The recent Ubuntu Community Council marketing drivel about Mint … or how to put your foot into it with a run-up

Three days ago the Ubuntu Community Council released this document about the downstream distro agreement Canonical provides.

This is one of the worst documents i have seen released by the Council ever, it explains exactly nothing but tells you “Canonical is doing it right, trust them, we do too”. There is not a single piece of the technical background behind all this explained anywhere (while there is a lot to explain and if people read it they might even grasp why this agreement exists) or why it has nothing to do with licensing the ownership of anything to anyone, claiming debian copyrights, violating the GPL or any other such rubbish that gets claimed all around the net now. In this specific case i feel the Council has not done their homework … and why … oh why .. did you guys even have to put the word License into your headline at all. While the word might have some meaning to lawyers in this context, it must have been clear to you that this word will blow everything out of proportion .. the emphasis here needs to be that it is an agreement between both sides to protect the Mint users from technical breakage of their system …

So lets see if a proper technical explanation can probably calm the tempers a bit …

We’ll have to do some time travelling for this … come back with me to the year 2004 when a small developer team of less than 20 people grabbed the giant debian archive, made some changes to it, recompiled the whole thing and released it under the name Ubuntu.

Back then people read everywhere that this Ubuntu thing is based on debian and indeed when they found some third party packages built for debian (and not Ubuntu) they could sometimes even install them without breaking their system. Some people even went further and actually added debian repositories to their sources.list and were surprised to see their systems go up in flames.

Ubuntu packages aren’t at all the same as debian packages, Ubuntu might have made changes to some UI library where a binary symbol that offers the “draw rectangle” function actually draws an oval on your screen. Binary packages that were recompiled against this lib in the Ubuntu archive know about this change, binary packages from the debian archive that have been compiled against the debian version of the library will not know that, once they try to use the “draw rectangle” function, something unpredictable happens and the app falls over.

Today it is a known fact to most that you should not simply add a debian repo to your package sources, the info has spread across the net after 10 years, the generally established support answer if someone asks about adding plain debian binaries is “yes, you can and if you are lucky it even works, but if it breaks you have to keep both pieces”. The fact of binary incompatibility has caused lots of discussions and some anger on the debian side back then. “Why can’t you just do your work in the debian archive” was a question i remember hearing often from DDs back then. Ubuntu wanted to do stuff faster than debian and move ahead with some pieces. Debian is a rock solid tanker, it is gigantically big like a tanker but it is also as slow as one. Imagine that without Ubuntu doing this step things like developing upstart would not have been possible, imagine also that without Ubuntu moving forward with upstart and changing the init system there would most likely be no systemd today. Sometimes you need to move out of boundaries to get the whole thing to the next level.

Now lets fast forward back into presence again. Ubuntu has grown over ten years and there are many “in-archive” and also many “out-of-archive” downstream distros. It is facing something similar debian had to face back then. Downstream distros start to make changes out of the archive and provide their own binary packages for some bits. There is no problem at all with distros like Kubuntu, Xubuntu or Lubuntu here, their changes happen inside the Ubuntu archive packages in the archive will be linked against i.e. Kubuntu library changes. If it comes to the “out-of-archive” downstream distros there can indeed be the exact same problem that Ubuntu faced with debian back in 2004. These “out-of-archive” distros want to innovate the code, user experience or system design in a way that is either not appropriate for them to contribute back, or not appropriate for Ubuntu to take said contribution (because it breaks some existing functionality in Ubuntu or whatever). They feel they need to do their changes outside of the archive like Ubuntu felt back then with debian. Sadly these downstreams often enough do not have the resources to actually rebuild the whole archive so they start providing a mishmash of their re-done binary packages with the binaries from the Ubuntu archive which will leave you as a user with the same situation the early Ubuntu users.

For Mint you can find the list of changed packages on this page … you will see that for example libgtk is in the list, in case Mint decides to switch the “draw rectangle” function to actually draw triangles without bumping the ABI all Gtk apps that you use directly from the Ubuntu archive will possibly fall flat on their face. Users will be upset and blame either the bad Mint or the bad Ubuntu quality for their breakage. Now imagine what would happen if Mint decides to make any innovation of libc (like Valves SteamOS does very heavily with regard to debians libc), the library everything is linked against either directly or indirectly. Most likely the majority of original Ubuntu packages would just break and they would be limited to only use the packages listed in that linked document.

Lets do a short detour towards Trademarks now … Canonical owns the Ubuntu trademark, this means two things … one is Canonical can make money from it (yay, that luckily pays my salary so i can do paid work on my favorite OS all day !!!) … but that part is not involved in this agreement at all, nobody is asking Mint to pay anything. The agreement also does not mean that Canonical claims any ownership of any code from debian, violates the GPL or steals credit for any of the code in the Ubuntu archive.

Remember, I said owning the Trademark means two things … the second thing is that Ubuntu means a certain quality (be it good or bad is up to the beholder here, feel free to make your own judgement). If i install Ubuntu i can expect a certain level of quality and that the basic desktop largely works (yes, yes, i know there are enough bugs to make a lot of jokes over that statement). It also means that distros claiming to be “based on Ubuntu” inherit that archive quality of the binary packages. You can rely on the fact that the Kubuntu installer is using the same back ends and libs the Ubuntu installer uses for example. Bugs on the low level are shared and fixed for both. Now lets look back at the list of Mint packages and we will see that they provide their own “Ubiquity” package. I don’t know what changes are in there and I don’t know if it does not make the Mint installer completely incompatible to what Ubuntu, Xubuntu, Edubuntu or Lubuntu use, it will likely introduce different bugs and features into the binary resulting from that source. So this second part of owning the Trademark is about protecting the brand by guaranteeing a certain quality under this brand (which in turn indeed helps for the first part).

While the agreement with Mint kind of targets the second part here, it protects the reputation of Mint more than it does protect the Ubuntu reputation. It makes sure that Mint users will not have false expectations and that their systems will not suffer from technical breakage by Mint claiming it is 100% Ubuntu binary compatible … And while this whole agreement might technically be treated as License in front of a court (where it most likely will never go) IMHO the bigger info here is that there is an agreement between two distros to prevent Mint users from the same issues Ubuntu users faced back in 2004 with regards to debian. If this makes Canonical evil is up to you to judge, I personally think it does not and is a good thing for both sides in the end.

Please note that all the above is my personal opinion and should in no way be quoted as Canonical statement, I solely write all this as an Ubuntu developer independently of my employer (I would have written the same if i would work at Google and do Ubuntu development in my spare time). In case you want to re-share it on your news site, please get this differentiation straight !

About these ads

25 Responses to “The recent Ubuntu Community Council marketing drivel about Mint … or how to put your foot into it with a run-up”

  1. pleia2 Says:

    Thanks for taking the time to write about this in public. I hope you appreciate that while you have the benefit of saying your post is your personal opinion we didn’t in an official statement.

    It’s true, the statement lacked legal footing. We’re not lawyers, we’re not the copyright holder and though we spent 2 months discussing this, tracking down leads and talking to external parties (including a lawyer in the field), as an official body within the project I didn’t feel comfortable issuing a strong statement that would potentially have legal weight.

    I feel the Community Council’s role is to look into concerns by community members, do our research, communicate our thoughts to the community and then follow up with concerned parties about details as needed (indeed, some follow ups are “you’ll need to talk to Canonical Legal about that). Your characterization of “Canonical is doing it right, trust them, we do too” is not too far off the mark, but I don’t agree with the assumption that you should trust them too :) It’s more “Based on our research, we believe Canonical is on the right track so at this juncture we trust them.” As elected members of the community, our work and dedication to the project over the years is meant to lend credibility to statements from us. We love Ubuntu, spend a lot of our free time on it, and we looked into this for our fellow community members. This isn’t enough to make the sensationalist headlines stop, but I’m not sure we can anyway.

    • ograblog Says:

      Well, there is a lot of easily explainable technical background behind the agreement (one could have explained in one paragraph instead of a wordy post like i picked to do), what bothered me about the CC statement is that this bit was totally left out while an explanation could have defused the potential bomb here. I completely understand that you as a council can not really go into depth about Canonical legal stuff, but the legal bit was not my point. Mint does something that is IMHO not technically clever to their users and “Canonical offers Mint to sign an agreement to go on doing so (or to alternatively recompile the archive from source)”. I was missing such a statement that puts some minimal context into the text.

      • pleia2 Says:

        Fair enough, I have had to personally explain several times that they don’t recompile like Ubuntu from Debian and CentOS from Red Hat do (which seem to be prime examples being held up) and we probably could have without getting into too much scary legal stuff.

    • Jef Spaleta Says:

      I would encourage the community Council to review how Fedora handles the issue of trademark protection as it intersects with binary package use. There might be a packaging solution to the problem Ubuntu faces which makes it much easier for derivatives to avoid stepping on the Ubuntu marks.

      Fedora very deliberately tries to keep the trademark protected materials exclusively in the fedora-logo package. This is the one package that unlicensed derivative are told not to re-use if creating unlicensed derivatives which make use of existing fedora built binary packages.

      Fedora goes further and provides a generic-logos package which conflicts with fedora-logos, so that a derivatives developer can rely on generic-logos in the fedora packaging system in place of the fedora-logos package to meet any packaging system dependencies when building a derivative(like a livecd for example) using existing fedora built binaries. I believe fedora even provides a kickstart target that excludes fedora-logos and picks up generic-logos package as a template to further help such derivative developers do the right thing. The goal with all of this is to meet these derivatives developers half-way and to help them avoid accidentally branding their derivative as fedora in the scope of the trademark policy. The goal is to protect the marks, without hindering downstream devs from being able to fully make use of the copyrights they are afforded with regard to the binaries Fedora is building.

      At no time, since the introduction of the fedora-logos package, has there been an expectation from Fedora as far as I am aware that reusing existing binary packages built by Fedora, mixed in with other binary packages was completely disallowed. As long as the Fedora provided fedora-logos package (or its contents) was excluded from that derivative. It is allowed to rebuild and ship the fedora-logos package devoid of the trademarked material. Fedora derivatives are not compelled by trademark policy to recompile binary packages from source.

      Similarly, CentOS chooses to recompile the redhat-logos package, with the trademark protected items stripped and replaced with appropriate CentOS branding. CentOS could have chosen to use a centos-logos package instead to do the exact same thing. Either solution would have worked and its a matter of CentOS policy that decides how they strip out those marks. The packaging system sorts out the deps and the requires and the conflicts regardless of the package name.

      CentOS is not compelled by trademark policy to recompile from source. Since RHEL binaries are not publicly mirrored, recompiling from source is the most pragmatic option for CentOS. But I can’t stress this enough, CentOS has the option to ship a centos-logos (or other named package) instead of redhat-logos which conflicts with redhat-logos as an alternative approach. Potato, Potatoe.

  2. Dave Says:

    Jono and others made it clear that the licensing was so Mint can use the Ubuntu trademark so perhaps you are getting misinformation as to purpose.

    In fact Canonical wanted to charge Mint a fee.

    • ograblog Says:

      I am not getting any misinformation, since i dont know (and dont want to know) the exact text of the agreement. I also just heard after my post that Clem claimed there was actually a financial negotiation about $9 (yes, nine) which might or might not be true. My point is that there are valid technical reasons behind this agreement and that it has nothing to do with copyright assignments or re-licensing any GPL code. It is an agreement on mutual terms.

      • Michael Says:

        That’s quite kind of Canonical to protect Mint from their own breakage, but then, why did it have to be done in a private and non public way ?

        Shouldn’t Mint community and Ubuntu community be able to follow what is going on and this kind of stuff ?

      • ograblog Says:

        The Ubuntu community member in me fully agrees that this should have been more in the open, the employee in me knows that legal departments simply usually do not work this way.

      • Benjamin Kerensa Says:

        “I am not getting any misinformation, since i dont know (and dont want to know) the exact text of the agreement.”

        So your instead spreading misinformation by trying to tell the world why the license exists without having ever seen the text? That doesn’t make a lot of sense.

      • ograblog Says:

        If I would like to read legal texts i would have become a lawyer. But I’m a developer and i know the technical reasons behind what happened. In this area of expertise i made this blog post. If you want to discuss legal implications or details about the paper feel free to contact the people that have their area of expertise in legal stuff.

  3. andrewsomething Says:

    I respect everyone on the CC, but their statement really disappointed me was well. What you’ve explained makes the most sense, but this not made clear anywhere in Canonical’s Intellectual property rights policy or the CC’s response. The fact that no one can actually tell what the policy means shows that there are major problems with it.

    What does this mean for smaller derivatives? Should all Ubuntu derivatives be rebuilding the archive for themselves? While it might be feasible for a distro like Mint, there are many smaller projects that are essentially customized LiveCDs, maybe with a PPA on top. Answers to questions like that are what I was hoping to get from the CC.

    Anyways, dealing with technical issues through legal policy seems less than ideal. We should have better ways to deal with stuff like this than in Canonical’s intellectual property rights policy. For starters, we could improve our resources for derivatives (https://wiki.ubuntu.com/DerivativeTeam/Derivatives) to include best practices. We could also create something like Debian’s Derivatives Front Desk which, among other things, provides a mailing list for developers of Debian derivatives to interact with and ask questions of DDs and the creators of other derivatives.

    • pleia2 Says:

      The CC really can’t make any formal, blanket legal statement on behalf of Canonical about smaller derivatives. I doubt their lawyers would be keen on doing such a thing either.

      What I can say is based on discussions we believe Canonical does have interest of the community at heart, to protect the trademark for all of us. I don’t believe they will target smaller derivatives. We all love smaller derivative projects and want to encourage them. This is pretty much what we were trying to convey in the statement.

      Something like Debian’s Derivatives Front Desk would be cool.

  4. Jef Spaleta Says:

    So really… aren’t you just describing the complexity of relying on system libraries more generally? I mean.. adobe flash.. just as another example of an application…could get a bad reputation because of libraries Ubuntu provides are patched to do something crazy like draw triangles instead of rectangles. Didn’t ubuntu just tarnish the adobe flash trademark with its shoddy library patches?
    C’mon.. that’s a crazy.

    The argument as to library stability and quality as it interests with trademarks just doesn’t make any sense to me at all… or else every single high flying application… like flash… like skype… could hold OS vendors over he barrel and require them to negotiate a trademark license if the OS vendor allows users to find and install those applications.

    I really don’t see any difference in how Mint is pointing to the Ubuntu repos and how Ubuntu points users to Adobe’s site when installing flash via the deb repository packaging system.

    Does Mint use any Ubuntu marks in its advertising?
    Does Mint use any Ubuntu marks in the payloads of its installable or live images?

    If No is the answer to those questions, I just don’t see how Mint is running a foul of the Ubuntu trademarks if all Mint is doing is pointing users to pre-built packages distributed by Canonical and end users are making the choice to install that content.

    • ograblog Says:

      You got the thing backwards, Flash or Skype do use a certain version of a system lib (or come compiled static), they do not replace libs in the system. Whereas Mint does exactly that, they provide a patched version of a binary lib that other pieces of the Ubuntu archive are linked against in the Ubuntu archive at the same time. Could I take a RedHat CD, replace libc with my own patched version and re-sell it as fully RedHat compatible since I did not touch any Trademarked packages ?

      • Jef Spaleta Says:

        uhm I most definitely have both flash and skype and even acroread that require system libraries and are not static.
        ldd /usr/lib64/flash-plugin/libflashplayer.so
        ldd /opt/Adobe/Reader9/Reader/intellinux/bin/acroread

        And both of these binaries are provided by the application vendor.. in this case Adobe. And both end up linking against system provided gtk to further your example.
        So please… no.. I don’t have it backwards.

        Is Mint providing any install media which contains the Ubuntu trademarks? Is Mint doing any advertising that uses the Ubuntu marks? Is Mint providing any live media which contains the ubuntu trademarks? If you boot up any of the Mint live cds right not available on their site, does the system you boot up have on its filesystem the Canonical controlled marks?

        Mint isn’t reselling modified binaries as Ubuntu. Mint is selling modified binaries as Mint, and then gives Mint users the ability to supplement that with the Ubuntu repositories.

  5. Robert Schroll Says:

    Thanks for explaining the background so clearly. When I first heard about this tempest in a teapot, I figured that there was a simple issue behind it. But the vague and wishy-washy statement from the Community Council made me worried that Canonical was trying to pull something. It’s good to know that this is just the well-known trademark issue.

    Given that Canonical owns the Kubuntu trademark as well, this suggests that Jonathan Riddell doesn’t have the authority to make the statements about Kubuntu derivatives that he’s been making.

  6. Jo-Erlend Schinstad Says:

    Clememt Lefebvre is quoted as saying they were able to easily negotiate a price of a single-digit amount. If that amount is in dollars, then it’s $1-9. That’s symbolic, but symbolism can sometimes be very important.

    I’m not a lawyer in any way, but I do belive that I’ve read something about requirements that you have to actively protect your trademarks or you’ll lose legal protection. There are also special laws that kick in the moment there is economics involved. If you don’t charge anything, then there is no potential income, meaning no potential loss of income and, as a result, you don’t get the same legal protection. So in that case, the difference between $0 and $1 is the difference between False and True.

    I’m not saying this was the case here, but if it was, then it would not be unreasonable. Mozilla also actively protects its brands, and it’s not so much about finance as it is about protecting users from abuse from fake versions which could be detrimental to users privacy and security, etc. After all, anyone can easily create their own spins of Ubuntu and include whatever software they like. If the brand and trademarks are protected, then this is illegal. If they’re not protected, then anyone can do so and noone can stop them, unless the actions themselves are criminal.

    The requirement that spinoffs do not use the official logos, protects the Ubuntu users much more than it protects Canonical. This also means, of course, that all distros that wishes to use the official logos and other parts of the trademark, will be required to ask permission to do so. Good and honest distros can then benefit, while those who intends to abuse the brand, will have a more difficult time of it. That’s a good thing.

    • ograblog Says:

      Jef, see http://www.canonical.com/intellectual-property-rights-policy
      … specifically the last paragraph of point 2

      “If you need us to approve, certify or provide modified versions for redistribution you will require a licence agreement from Canonical, for which you may be required to pay. For further information, please contact us (as set out below).

      We do not recommend using modified versions of Ubuntu which are not modified in accordance with this IPRights Policy. Modified versions may be corrupted and users of such modified systems or images may find them to be inconsistent with the updates published by Canonical to its users.”

      This is only tangentially about trademarks or copyrights as i already wrote above …
      Try to imagine it as an insurance that canonical offers to downstreams if they want.

      “If you need us to approve, certify or provide … ”
      “We do not recommend…”

      (above it states that you need to recompile the source code to create your own binaries, and that this doesnt in any way change the rights existing licenses in the source grant you)

      • ograblog Says:

        oops, sorry, that answer was supposed to go to jef spaletas post above

      • Jef Spaleta Says:

        And I very specifically saying that such a banket requirement with regard to all software binaries in the aggregate collection is going to run afoul of the copyright licensing terms for some software. I fully expect the FSF to disagree with that policy as it applies to any software in the aggregate repository that the FSF maintains copyright over. I fully expect other copyright holders of other GPL software to also disagree with Canonical with regard to the additional restriction that the IP policy is putting on specific software in the archive. Be very careful about tredding on the garuntees expressed in the licensing of individual packages in the archive. I want to be very clear. I have every right to take the pre-compiled binaries offered under the terms of the GPL hosted on publicly mirrored software archives and re-use them in a derivative work without having to recompile them. Everybody has that right. The gcc packages Ubuntu rebuilds come with that right baked into the copyright licensing on which Ubuntu relies on to have the right to distribute binaries at all. Canoncial cannot take that right away from me or anyone else, simply because Canonical claims that doing so damages their trademark. Canonical would have to show that their trademarks are being used.

        You can write whatever fracking policy you want to write. It doesn’t mean its valid. The policy as applied to the entire aggregate collection is overbroad with regard to necessary action to protect any specific intellectual property rights, whether it be trademark, copyright, or patent rights. The fact that you moved to using Intellectual Property in the language is already a step backwards because IP is an amalgom, and whatever is valid for trademark is not automatically valid for copyright and vice versa. Lumping it all together into an IP policy document… causes confusion in itself. I fully expect the FSF to weigh in at some point in the next 6 months or so, as a copyright holder on software in the aggregate collection. I expect some of the more outspoken copyright holders with content in the kernel to do so as well. This is going to get really messy. This policy statement is going to burn up more good will.

      • ograblog Says:

        Not sure why this is so hard to understand for you, it explicitly states that this is not an enforced a requirement but a recommendation and that “if you want” you can get your stuff certified and approved for a fee.

        Anyway, as i told benjamin above already, I wrote this post to put some techincal background into the vague Community Council announcement. I am not a lawyer, I dont want to discuss law stuff, and i obviously dont read as much strange stuff into the IP page as you do.

      • Jef Spaleta Says:

        Actually… the paragraph you quote starts with “if you need” not “if you want” Who defines the conditions under which approval of modified items are “needed”?

        You can try to put a friendly spin on this, but because this impacts on legal issues, its going to get intense scrutiny. And not just from me, but from the FSF as well. This policy is not clear enough.

      • ograblog Says:

        So I will let the people that are paid for dealing with it deal with it. I trust that they know their profession, like they trust me to know my coding …
        I know that my code often enough has bugs and I will grant them that their work has bugs too. If the formulation is legally not correct the FSF (or you if you feel like it) should contact them and get it fixed.

        From technical views it simply makes a lot of sense to ask for recompiling the source if you change any of the underlying foundation for the binaries. I surely had to waste enough time on Mint bugs in the bugtracker that were caused by unexpected changes (and lauchpad has a lot of these).

        From a developer POV I would appreciate if it *was* legally possible to enforce this, simply because it leaves me more time to work on real bugs (and after all the Mint users would benefit from their fixes as well)

      • Jef Spaleta Says:

        Oh don’t get me wrong. I’m not arguing that what Mint is doing… makes any sense…or that its technically superior.. or higher quality.

        And I’m very sure upstream projects empathize with you, generally, as vendor patchsets that distributions apply to source code and then recompile tend to cause exactly the sort of time wasting and heartburn for upstream developers as well.

  7. Oliver Grawert: The recent Ubuntu Community Council marketing drivel about Mint … or how to put your foot into it with a run-up | Hi-tech news Says:

    […] Go to Source […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Follow

Get every new post delivered to your Inbox.

%d bloggers like this: