• Edited

studog Can you explain how copyleft licences prohibit "offering secure products including locked down devices"?

I am not a lawyer, but at a high level the GPL requires that the user of a device be able to modify the source code to make the device do different things. If the device is locked down, that is not possible.

https://en.m.wikipedia.org/wiki/Tivoization

    studog
    Like it's stated in the article @de0u linked, the GPLv3 license was specifically developed to prevent usage of the licensed software in locked down devices. You can also refer to this thread about the license issues with Florisboard.

      Hello, in terms of perimeter of the OS apps, are the clock and the calculator indispensable ? I would rather have the perimeter limited to what is actually needed for the system to run. Users can add whatever apps they prefer.

        de0u

        I am familiar with Tivoization. It doesn't apply at the user app level though. Even a locked down device can install user apps, and, if that's a user app that has been compiled from source (with a GPLv3 licence) with some changes I made, I can and should be able to install that.

        Maybe I'm not understanding what you mean by "locked down"?

        Moonji

        I read the thread, it doesn't enlighten me. I think I might have a different idea than GrapheneOS of what "locked down" means.

          Eirikr70

          Automatic transmission isn't required for a car to run, but many people won't buy a car without it.


          I'd say calculator and clock are required apps. Calculating is the very heart of what computers do after all.

          studog
          From my understanding the problem is the following: If a part of the OS like the keyboard application is licensed under GPLv3, an OEM that wants to ship their device with GrapheneOS could face legal trouble if they lock it down, since that would violate the license of that part of the code. Since GrapheneOS wants to make it possible for OEM to make locked down devices with Graphene and make it as easy as possible at that, they can't include GPLv3 licensed code. Of course you can install GPLv3 licensed software afterwards, but what ships with the OS needs to be permissively licensed.

            Eirikr70
            There was a pretty heated discussion about this on here, but unfortunately I can't find it. However I don't think the set of default applications will change or should change. GOS is very serous about offering a secure way to their users to obtain software, like they've demonstrated recently by including a mirror of the Accrescent Store. Providing them with a basic set of apps, so they don't have to install them from other places like F-Droid should go along with that. However I can understand that the current set of applications is not ideal. That's why I started this discussion after all. If you don't like the Clock / Calculator apps, you can just disable them and they will not take up any storage.

            Moonji

            This is still a bit of hand-waving, I think. Let me try to clarify.

            GOS ships with a keyboard (as a specific example), that's licenced GPLv3. That means end users can request the keyboard source (which is open source due to GPLv3), make some modifications, compile their own version, then load that APK (however they do that), and then run their modified keyboard instead of the shipped keyboard.

            If "locked down" means "can't install any user-space apps", then yes, GPLv3 is an issue.
            If "locked down" means "can install user-space apps", then I don't see how the GPLv3 is a problem in the above sequence.

            Edit: I'm not trying to argue GOS' decision on this, only trying to understand something that others understand that I do not.

            studog Even a locked down device can install user apps [...]

            That assumes a very specific notion of "locked down"!

            One example I have seen raised in the past is a security camera. For some people, being able to buy a security camera where none of the software (not kernel code, not user-space code) can be replaced would be attractive, because then it is possible to believe that remote threat actors can't invisibly replace the software.

            It is true that a device with a locked-down OS that allowed free installation of apps would not be a "Tivoization" problem, but a device with a locked-down OS and a fixed, unchangeable set of apps would be.

            Regardless, I believe that the GrapheneOS project has been opposed to any GPLv3 code, and, I believe, to adding any GPL'd code to user space.

              de0u

              Yes, I mentioned that I might not understand precisely what "locked down" means in this context.


              A fixed unchangeable set of apps seems problematic in any circumstance, because this precludes the ability to receive security-related updates. Nonetheless, I can imagine that there is some market for this sort of "locked down".

              • de0u replied to this.

                studog A fixed unchangeable set of apps seems problematic in any circumstance, because this precludes the ability to receive security-related updates.

                In the case of a $50 security camera, if the manufacturer isn't likely to issue a security update after a year, the effective security upgrade path would be replacing the device. But if the device is shipped with a path for installing additional code, that path might be abused, so it might be better to just not have such a path. For example, perhaps the manufacturer's update system requires ostensible upgrades to be signed, but the signing key is leaked (similar to Fairphone).

                But the "Tivoization" argument isn't really about that. In the Tivo case, the device was locked down so that the company had a path for issuing upgrades but only the company could. In such a model, security upgrades from the company are not precluded. But this situation is viewed by some as intolerable, because some people want end users to be able to apply arbitrary updates to a device. This gave rise to GPLv3.

                Overall, "locked down" doesn't have a single meaning. Some definitions of "locked down" are clearly incompatible with GPLv3, because GPLv3 was written expressly to conflict with those definitions of "locked down".

                Meanwhile, there are multiple licenses that clearly do not conflict with any definition of "locked down".