#4286 BLOC Update.: Verify that the current theft-deterrence design is compatible with our GPL obligations.

Zarro Boogs per Child bugtracker at laptop.org
Mon Nov 12 14:41:36 EST 2007 

#4286: Verify that the current theft-deterrence design is compatible with our GPL
obligations.
----------------------+-----------------------------------------------------
  Reporter:  mstone   |       Owner:  mako    
      Type:  task     |      Status:  assigned
  Priority:  blocker  |   Milestone:  Update.2
 Component:  distro   |     Version:          
Resolution:           |    Keywords:          
  Verified:  0        |  
----------------------+-----------------------------------------------------
Changes (by mako):

  * status:  new => assigned


Comment:

 My proposed solution, which I have already run by several people in OLPC
 and OLPC's lawyers, is to distribute source code for GPLv3 applications
 fully under section 6(a) of the license. For GPLv2 licensed applications,
 this will also satisfy as distribution under section 3(a) which is a
 similar, but less restrictive, method than GPLv3 6(a).

 In other words, OLPC should distribute the complete corresponding source,
 including "installation information" at the time that laptops are
 distributed in such a way that the complete corresponding source
 "accompanies" laptops to their destination. In this way, OLPC will come
 fully into compliance with the GPL (versions 2 and 3) when the laptops are
 distributed. This will satisfy all source redistribution obligations under
 the license and free OLPC from any future liability due to the lack of key
 distribution due to anti-theft system as might be the case with
 distribution under 6(b).

 OLPC should ship:

  * Binary copies on the laptops (as planned);
  * Activation keys on a separate medium (as planned);
  * Full source code for GPL applications on the school servers;
  * Developer keys and any other information necessary to modify software
 on laptops in the future on a separate medium;

 I believe, and have been reassured, that distribution through separate
 channels (as planned) to the same location can qualify as "accompaniment."

 Updates, will need to include updated versions of source material but,
 under GPLv3, will *not* need to include additional copies of keys.

 Doing so will bring OLPC and all aspects of its proposed security system,
 regardless of how it is used or how and whether additional copies of keys
 are distributed, into compliance with the GPLv3. After satisfying the
 terms of the license in this way, OLPC will have no further obligations to
 provide developers keys which will enable it to withhold these from
 suspected thieves.

 Recipients of the laptops/source should be advised of their obligations to
 provide keys and source to any "downstream" recipients. They should also
 be instructed to keep keys separate from laptops and to take precautions
 to ensure that keys cannot be stolen with laptops.

 As a mark of good faith, OLPC should continue with its system to produce
 and distribute additional copies of keys and can continue with its
 implementation of an anti-theft plan that restricts the distribution of
 additional keys to those in legal possession of a laptop.

 The details of this plan should be discussed to ensure that it is executed
 in the spirit of OLPC's own commitment to free software but it can be
 explored without regard to concern over issues of GPL compliance.

 Because the anti-theft system will not be deployed for the G1G1 laptops,
 OLPC should feel free to pursue with source distribution under GPLv3 6(b)
 (e.g., with a written for source code) as planned.

-- 
Ticket URL: <http://dev.laptop.org/ticket/4286#comment:8>
One Laptop Per Child <http://dev.laptop.org>
OLPC bug tracking system

More information about the Bugs mailing list