[sf-lug] Red Hat Linux source code brouhaha?

Mon Jul 3 09:07:06 PDT 2023

Thanks much for the background and info to date on this thread (
http://linuxmafia.com/pipermail/sf-lug/2023q3/thread.html#start ) :-)

Seems that just this very weekend, DistroWatch made a stab at addressing
the ongoing issue at its 'Questions and Answers (by Jesse Smith)
Red Hat changing its approach to sharing source code' ;
https://distrowatch.com/weekly.php?issue=20230703#qa

--

Quoting Rick Moen <rick at linuxmafia.com> from
http://linuxmafia.com/pipermail/sf-lug/2023q3/015867.html :
> As to the effect on Rocky Linux and similar, and the
> scope of restriction of access to RHEL matching source
> code, perhaps Greg Kurtzer will speak to that?

Late last week, the Rocky Linux Project put out its own news release
'Keeping Open Source Open' at
https://rockylinux.org/news/keeping-open-source-open/ mentioning the use
of UBI container images and pay-per-use public cloud instances in its
tentative roadmap going forward.

Quoting more extensively from this Rocky Linux news release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
... Red Hat’s Terms of Service (TOS) and End User License Agreements
(EULA) impose conditions that attempt to hinder legitimate customers from
exercising their rights as guaranteed by the GPL. While the community
debates whether this violates the GPL, we firmly believe that such
agreements violate the spirit and purpose of open source. As a result, we
refuse to agree with them, which means we must obtain the SRPMs through
channels that adhere to our principles and uphold our rights.

The latency of this status update has been due to our desire to balance
the needs of the community and technical requirements, with the challenges
to open source and community principles that Red Hat has created.
Fortunately, there are alternative methods available to obtain source
code, and we would like to highlight two examples:

One option is through the usage of UBI container images which are based on
RHEL and available from multiple online sources (including Docker Hub).
Using the UBI image, it is easily possible to obtain Red Hat sources
reliably and unencumbered. We have validated this through OCI (Open
Container Initiative) containers and it works exactly as expected.

Another method that we will leverage is pay-per-use public cloud
instances. With this, anyone can spin up RHEL images in the cloud and thus
obtain the source code for all packages and errata. This is the easiest
for us to scale as we can do all of this through CI pipelines, spinning up
cloud images to obtain the sources via DNF, and post to our Git
repositories automatically.

These methods are possible because of the power of GPL. No one can prevent
redistribution of GPL software. To reiterate, both of these methods enable
us to legitimately obtain RHEL binaries and SRPMs without compromising our
commitment to open source software or agreeing to TOS or EULA limitations
that impede our rights. Our legal advisors have reassured us that we have
the right to obtain the source to any binaries we receive, ensuring that
we can continue advancing Rocky Linux in line with our original
intentions.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-A