Policy on BUILD_PATENTED

Daniel Golle daniel at makrotopia.org
Tue Aug 11 07:43:05 EDT 2020


On Tue, Aug 11, 2020 at 01:07:59PM +0200, Alberto Bursi wrote:
> 
> On 11/08/20 12:42, Caleb James DeLisle wrote:
> > 
> > 
> > On 11/08/2020 02:30, Mauro Mozzarelli wrote:
> > > On 10/08/2020 10:08, Adrian Schmutzler wrote:
> > > 
> > > > > -----Original Message-----
> > > > > From: openwrt-devel [mailto:openwrt-devel-bounces at lists.openwrt.org]
> > > > > On Behalf Of Mauro Mozzarelli
> > > > > Sent: Montag, 10. August 2020 10:36
> > > > > To: openwrt-devel at lists.openwrt.org
> > > > > Subject: Re: Policy on BUILD_PATENTED
> > > > > 
> > > > > On 09/08/2020 12:44, Bjørn Mork wrote:
> > > > > > Mauro Mozzarelli <mauro at ezplanet.org> writes:
> > > > > > > On 09/08/2020 03:35, Henrique de Moraes Holschuh wrote:
> > > > > > > 
> > > > > > > > I believe OpenWrt should not even *consider* placing its umbrella
> > > > > > > > organization(s) -- which are based on the U.S. -- in legal risk
> > > > > > > > without at least contacting them first and getting their approval.
> > > > > > > > 
> > > > > > > > Has anyone asked SPI about it yet?
> > > > > > > Who/What are these "umbrella" organizations? What is their
> > > > > > > relationship with OpenWrt?
> > > > > > This is answered by the FAQ:
> > > > > > https://openwrt.org/faq/general
> > > > > > 
> > > > > > > And what is the "legal risk"?
> > > > > > I guess that's the question you should ask the SPI.
> > > > > > 
> > > > > > This is not a technical or a political discussion.  It's about not
> > > > > > putting your friends at unnecessary risk, even if they happen to live
> > > > > > under some regime you don't like or respect.
> > > > > > 
> > > > > > 
> > > > > > Bjørn
> > > > > Although I respect other's opinions and rules, I do not
> > > > > think it is right to limit
> > > > > everyone's freedom, just to appease some.
> > > > That's why we allow you to use BUILD_PATENTED and not just
> > > > remove that stuff entirely.
> > > > 
> > > > > If there is a minority who is unable to use parts of this
> > > > > software, we can make
> > > > > it easy for that minority to be able to strip those software
> > > > > components (or
> > > > > they can propose and implement changes that achieve that
> > > > > themselves), but
> > > > > in no way limit or prevent everyone from making use of it.
> > > > But still, OpenWrt as a project/organization in embedded in an
> > > > environment it has to care about.
> > > > And that of course includes caring about the interests of
> > > > important stakeholders (or at least ask them about those), and
> > > > not make our decisions based on how we would like the world to
> > > > be.
> > > > 
> > > > I think Bjørn put that in a nutshell nicely.
> > > > 
> > > > Best
> > > > 
> > > > Adrian
> > > 
> > > Citizens of the European Union are major contributors to OpenWrt and
> > > other Open Source projects, The European Union, after several years
> > > of debate. listened to its citizens, not corporations, and has put
> > > into law that freedom from software patents that allows us all to
> > > contribute to the community without fear of litigation nor
> > > constraints imposed from monopolistic organizations.
> > > 
> > > The EU and its citizens are too important stakeholders. EU law, and
> > > EU citizens' will must too be respected.
> > > 
> > 
> > I'm not a contributor or serious user so take my words with as much salt
> > as you please, but I think it is worth noting that decisions like this
> > play a big part in establishing what is considered normal.
> > 
> > The unlicensed use of cryptography is strictly illegal in countries such
> > as Iran and Cuba, but I know of no FOSS project which even considers
> > forgoing cryptography in order to comply with such rules.
> 
> 
> Afaik the main problem is just the USA and its litigation-friendly legal
> system that could allow someone to hurt OpenWrt infrastructure in USA (like
> the SPI as others mentioned).

Also seems like this is not a binary decission but rather a quite
complex field. For example, Debian does provide ffmpeg, even as part of
their main repository and also from US-based mirror sites. However,
they do not provide libdvdcss as even just redistributing that 2kB
library would be a violation of the DCMA (remember: people printed the
deCSS sourcecode on T-Shirts to protest against that crazyness). So to
distribute libdvdcss binaries there is debian-multimedia, a seperate
project and it's based in France afaik. Anyway, I'm not aware that we
are shipping anything which could be relevant for DCMA (apart from GDB
or hexdump, which are obviously also useful to circumvent copyright
restrictions and are hence illegal hacking tools if DCMA was taken
serious). Afaik even the dvbcsa package (which may have triggered that
whole debate) doesn't fall into that cathegory (shipping newcamd or
anything which allows cardsharing probably would, though that by itself
doesn't contain any crypto or patented stuff). And that's all related
to DCMA, not to software patents.
Maybe we will need CONFIG_BUILD_DCMA and for sure have that disabled by
default and big fat warning next to it. Can be that the package
Makefile (container URL and PKG_HASH) can already be seen as a DCMA
violation by itself if you encounter the wrong judge though...

>From my understanding, software patents mostly matter for product
makers which include software on their hardware.

Example:
Android SDK also contains **tons** of patented stuff, all sorts of
Audio and Video codecs but also really abstract patented features not
even covered by any specific individual software package. (that's the
stuff Samsung, Apple and Qualcomm or fighting over again and again each
season)

To me it looks like distributing that software without any prior
agreement is ok, but shipping a ready-made **hardware** product which
includes it would require an agreement. It's hence up to the device
makers to comply with laws of their target markets (and metadata
provided by software distributions can be a great help for that, but
also not more than that).


> 
> OpenWrt has no infrastructure in Cuba or Iran or even China so if we are
> violating their regulations there is nothing they can do about it.
> 
> -Alberto
> 
> 
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel



More information about the openwrt-devel mailing list