Subject: Re: up2date
From: Ian Lance Taylor <ian@airs.com>
Date: 27 Oct 2002 21:17:55 -0800

Tom Lord <lord@emf.net> writes:

> I'm curious about the legal structure of Red Hat's update services.

In order to use up2date, you need to sign up.  Here are the terms and
conditions which you sign up for:
    https://rhn.redhat.com/help/terms.pxt

  ``The Service may be used only for the benefit of the Customer and
    only for the systems with subscriptions.  Customer may not use one
    subscription for Services for more than one system concurrently.
    Any unauthorized use of the Service will be deemed to be a
    material breach of this Agreement.''

> Are subscribers legally bound to _not_ redistribute the service
> (perhaps via a P2P network)?  If so, how is that reconciled with the
> GPL?

Evidently the answer is ``yes.''

Note that the interesting part of the Red Hat Network (RHN) is mostly
in the RHN server.  I believe that the code is Red Hat
proprietery--it's definitely not widely distributed.  I'm certain that
the data is Red Hat proprietary.  The data is information like who has
signed up for RHN, and the set of RPMs which are being distributed.

The part of the code which runs on your system is the up2date client.
The code for that is available as a source RPM.  It's written in
Python, and it appears to be under the GPL.  However, the up2date
client isn't particularly useful without the RHN server.  And, as can
be seen above, use of the RHN server is restricted.

(Naturally, there is at least one effort to construct a free version of
the RHN server based on the RHN up2date client:
    http://www.biology.duke.edu/computer/unix/current/
)

Clearly if you obtain a GPL RPM using RHN, Red Hat will not prevent
you from redistributing it.  However, it does seem, based on the RHN
license, that if you make a habit of using RHN to fetch RPMs and
redistributing them to others, Red Hat would be entitled to cancel
your RHN service.  I don't see a GPL violation here--they don't
restrict you from redistribution, they just don't go the extra mile to
help you out.

As a practical matter, I doubt Red Hat would bother to cut anybody
off.  But obviously I don't speak for anybody at Red Hat.

> The reason for my asking is that it seems to me that, with the
> update-based model, RH is striving to implement vendor (or
> small-number-of-vendors) lock-in, at the cost of product quality --
> which would seem to be outright hostile to the promise of free
> software for empowering customers.  Redistribution is a _partial_
> solution that is easy to implement.

The up2date client does not provide vendor lockin as a legal matter--
only as a practical matter in that it's necessary to write the server
code yourself.  Once you've written that code, it becomes possible to
compete directly with Red Hat as an up2date server.

Ian