![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Mir, the Canonical CLA and skewing the playing field
Mir is Canonical's equivalent to Wayland - a display server, responsible for getting application pixmaps onto a screen. It's intended to scale from mobile devices to the desktop, and as such is expected to turn up in Ubuntu Phone before too long[1]. There's already plenty of discussion about whether the technical differences between Wayland and Mir are sufficient to justify Canonical going their own way, so I'm not planning on talking about that.
Like many Canonical-led projects, Mir is under GPLv3 - a strong copyleft license. There's a couple of aspects of GPLv3 that are intended to protect users from being unable to make use of the rights that the license grants them. The first is that if GPLv3 code is shipped as part of a user product, it must be possible for the user to replace that GPLv3 code. That's a problem if your device is intended to be locked down enough that it can only run vendor code. The second is that it grants an explicit patent license to downstream recipients, permitting them to make use of those patents in derivative works.
One of the consequences of these obligations is that companies whose business models depend on either selling locked-down devices or licensing patents tend to be fairly reluctant to ship GPLv3 software. In effect, this is GPLv3 acting entirely as intended - unless you're willing to guarantee that a user can exercise the freedoms defined by the free software definition, you don't get to ship GPLv3 material. Some companies have decided that shipping GPLv3 code would be more expensive than either improving existing code under a more liberal license or writing new code from scratch. Android's a pretty great example of this - it contains no GPLv3 code, and even GPLv2 code (outside the kernel) is kept to a minimum.
Which, given Canonical's focus on pushing Ubuntu into GPLv3-hostile markets, makes the choice of GPLv3 an odd one. This isn't a problem as long as they're the sole copyright holder, because the copyright holder is obviously free to ship their code under as many licenses as they want. But Canonical still aim to foster community involvement, and ideally that includes accepting external contributions to their code. If Canonical simply accepted those contributions under GPLv3 then they'd no longer have the right to relicense the entire codebase, so any contributions are only accepted if the contributor has signed a Contributor License Agreement.
Canonical's CLA is pretty simple. In essence, it grants Canonical the right to use, modify and distribute your code, and it grants Canonical a patent license under any patents you own that may cover the code in question. But, most importantly, it grants Canonical the right to relicense your contribution under their choice of license. This means that, despite not being the sole copyright holder, Canonical are free to relicense your code under a proprietary license.
Given Canonical's market goals, this makes sense. They can relicense Mir (and any other GPLv3 projects they own) under licenses that keep their hardware partners happy, and they can ship in the phone market. Everyone's a winner.
Except, if Canonical want to ship proprietary versions, why not just license Mir under a license that permits that in the first place? This is where the asymmetry comes in. The Android userland is released under a permissive license that allows anyone to take Google's code, modify it as they wish and ship it on whatever hardware they want. I could legally start a company that provided customised versions of Android to phone vendors without them having any GPLv3 concerns. I won't be able to do that with Ubuntu Phone.
I'm a fan of GPLv3. I think the provisions it contains to support user freedom are important. I hate the growing trend of using free software to build devices that are, effectively, impossible for the end user to modify. If Canonical were releasing software under GPLv3 because of a commitment to free software then that would be an amazing thing. But it's pretty much impossible to square the CLA's requirement that contributors grant Canonical the right to ship under a proprietary license with a commitment to free software. Instead you end up with a situation that looks awfully like Canonical wanting to squash competition by making it impossible for anyone else to sell modified versions of Canonical's software in the same market.
Canonical aren't doing anything illegal or immoral here. They're free to run their projects in any way they choose. But retaining the right to produce proprietary versions of external contributions without granting equivalent reciprocal rights isn't consistent with caring about free software or contributing to the wider Linux community, especially if it means you get to exclude those external contributors from the market you're selling their code into.
(Edit to add: a friend in the contracting industry points out that it also prevents vendors who won't ship GPLv3 from using external contractors to work on Mir - they have to go to Canonical, because only Canonical can relicense contributions under a proprietary license.)
[1] Right now Ubuntu Phone is using Surfaceflinger, the Android display server, but that's apparently just an interim solution.
Like many Canonical-led projects, Mir is under GPLv3 - a strong copyleft license. There's a couple of aspects of GPLv3 that are intended to protect users from being unable to make use of the rights that the license grants them. The first is that if GPLv3 code is shipped as part of a user product, it must be possible for the user to replace that GPLv3 code. That's a problem if your device is intended to be locked down enough that it can only run vendor code. The second is that it grants an explicit patent license to downstream recipients, permitting them to make use of those patents in derivative works.
One of the consequences of these obligations is that companies whose business models depend on either selling locked-down devices or licensing patents tend to be fairly reluctant to ship GPLv3 software. In effect, this is GPLv3 acting entirely as intended - unless you're willing to guarantee that a user can exercise the freedoms defined by the free software definition, you don't get to ship GPLv3 material. Some companies have decided that shipping GPLv3 code would be more expensive than either improving existing code under a more liberal license or writing new code from scratch. Android's a pretty great example of this - it contains no GPLv3 code, and even GPLv2 code (outside the kernel) is kept to a minimum.
Which, given Canonical's focus on pushing Ubuntu into GPLv3-hostile markets, makes the choice of GPLv3 an odd one. This isn't a problem as long as they're the sole copyright holder, because the copyright holder is obviously free to ship their code under as many licenses as they want. But Canonical still aim to foster community involvement, and ideally that includes accepting external contributions to their code. If Canonical simply accepted those contributions under GPLv3 then they'd no longer have the right to relicense the entire codebase, so any contributions are only accepted if the contributor has signed a Contributor License Agreement.
Canonical's CLA is pretty simple. In essence, it grants Canonical the right to use, modify and distribute your code, and it grants Canonical a patent license under any patents you own that may cover the code in question. But, most importantly, it grants Canonical the right to relicense your contribution under their choice of license. This means that, despite not being the sole copyright holder, Canonical are free to relicense your code under a proprietary license.
Given Canonical's market goals, this makes sense. They can relicense Mir (and any other GPLv3 projects they own) under licenses that keep their hardware partners happy, and they can ship in the phone market. Everyone's a winner.
Except, if Canonical want to ship proprietary versions, why not just license Mir under a license that permits that in the first place? This is where the asymmetry comes in. The Android userland is released under a permissive license that allows anyone to take Google's code, modify it as they wish and ship it on whatever hardware they want. I could legally start a company that provided customised versions of Android to phone vendors without them having any GPLv3 concerns. I won't be able to do that with Ubuntu Phone.
I'm a fan of GPLv3. I think the provisions it contains to support user freedom are important. I hate the growing trend of using free software to build devices that are, effectively, impossible for the end user to modify. If Canonical were releasing software under GPLv3 because of a commitment to free software then that would be an amazing thing. But it's pretty much impossible to square the CLA's requirement that contributors grant Canonical the right to ship under a proprietary license with a commitment to free software. Instead you end up with a situation that looks awfully like Canonical wanting to squash competition by making it impossible for anyone else to sell modified versions of Canonical's software in the same market.
Canonical aren't doing anything illegal or immoral here. They're free to run their projects in any way they choose. But retaining the right to produce proprietary versions of external contributions without granting equivalent reciprocal rights isn't consistent with caring about free software or contributing to the wider Linux community, especially if it means you get to exclude those external contributors from the market you're selling their code into.
(Edit to add: a friend in the contracting industry points out that it also prevents vendors who won't ship GPLv3 from using external contractors to work on Mir - they have to go to Canonical, because only Canonical can relicense contributions under a proprietary license.)
[1] Right now Ubuntu Phone is using Surfaceflinger, the Android display server, but that's apparently just an interim solution.
Other projects with central-author-relicenses-as-they-please
(Anonymous) 2013-08-29 04:36 pm (UTC)(link)Folks above have already mentioned OpenOffice, which got forked into LibreOffice shortly after Oracle bought out Sun, and is now currently IBM+Oracle ApacheOffice with a BSD-style license (so that someday IBM+Oracle can offer their own downstream proprietary derivatives of same) versus LibreOffice which has less typically-corporate backing but gets support from the distros.
Probably more important is the OpenJDK versus OracleJava and GoogleJava situation (both the latter two maintain private repos for Java-on-windows and Java-ported-to-android respectively).
Qt was mentioned, and KDE+GPL versus proprietary release.
Another example with less political baggage might help clarify the span of such things: TightVNC, from Estonia (if memory serves), uses the GPL throughout, but explicitly offers to relicense the project for proprietary projects that want to pay for the code without paying for the GPL. They are not the biggest VNC fish in the pond, and there are plenty of GPL-all-the-time VNC projects, but TightVNC has still survived (even against RedHat's own TigerVNC) for quite a long time now. The project is also good code; I use it.
So, although I'm definitely wary of the Canonical distro turning into the equivalent of TiVo, or the mini-equivalent of Oracle-nee-Sun... what they're doing is not actually wrong in any way, and might turn out for the better. For instance, look forward to three or four years from now, when Google has half the phone market, with their BSD-style preference and their willingness to let phone-and-carrier-folks lock down the bootloader. If the other half of the market is win9 and iOS, that is no good. I'd rather the other half of the market be Canonical with their GPL3, and have the then-in-the-future-backers of Canonical present their new terms to the phone-n-carrier folks, namely, time for GPL3, so we can keep google's spyware and lockdown tactics from beating us.
Yes, this could be a pipe-dream. Maybe the folks at canonical will turn out to be like the folks at google. (Or maybe it will turn out that google folks are the ones who pressure the phone-n-carrier industry to open up... I'd love to be surprised that way. Owning moto gives google the advantage of being able to produce open hardware, not just open software, if they could just bring themselves to decide to do so.)
In the short run, I'm reasonably worried about the Linux fragmentation that mir/wayland/surfaceflinger/x11 are about to cause. I'm *very* worried that wayland will follow mir, in happily working with binary-blob graphics drivers. (See the mir homepage which is careful to mention several times how it will 'function' with the existing open-source drivers but emphasize that mir will be 'optimal' with proprietary nvidia slash amd drivers on the desktop and proprietary android-like drivers on tablets and phones.)
But in the long run, GPL3 is a pretty good constraint, even with the CLA. It mostly depends on the sort of people that are in charge of Canonical, a few years from now. If you want to have an impact on what licensing constraints the UbuntuPhone2017 will ship with, prolly it is better to try and get some power over decision-making at that point. Ubuntu has no stock, since they are private, but if they do try to become a phone-power they'll probably go public. Better to have GPL-friendly folks on the board, rather than folks like Steve Ballmer, right? Also, better to have some GPL-friendly folks on the Ubuntu Tech Board where MJG used to reside, and working on Mir.
Am I suggesting that everybody just trust canonical, or that everybody just buy ubuntu Inc stock, or even that everybody contribute to mir? Nah. I'm just pointing out that it is better to wait and see, than to harshly judge now. Maybe our suspicions will turn out wrong. It's fine to voice the suspicion, by the way. If we don't publicize the risks to freedom, nobody will be aware there even is such a risk, after all. But the Mir project is not yet proven to be a risk to freedom (and Wayland is not yet proven to be a panacea for freedom -- look at the proprietary firmware stuff collabora did with the wayland backend for the raspberry pi).
I guess I'm trying to say this old chestnut: trust, but verify.
Re: Other projects with central-author-relicenses-as-they-please
(Anonymous) 2013-11-28 05:15 pm (UTC)(link)1) We are doing the hard work of maintaining and designing Mir, so, we have the right to make some money with proprietary licenses.
2) We are glad to take your patches, as long as it doesn't break that source of income.
3) If the community cares enough about Mir and decides to take on the hard work of maintaining it, all you need to do is fork it. You'll still be able to use all our code, and we won't be able use yours in our proprietary version.
There are many examples of such approach resulting in good things, and I still thing the GPL3/LGPL3 is a great choice open source use.