![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
Update: A Canonical employee responded here, but doesn't appear to actually contradict anything I say below.
I wrote about Canonical's Ubuntu IP policy here, but primarily in terms of its broader impact, but I mentioned a few specific cases. People seem to have picked up on the case of container images (especially Docker ones), so here's an unambiguous statement:
If you generate a container image that is not a 100% unmodified version of Ubuntu (ie, you have not removed or added anything), Canonical insist that you must ask them for permission to distribute it. The only alternative is to rebuild every binary package you wish to ship[1], removing all trademarks in the process. As I mentioned in my original post, the IP policy does not merely require you to remove trademarks that would cause infringement, it requires you to remove all trademarks - a strict reading would require you to remove every instance of the word "ubuntu" from the packages.
If you want to contact Canonical to request permission, you can do so here. Or you could just derive from Debian instead.
[1] Other than ones whose license explicitly grants permission to redistribute binaries and which do not permit any additional restrictions to be imposed upon the license grants - so any GPLed material is fine
I wrote about Canonical's Ubuntu IP policy here, but primarily in terms of its broader impact, but I mentioned a few specific cases. People seem to have picked up on the case of container images (especially Docker ones), so here's an unambiguous statement:
If you generate a container image that is not a 100% unmodified version of Ubuntu (ie, you have not removed or added anything), Canonical insist that you must ask them for permission to distribute it. The only alternative is to rebuild every binary package you wish to ship[1], removing all trademarks in the process. As I mentioned in my original post, the IP policy does not merely require you to remove trademarks that would cause infringement, it requires you to remove all trademarks - a strict reading would require you to remove every instance of the word "ubuntu" from the packages.
If you want to contact Canonical to request permission, you can do so here. Or you could just derive from Debian instead.
[1] Other than ones whose license explicitly grants permission to redistribute binaries and which do not permit any additional restrictions to be imposed upon the license grants - so any GPLed material is fine
Ubuntu and copyright violations for containers ...
Date: 2015-07-20 08:28 pm (UTC)Presumably Fedora containers would also be licensing and copyright appropriate: I'm not sure, given Red Hat policies on licensing and derivatives now whether I'd want to base containers on CentOS
Re: Ubuntu and copyright violations for containers ...
Date: 2015-07-20 09:34 pm (UTC)Re: Ubuntu and copyright violations for containers ...
Date: 2015-08-06 09:50 pm (UTC)In both distros, there are two packages that need to be changed - *-release and *-logos. That is, fedora-release and fedora-logos, or centos-release and centos-logos. This is a very long established practice with a history of public support from Red Hat's legal team that you can do-what-you-like as long as you change those two packages and have a different name for your release.
In fact, the Fedora Project has the 'Fedora Remix' logo process that allows you to do what you like with the code, and you have the option of calling it a 'Fedora Remix' - https://fedoraproject.org/wiki/Remix (https://fedoraproject.org/wiki/Remix)
You do not need to rebuild the rest of the distro. You just need to replace the logos in the above two packages, rebuild them, and you are good to go. In fact, as mentioned above, Fedora has a generic-logos package -- you don't have to bother with artwork (as long as you don't mind dancing hot dogs of unknown meat-like origin https://bugzilla.redhat.com/show_bug.cgi?id=495561 (https://bugzilla.redhat.com/show_bug.cgi?id=495561) .)
It is true that both projects ask that you do not call your release 'Fedora' or 'CentOS' if you change any packages, and the reasoning is pretty clear -- when you rebuild, you could introduce changes (including malicious code on purpose or by accident), and both communities have enormous reputations to protect. What they release is built, tested, and signed on a protected build system. That's part of what the brand (trademark) promise provides.
no subject
Date: 2015-07-21 12:08 am (UTC)Now, if I'd just copy it into my local archive, would you still care about me modifying it?
no subject
Date: 2015-07-21 12:11 am (UTC)no subject
Date: 2015-07-21 02:20 am (UTC)only binaries?
Date: 2015-07-21 04:22 am (UTC)I sincerely hope that it at least only cover the former... The latter could then also be expanded to blog posts explaining how to install software ;-)
no subject
Date: 2015-07-21 07:00 am (UTC)no subject
Date: 2015-07-21 07:43 am (UTC)Remember, by default everything is copyrighted to its respective author. As a recipient, you only have fair use rights to make and/or distribute copies. The only reason you can make as many copies as you want of Ubuntu (or GPLd works, or works under other Free licenses) is that they come with a copyright license which allows you to make copies - provided you adhere to the other conditions in the license.
As per the GPL: "However, nothing other than this License grants you permission to propagate or modify any covered work. These actions infringe copyright if you do not accept this License. Therefore, by modifying or propagating a covered work, you indicate your acceptance of this License to do so."
So, if the copyright license says "you can only make copies if a) they are *identical* to the original, or b) if you remove *all* references to Ubuntu and recompile everything from sources yourself" and you fail to honour that, then you're in breach of copyright.
no subject
Date: 2015-07-21 05:53 pm (UTC)There's a lot of irrelevant ifs in here. Canonical does not have a license that states anything like this. They do however own the 'Ubuntu' trademark. This is entirely a trademark violation, copyright has nothing to do with it.
no subject
Date: 2015-07-22 06:32 am (UTC)does not apply to real life
Date: 2015-07-21 08:32 am (UTC)Re: does not apply to real life
Date: 2015-07-21 09:53 pm (UTC)Deriving from Debian
Date: 2015-07-21 11:34 am (UTC)Are you sure this is sufficient to stay clear of legal trouble? You also say that "[...] a strict reading would require you to remove every instance of the word "ubuntu" from the packages". There are plenty of packages in the Debian archive that contain the string "ubuntu" in changelogs (version strings in particular, but also maintainer e-mail addresses), documentation, and elsewhere. Many of these packages are required to run even a fairly minimal Debian system. Heck, even the linux package changelog has "ubuntu" all over it in Jessie.
Am I missing something or, by that "strict reading" is Debian also in violation of Ubuntu's (Canonical's) policies here?
Re: Deriving from Debian
Date: 2015-07-22 10:54 am (UTC)Re: Deriving from Debian
Date: 2015-07-22 09:32 pm (UTC)The open question is whether Canonical has a case for going after Debian or (and this seems more likely to me) someone basing their stuff on Debian. You can take your pick between copyright or trademark law. To get you into trouble under copyright law I guess it's sufficient if there's any code under a license that's liberal enough to allow Canonical to add the extra restrictions Matthew blogged about on top of it. If changes under that combined license have been imported from Ubuntu into Debian one could argue that Canonical has a case. Irrespective of the copyright policy, under a strict reading of trademark law it may be sufficient for anything in Debian to contain the string "*buntu". Whether either case stands any chance in court is not clear at all, though, but that's the point: There's a non-zero chance of success for Canonical. Thus, unless you have a large legal department and a budget to match, it's now just no longer a sane business decision to have this doubt looming over your product. You'll want to stay clear of this risk.
I believe Debian should take action. Whether that be seeking proper legal counsel as to whether or not Debian users may be affected by this (I'd sure like to be proven wrong!) and if so under what conditions and to what extent. Or whether it be removing code with problematic license status and any Ubuntu trademarks from the Debian archive just to be sure.
Is that so ?
Date: 2015-07-21 12:06 pm (UTC)"If you are producing software for use with or on Ubuntu you may reference Ubuntu, but must avoid: (i) any implication of endorsement, or (ii) any attempt to unfairly or confusingly capitalise on the goodwill of Canonical or Ubuntu."
So let me summarize.
- GPL is out of scope
- Personal Use or internal organisational use is out of scope
- Redistribution is out of scope, provided you don't want to associate your altered package with Ubuntu trademarks, which does not mean you can't refer to Ubuntu
no subject
Date: 2015-07-21 11:02 pm (UTC)no subject
Date: 2015-07-22 12:00 pm (UTC)Your approach is to use an official base image (is there one?) from canonical and a Dockerfile.
totally likely to happen
Date: 2015-07-22 03:10 am (UTC)You have an idea, and it's a one-off/prototype, and you just want to see if it works, and you're excited, so you use a container that will be quick to set up, and then it does work, and you show it off … and you just violated copyright.
It's very easy to get swept up in the excitement of open source without really thinking about what that means. Almost everyone I know is a) quite young, b) new to open source, c) new to linux, or d) all three. Many of them don't think about copyright or licensing. And many don't realize all the ways that those apply.
So where I live, it's "totally likely to happen".
Thanks for being clear.
Vagrant?
Date: 2015-07-26 12:12 pm (UTC)Is that so ?
Date: 2015-07-29 01:47 pm (UTC)Second, you state "The only alternative is to rebuild every binary package you wish to ship[1], removing all trademarks in the process." Again a false statement. Canonical has made it crystal clear that a solution using overlayfs on top of the official ubuntu image is 100% legit and as such always permitted.
Yet your title reads "Your Ubuntu-based container image is probably a copyright violation", which is simply untrue, a big generalization, and FUD. IMHO your personal quest damages the FOSS world more than the things you are writing about.
Re: Is that so ?
Date: 2015-07-29 04:09 pm (UTC)I mean yeah but that doesn't sound like any of the interesting cases.
No, certain Canonical employees have said that Docker images that inherit from the official Ubuntu image are fine. They haven't pointed to anything in the policy that permits this, they haven't said that this is true of the general case, and they haven't made it clear that this is an official position. There's probably still enough to claim estoppal in the Docker case, but outside that I think you're on your own.
Sure! I dislike Ubuntu IP as well.
Date: 2015-12-13 08:25 pm (UTC)So if Canonical wants to hurt their systems adoption: okay, I think they acieved it. So at least some part of Internet Of Things going to be Debian based instead. Whatever, Ubuntu is just too risky/troublesome to use it in any commercial application. And it is their IP policy to blame.
no subject
Date: 2016-01-21 05:34 am (UTC)Ilyas Bakirov