maintainer email addresses. Many Ubuntu packages include references to Ubuntu (for instance, documentation might say "This configuration file is located under /etc/default in Debian and Ubuntu"). And many Ubuntu packages will include the compiler version string, which will include the word "ubuntu". Realistically, there's no risk of confusion by using the trademarks in this way, and as a consequence there would be no infringement under trademark law. But Canonical aren't using trademark law here. Canonical assert that they hold copyright over binaries that they have built form source, and require that for you to have permission to redistribute these binaries under copyright law you must remove the trademarks. This means that it doesn't matter whether your use of the trademarks would be infringing or not - you're required to remove them, because fuck you that's why.

This is a huge overreach. It's hostile to free software, in that it makes it significantly more difficult to produce derivative works of Ubuntu and doesn't benefit the community in the process. It's hostile to our understanding of IP law, in that it claims that the mechanical process of turning source code into binaries creates an independently copyrightable work. And in some cases it may make it impossible to create derivative works that interoperate with Ubuntu due to applications making assumptions about the presence of strings.

It'd be easy write this off as an over the top misinterpretation of the policy if it hadn't been confirmed by the Ubuntu Community Manager that any binaries shipped by Ubuntu under licenses that don't grant an explicit right to redistribute the binaries can't be redistributed without permission or rebuilding. When I asked for clarification from Canonical over a year ago, I got no response[2]. Perhaps Canonical don't want to force you to remove every single use of the word Ubuntu from derivative works, but their policy is written such that the natural reading is that they do, and they've refused every single opportunity they've been given to clarify the point.

So, we're left with a policy that makes it hugely impractical to redistribute modified versions of Ubuntu unless Canonical approve of it. That's not freedom, and it's certainly not Ubuntu. If Canonical are serious about participating in the free software community then they need to demonstrate their willingness to continue improving this policy to bring it closer to our goals. Failure to do so will give a strong indication of their priorities.

[1] While I'm a member of the FSF's board of directors, I'm not involved in the majority of the FSF's day to day activities and was not part of this process
[2] Nebula's OS was a mixture of binary packages we pulled straight from Ubuntu and packages we rebuilt, so we were obviously pretty interested in what the answer was

Can I quote this in its entirety

Date: 2015-07-15 08:04 pm (UTC)
From: (Anonymous)
Have just forwarded the new Ubuntu policy, the FSF and SFC documents to work colleagues considering a process for my employers to contribute to FLOSS.

Can I possibly link to this and forward it to a Google+ group for them?


[I do miss the old style mjg59 with CAPITAL LETTERS ARE FORECAST :D ]

Ubuntu IP

Date: 2015-07-15 08:40 pm (UTC)
From: (Anonymous)
At least one large company has been blocking shipping of Ubuntu based appliances and vm images for this and requiring they use a sanely licensed distro. Given how common packaged images are becoming it's really going to hurt Ubuntu if they don't sort it out. Their "pay us to bless your ubuntu variant" model is fine but their approach of making it hard to use the code any other way is ugly


Date: 2015-07-15 08:57 pm (UTC)
From: (Anonymous)
>> because fuck you that's why

Becuase now with the Ubuntu pone they need to retain copyright if not, anyone could sherry pick the binaries and put it in any pone w/o Ubuntu controller, prolly to protect the brand, I don't see the problema of this.

Re: Because...

Date: 2015-07-16 07:43 pm (UTC)
From: (Anonymous)
You mean the same way Ubuntu "borrows" debian-packages, enables converting rpm to ubuntu packages using alien, installing/running Android apk packages using archon and windows executabkes using wine?

Re: Because...

Date: 2015-07-17 10:40 pm (UTC)
From: (Anonymous)
Whereas with this restriction they'd need to edit some text and recompile; not the biggest task in the world. I don't see this protecting anything.

Date: 2015-07-15 09:52 pm (UTC)
From: (Anonymous)
Well, the FSF statement does say that this is only "the first update emerging from that process" and that the work will continue with Canonical.

I think everyone agree here that improvements should still be made to the policy, but figuring out a sensible lawyer-proof wording that would both protect the Ubuntu copyright from abuses and guarantee sufficient freedom to the community is far from an easy task.

In the mean time, I'm not aware of any case where Canonical refused to "approve" an Ubuntu based work done by the community. Ok, it's a shame to even have to ask Canonical, but do we have an example where an arguably "legitimate" derived project was forcefully shot down by Canonical?

I just see no objective reason to not trust that Canonical is acting in good faith here.

That is the problem

Date: 2015-07-16 02:28 pm (UTC)
From: (Anonymous)
The problem is it leaves to many holes open. What if Ubuntu wants to charge Linux Mint for the right to have it's users pull debs from the Ubuntu repos? Can they do that? Sure just because Ubuntu has never refused approval in the past does not mean that they wont do it in the future. Assurances from Canonical are nice, but are not enforceable. Canonical can put whatever is necessary in print to clear up any ambiguity.

I can understand if they are concerned about branding and things the user clearly see being labeled as Ubuntu. But is it ok to leave a string that reports to other software it is some Ubuntu version? Or text string that says "Ubuntu" is never seen by the end user, but is compiled into a binary? Are those OK, or will Canonical say you are violating their copyright or trademark?

The short answer is we don't know. The current licenses are vague and ambiguous. Technically they could go after a project and force them to pay, go to court, rebase, recompile or shut down. Some of it may not even be enforceable in court.

The bottom line is their should be no doubt about what Canonical says can and can not be done. They have intentionally plenty of room for doubt. It has taken 2 years to get this out of them. It could take 4 or 6 more years to get clarification on all the other points.

As a member of the "community" that discourages me from making any contributions to Ubuntu. I can't trust Ubuntu. I have no idea what their motives are and no idea how they might bludgeon other distros for using those binary deb files. Besides not being good for downstream distros, this is not good for Ubuntu.

Software Bouncers

Date: 2015-07-16 01:52 am (UTC)
ext_1592914: (Default)
From: [identity profile] doctormo [launchpad.net]
These legal documents basically create some discretionary ground from which Canonical could possibly launch a attack against a downstream user. We must trust Canonical with this discretion, as risky as it is; but know that if they ever where to launch a disreputable attack they would be placed alongside the likes of SCO, Oracle and Microsoft in having steeply negative and possibly unrecoverable moral reputation.

So there's still some cost to them, even if their legalese is verified as enforceable.

So far though, Canonical seems more interested in doing nothing at all for or against Free Software. So not really a great hazard; especially as the slower but more creative developments elsewhere come to undermined Ubuntu's desktop position over time.

Re: Software Bouncers

Date: 2015-07-16 11:08 am (UTC)
From: (Anonymous)
It is probably fine to trust current Canonical to not go after any normal downstream use of the binaries, such as pre-configured containers for free software deployment.

But you cannot trust these things over a buy-out scenario, for example.

So, yes, it makes a lot of sense for any compliance officer to outright forbid any use of Ubuntu for distributing containers, and anything else their copyright policy requires explicit permission for distribution. Unless you get said permission, of course.

Re: Software Bouncers

Date: 2015-07-16 08:08 pm (UTC)
From: (Anonymous)
> It is probably fine to trust current Canonical

Is it? They went for fixubuntu, Mint and just did recently throwed out a voice that pointed at exactly this problem. You may hope it never happens to you but "trust" and accept to maybe find yourself in such a situation you can easily avoid by e.g. using debian direct rather then this derivat? Why? Whats the benefit for this additional risk and legal uncertain?

This is why Steam OS uses Debian

Date: 2015-07-16 04:23 am (UTC)
From: (Anonymous)
I can confirm that the reason Valve decided to use Debian instead of Ubuntu for Steam OS was the ambiguity of the Ubuntu IP Policy. We initially supported Steam on Ubuntu but when our legal looked into the IP Policy we realized we could not use Ubuntu for SteamOS without serious changes by Canonical.

Re: This is why Steam OS uses Debian

Date: 2015-07-16 07:06 am (UTC)
From: (Anonymous)
Hey Anonymous,
Any chance you would be willing to put a name/identity to this comment about Steam? While this reads as a plausible statement, I don't like citing anonymous quotes, or relying on them in discussion at all really.

So you could save me some time knocking on people's doors asking them to go on record to confirm this as fact, if I can get you to go on record now and put a name on the comment.

-jef spaleta

Re: This is why Steam OS uses Debian

Date: 2015-07-16 12:44 pm (UTC)
From: (Anonymous)
From canonical engineers:"our management messed up Valve engagement". Canonical engineers really want for e.g. things like Steam OS, google cloud OS, etc. be Ubuntu based.

Were there monetary negotiations for e.g. support contract or some such from Canonical to escalate things that failed?

When things suck, we should fix them.

Re: This is why Steam OS uses Debian

Date: 2015-07-16 08:23 pm (UTC)
From: (Anonymous)

Gabe Newell named "legal uncertainties". Jono Bacon guessed its caused by the "trademark fee" means exactly that IP-policy. What other "legal uncertainties" are there that effect Ubuntu but not debian and require to switch the whole distribution rather then only components?

Is it all that hard?

Date: 2015-07-24 06:20 pm (UTC)
From: (Anonymous)
You say that it's "a huge pain in the ass" to rebuild the binaries. Is it really? Given a list of packages/deb's, it's maybe a 10 line script to rebuild the packages using the same name. [ create subdirectory, cd into subdirectory, apt-get source command, apt-get build-dep command, dpkg-source command,dpkg-buildpackage, copy out the resulting deb ]

With GPLv2 and GPLv3 (and most other OS licenses), recompiling would put you completely into framework of trademark law. Trademark law is easy since the standard is "likelihood of confusion". Thus, once you've rebuilt the package and as long as you aren't infringing on trademark (and as you say, "Realistically, there's no risk of confusion by using the trademarks in this way" for most packages), you are done.

Re: Is it all that hard?

Date: 2015-07-24 08:53 pm (UTC)
From: (Anonymous)
I believe that Canonical can force you to recompile. [My view may differ from the FSF here. For example, I read the GPLv2 as requiring the ability for users to make verbatim copies of source and users the ability to distribute their own binaries based on that source. However, I'm pretty sure that legally, a licensee is not required to allow users to distribute verbatim copies of their binary/object program. If true, they can impose restrictions on distributions of their binary programs.]

Once you have recompiled, that is your own binary distributable according to the GPLv2, for example. At which point Canonical can only force you to remove trademarks up to the enforceability of trademark law. Specifically they can only force you to remove trademarked words/logos/etc that can cause "brand confusion" (including endorsement, etc.).

Specifically, they can not force you to remove "ubuntu" from things that do not cause brand/product confusion. For example, if I am mocking Ubuntu, I can certainly use Ubuntu's trademarks and symbols in the parody. Trademark law is completely different than patent law where unknowing patent infringement is still patent infringement. At least in the US, I believe that "intent to cause confusion" is the standard for Trademark law --- this effectively means that it would be unactionable without an assertion of a Cease and Desist by Canonical unless the intent was obviously there to cause brand confusion.


Matthew Garrett

About Matthew

Power management, mobile and firmware developer on Linux. Security developer at Google. Member of the Free Software Foundation board of directors. Ex-biologist. @mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer.

Page Summary

Expand Cut Tags

No cut tags