Hacker News new | past | comments | ask | show | jobs | submit login
The Fedora Project Remains Community Driven (theevilskeleton.gitlab.io)
86 points by 6581 on Sept 30, 2022 | hide | past | favorite | 70 comments



> For example, Gentoo Linux, another community driven distribution, cannot and will not redistribute proprietary software at all. And this is not something that can be voted on, but must be complied with. This doesn’t mean that Gentoo Linux is not community driven whatsoever; it only means that it’s legally bound

This is quite a poorly chosen example since Gentoo will not ship binaries period. To this day I don't think there is an official host for binary packages (binhost).

Gentoo happily ships automated build instructions for all types of patent-encumbered (see USE flag "bindist") and even proprietary software (in which case it's more like "download instructions" rather than build). bindist USE flag is enabled by default since without it even OpenSSL is crippled.

i.e. your Gentoo box is likely to play H264/H265 out-of-the-box, at least once you get to rebuild the codecs as part of the normal setup.

I think this is an important point because the entire argument smells wrongly. There is an evident scale of distros that are more "deadly afraid" of software patents vs distros that simply don't care, and it is common knowledge that Fedora is practically leading the "afraid" side. Gentoo is nowhere near close. Even Debian/Ubuntu is a bit more towards the don't care side (albeit not by much). Their stance with e.g. the openSSL EC patents comes to mind: Fedora decided to cripple OpenSSL here (hobble_openssl patchset) but Debian did not.

So it's obviously untrue that the response of the distro comes dictated by some magical all-knowing law entity. Interpretation of the law is an open topic (until tested in court) and thus can be subject to community vote.


> > For example, Gentoo Linux, another community driven distribution, cannot and will not redistribute proprietary software at all.

> This is quite a poorly chosen example since Gentoo will not ship binaries period. To this day I don't think there is an official host for binary packages (binhost).

This is incorrect. The original statement by the blogger, though a bit ambiguous, is technically entirely correct.

While shipping binary packages is not the norm for Gentoo, some binary packages are available and Gentoo absolutely does provide and redistribute a selected number of binary packages (not as binhost but as ebuilds). Examples including firefox-bin, icedtea-bin, chromium-bin, or pypy-bin. The tarballs of these binary packages are built by Gentoo developers and hosted on the official Gentoo servers and mirrors.

On the other hand, the official Portage package manager also has many proprietary software available for installation. But in this case, only the ebuild script can be hosted, putting the actual tarballs on official Gentoo servers and mirrors is strictly prohibited. Only the raw upstream source can be used. A common example is Google Chrome. Another peculiar one is Oracle JRE/JDK - for a long time, the Gentoo ebuild was not even allowed to automatically download Oracle Java. Instead, the ebuild asks the user going to Oracle, agreeing with the license, and downloading it manually and putting it into Portage's cache. All because of legal requirements that must be obeyed by Gentoo.

This is what the author mean by Gentoo "cannot and will not redistribute proprietary software at all".


> The original statement by the blogger, though a bit ambiguous, is technically entirely correct.

Still, it is misleading at best. First, because the entire contention is from open but patent-encumbered software (codecs) rather than outright non-distributable binaries. And second, because I'm assuming these *-bin packages are the exception, rather than the rule (e.g., same as the Gentoo LiveCD contents), so it's malicious to point it as an example of anything.

Gentoo is still (mostly) a source-based distribution, and when you finish the default install, you end up with a system that contains patent-encumbered software and can play/encode H264 out of the box. And render Truetype points, etc. IANAL, but it is dubious that the patent owner would make a difference based on whether the system was distributed as binaries or as "source code + automated build scripts", but apparently that is what the distro decided.

A much better example for the article to use would have been SuSE, which, despite being set in Europe, practically follows Fedora's reluctance to ship patent-encumbered software to the letter. In fact, SuSE has already followed Fedora on the choice to cripple Mesa (which is what triggered TFA).

But even choosing SUSE as an example would (conveniently) leave a big elephant on the room: Ubuntu. While perhaps not in the default install, Ubuntu is literally one click away from giving you access to all kinds of patent-encumbered software (via a prominent checkbox visible on the first dialog of the setup program, not a 3rd party mirror or anything). And as mentioned, even Debian is not as much on the "afraid" side as as Fedora is.

So different distributions do have different interpretations/responses to the same law in the same jurisdiction, making the entire "Law Compliance Cannot Be Voted" argument easily proved wrong. Heck, even the different distros' legal teams often give different advice...


> And render Truetype points

IIRC it's ClearType that have (at the time, they're expired now) patent issues, not TrueType. While there were patents for TrueType, it's not intentionally enforced.


No, it's really TrueType. Font hinting. I don't know if the patents were not enforced at all, but it was a headache for many years since many distros would cripple truetype renderers. Never used cleartype or any type of RGB subpixel rendering since it prevents rotating the displays.


> Even Debian/Ubuntu is a bit more towards the don't care side (albeit not by much). Their stance with e.g. the openSSL EC patents comes to mind: Fedora decided to cripple OpenSSL here (hobble_openssl patchset) but Debian did not.

I remember Ubuntu also causing a bit of a stir when they announced that they were going to add an option to their installer to allow users to use ZFS (which is considered to be licensed in a way incompatible with Linux although not closed-source). Most things I read about it at the time seemed to predict that they would not get away with it, but I don't think I ever heard anything about it again afterwards (although I don't personally use Ubuntu so I don't know if they did in fact go through with it or if it's still included in their installer today).


> although I don't personally use Ubuntu so I don't know if they did in fact go through with it or if it's still included in their installer today

It is. And it is interesting, and promising, that Oracle hasn't sued them; whether that's because Oracle somehow hasn't noticed (or their legal arm hasn't, anyways), doesn't care (read: can't see the profit), or actually thinks it's above board, I couldn't say.


What surprises me the most about the fact that Oracle apparently is fine with this is that they could very easily have just updated ZFS's license (or add an alternative alongside the existing one) to make it fully compatible with Linux at any point since getting ownership of it through their Sun acquisition. It seemed like an intentional decision not to do so, but I guess it is possible they somehow have been oblivious to all of this the entire time.


Oh, yeah, that whole thing is maddening. Oracle is a major user of Linux; they could have just made the ZFS code properly, formally GPLv2 compatible and merged it in and overnight have an amazing storage system in OEL. Instead, they just... sat on it. Ugh.


I imagine they sat on it, so that if they needed to strongarm someone using it.. they could. Red Hat would be their immediate target to bend over.


> but I guess it is possible they somehow have been oblivious to all of this the entire time.

It's possible their licensing lawyers have a long todo list and researching what to do with Ubuntu is not the highest priority yet. It took them quite a while before they started contacting companies about the virtualbox extensions usage.


Or, much more likely, they face the fact that they have no leg to stand on, which was intentional in CDDL design from the get go.

Any licensing challenges regarding ZFS in Linux come from GPL people lawyering about derivative code and whether it applies.


Oracle ZFS and OpenZFS by now are separate things and Oracle changing license from their proprietary one to another wouldn't impact OpenZFS.

Remember, Oracle changed their license back to proprietary closed source.


Yeah. ZFS on root is the primary reason I'm still continuing to use Ubuntu.

Hopefully the Kubuntu installer decides to incorporate it at some point, so I can just use that for desktops instead of standard Ubuntu with KDE installed afterwards. :)


My understanding was that, by bundling zfs and linux, you would be infringing on GPL and not on CDDL. Isn't it? If that's the case, Oracle wouldn't be able to sue them, that would be up to the linux developers.


And that depends on whether you can prove that the CDDL code is derivative of GPLv2 code.


> Law Compliance Cannot Be Voted

This isn't the end-all-be-all statement the authors think it is.

Law compliance can be voted, a community can absolutely decide not to follow a law and do illegal stuff with their software. Of course, then they get shut down by the legal system and the entire community faces consequences up to possibly jail, including the maintainers who didn't agree to the decision...

but this is not Fedora definitively breaking a law which will hurt the maintainers. This is Fedora fighting against a patent troll which will cause a big legal hassle and then back off.

I imagine the devs just don't want to pay for lawyers or don't have the funds, because you know, open source doesn't generate revenue. That is what they should've said: "we are doing this because the alternative is getting sued and we don't want to pay for a lawyer? Do you (the community) want to pay for a lawyer?" Maybe some think this message is rude but I like it, it actually puts this situation in the hands of the community.


>faces consequences up to possibly jail

When did software patents become a criminal matter ? The issue exists entirely because Fedora is inextricably tied to RedHat. Also, I would hope that at the very least, if you do not know enough about it, at least don't fear monger. This type of language is not much better than "you wouldn't download a car."


It depends on the jurisdiction. Patent infringement can be a criminal matter in Germany, for example. As far as I can see, this may also apply to non-commercial activity. (Not that there are many sustained activities conducted over the Internet German courts would consider non-commercial, a profit motive is usual not required.)


> Patent infringement can be a criminal matter in Germany, for example.

Can you link to anything related to this?


§142 PatG https://www.buzer.de/s1.htm?a=142&g=PatG

English translation: https://www.gesetze-im-internet.de/englisch_patg/englisch_pa...

Patents aren't special in this regard in Germany. Copyright violations, trademark violations, and unauthorized disclosure of trade secrets are criminalized as well. So at least it's consistent.


You can remove the patented code path or you can get sued and remove the code path after paying a lot of money.


Patent trolls lose a notorious fraction of the cases that are brought to court. They make up for it by being cheaper than going to court.


Depends on which jurisdiction you're in, no?


Fedora is in the US (and it isn't easy for them to just leave).


> Of course, then they get shut down by the legal system and the entire community faces consequences up to possibly jail

Or potentially nothing happens because in these cases the law in question is often US law and not everyone is subject to US jurisdiction.


>This is Fedora fighting against a patent troll which will cause a big legal hassle and then back off.

For a patent troll sure, but what makes you think Fedora will win for a codec that from its inception has been explicitly nonfree?


> as long as you comply with US laws (unfortunately) and the Fedora Code of Conduct.

This is it, I'm not in the US, many aren't either, so why shall I suffer the consequence of such decisions.

Note sure if it's feasible to have a none-US build whilst based in the US.

But for the time being it's over for me, I've been using Fedora for years and recommending it to friends and family, despite the RPM fusion required after initial setup, but not anymore.

Let's see how welcoming Arch is.


Yeah.. Fedora was pretty nice, but this... is just silly. I myself ended up going to Arch (Really nice for gaming), then Gentoo, and ultimately settled on NixOS


I might, too, as a long time Fedora fan, move to Arch for this. I wish they’d used their IBM/Redhat position and money to fight patent trolls in court with an attitude of: “come at me bro”. And until sued /lost don’t do anything.


> money to fight patent trolls in court

It's a shame that they at least don't want transfer the project to a Fedora association in Europe (zapsaný spolek in Brno) and legally insulate it. This just goes to show how much they care about community.


(Why is Arch nice for gaming?)


Mainly because of how easy it ks to install steam, mesa-git, and latest kernel. Back when I had Nvidia card, Arch also was least painless when it came to the drivers for some reason, alongside gentoo. AUR was certainly useful with getting game related stuff that wasn't in repos or so


Broadly speaking it is basically the export of culture and ideology. Sometimes that is a good thing, unfortunately this has recently been shifted way too far to one side.

And if you look carefully, it isn’t just one project either, it is current, predominant, majority, vocal norm in US / Tech / Silicon Valley.


This affects Europe too. open SUSE did the same thing.

Other distros continued used became they might be too small to sue. https://twitter.com/spotfoss/status/1575885891922690048


Germans are conservative. I wouldnt call them representative of European legal environments.


To use it*

Mobile keyboards suck.


In what way are US laws a problem? Do you mean subjects like reverse engineering provisions or patent trolls? edit: Okay yes, so its mainly talking about patent trolls. It may be cold comfort but I think it could have been worse, there are much worse countries to be based in.


The patent troll lost the case against gnome. Or rather, they've settled on not prosecuting either gnome or any other project with an OSI approved license. So, it's very likely that their patent was not even valid. If gnome had acted the same way as fedora, they'd pre-emptively remove shotwell or remove some of its features.

The community can choose to take risks, such as being prosecuted by a patent troll. For example, insurance can funded by the community.


ummm they clearly own the patents to these codecs.... countless companies are paying licenses for these... this is really different to some vague patent troll stuff gnome lawsuits over.


Huh. That's surprising to begin with; Fedora is RHEL's upstream, so I just assumed Red Hat was running it. If people wanted to change Fedora in a way that was counter to RH's interest, would it really go through?


Disclaimer: Former Red Hatter

Yes, as long as it was in the best interest of the Fedora project. A recent example IMHO is the change of default filesystem to btrfs. From Red Hat's perspective a default like XFS or stratis would be better as it would provide more testing/adoption for their recommended RHEL uses. Another might be the creation of a Fedora Server variant which isn't really in the interest of Red Hat.

If there were something good for Fedora that would really hurt Red Hat, I wouldn't expect it to happen, but I can't think of anything that wouldn't also be bad for Fedora. Maybe a Fedora LTS version, but there are other already extant options to address that market so I don't see a need there. I would like to see a Fedora LTS kernel version though that behaved more like Ubuntu's.


> Another might be the creation of a Fedora Server variant which isn't really in the interest of Red Hat.

By that, you mean another server variant than the one day, right? https://getfedora.org/en/server/download/


No, that's the one I was referring to. I was saying the creation of that was not in the interest of red hat, but it happened anyway


Fedora Server was created originally to be the upstream for RHEL's server configuration, but Red Hat lost interest very early on, so it drifted away from that.

Red Hat doesn't generally invest in any Fedora deliverable except Fedora CoreOS and Fedora Workstation these days. All Fedora deliverables are community driven and community controlled.


> Fedora CoreOS and Fedora Workstation

Those seem to me to be the bulk of the work going into Fedora, is that incorrect?


Fedora Cloud and Fedora KDE get a lot of work. But since Red Hat doesn't care about them, there's not as much incentive to highlight what they're doing.

But Fedora Cloud is an Edition again in Fedora 37, and Fedora KDE continues to tick along quite nicely.


I don't know much about Fedora, haven't run it in years. But there are quite a few open source projects that are effectively dominated by RH employees. In a few that I've had interest in, it was pretty clear the direction was being project-managed by RH.

I think they've learned to try to keep it subtle, but they wield a lot of power in the open source world, not just via their distributions and direct contributions.


I've found that every major controversy in Linux can be traced to someone working in redhat or someone working in microsoft.

It's uncanny.


I suppose the more charitable way to look at it is that groups like Red Hat (and now Microsoft) are the ones interesting in paying the people looking to do that work. Which is not to say it doesn't give them a lot of sway, but there's also only so many volunteer hours and you'll inevitably get more work done than others if you're getting paid to do it 40+ hours a week.


It's definitely part of it, the fact that they are major contributors makes their work much more visible. There's some amazing contributions from Redhat employees like Pipewire. They are one of the only companies investing into Linux as a desktop os and, personally, I do appreciate that.


Is there a complete list? I can think of systemd.


> so I just assumed Red Hat was running it. If people wanted to change Fedora in a way that was counter to RH's interest, would it really go through?

No, legally it's all Red Hat et al

Fedora Project isn't an association in the same way Debian is, it is in house project of Red Hat. Look at what happened to CentOS, in the same vein they can steer it however they like.


Yeah, I didn't write it in my first comment but I was very much thinking of the "Community" Enterprise Operating System and where that went when I wrote it. It can be Red Hat's or the community's, but in the end it can't be both.


title should be amended to read "so long as IBM is feeling generous." redhat managed to torpedo centos at the drop of a hat, so I have little faith they won't eventually come back to the table for seconds and find a way to make fedora miserable.


The thing is, IBM/RH benefits from the community having at least the illusion of control, because then RH can ride off of other people contributing work and testing for free to Fedora, which then gets nicely packaged into RHEL and sold. If they squeeze hard enough to make the community drop Fedora then they have to do all of that work via people they actually pay to work on the product.


tbf fedora is a nice distro if you want to be near the bleeding edge but not bleeding and don't mind updating often (every 6 months or so). I prefer arch but not everyone wants to be bleeding all that much.


Yeah I like it when grub works ;)

Kidding aside, I recently tried Fedora for the first time in years and it's been great. I wanted a newer kernel for the 12th gen chip in my Framework laptop, and loading a custom kernel (at least in the Debian-based distros I'm familiar with) is a total pain when you have LUKS encryption enabled.

Gnome+Wayland has come a long way as well and things seem quite polished.


Fedora was pretty bad in my experience. Every major upgrade was a mess and left things in some sort of partial state. Had to reinstall everything to get a smooth experience again. Yum corrupted its own package database once. Do they even use it anymore?

Arch Linux has been perfectly stable for years on my laptop.


Fedora has been using dnf for at least a few years. I used Fedora as a primary laptop OS before I stopped using Linux for $reasons at around Fedora 32. I can’t remember any particular issues updating as long as you kept within the supported update window (2 versions back IIRC). If I were to switch back to linux again, I’d pick it up again.


I've in-place upgraded Fedora about 5 times (usually doing more than one version at a go) on my main PC and never had to reinstall more than a package or two. There may have been minor breakage a few times, but I've never had a major issue.


>This is mainly a volunteer effort, as the majority of us contributing to it are unaffiliated with Red Hat and unpaid developers.

Is that true? Looking through the list of project/repo owners, so far all the ones I can find that have any sort of listed affiliation are affiliated with redhat. It's pretty clear that redhat has a strong influence over this project.


This post only reinforces the original accusation. If you read between the lines, it looks like somehow Fedora was allowed not to "comply with the law", then IBM took over Red Hat and they are afraid someone will sue IBM over Linux again. That's fair, of course, but it's hard to say the distro is "community driven".

Also, why should it be? The whole point of Fedora, from the point of Red Hat (before the split into Fedora and RHEL) was to use the community to test features that would end up in RHEL. Why should they outsource control over the project to someone else? It makes no business sense. They maintain the distro, many outside volunteers help, too, but it's clear who makes crucial decisions.


The headline is pretty misleading. It suggests that there was some kind decision covering being a community or not.

No such decision was even debated. It's all about codecs and legal risks.


People asked that the community driven text be removed from the website.


Then the title should be "Fedora continue to call themselves community driven"

There was no discussion about the governance model.


Pardon my lack of understanding, but is software like VLC at risk for being sued as well?


En France? Non!

https://www.videolan.org/legal.html

> Patents and codec licenses

> Neither French law nor European conventions recognize software as patentable (see French section below). Therefore, software patents licenses do not apply on VideoLAN software.

> NB: libaacs is not shipped in VLC.






Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: