Rocky Linux 提出兩個方法取得 RHEL 的 source code

在「AlmaLinux 與 Rocky Linux 看起來都暫時無解」這邊提到了檯面上目前沒有好方法穩定取得 source code 後,Rocky Linux 提出了兩個方法,在不需要同意 RHEL 的條款下取得 RHEL 的 source code:「Keeping Open Source Open」。

中間還有一些小插曲可以提一下,在社群不少抗議聲後,IBM & Red Hat 的 VP 出來直接說他們認為 RHEL rebuild 沒有任何價值,而且是故意讓 rebuilder 更難實作 RHEL rebuild:「Red Hat’s commitment to open source: A response to the git.centos.org changes」。

Ultimately, we do not find value in a RHEL rebuild and we are not under any obligation to make things easier for rebuilders; this is our call to make.

回到 Rocky Linux 的文章,他們提出來的兩個方法都是基於 GPL 的重要性質:如果你可以合法拿到 binary,那麼散佈者就有義務要提供 source code。

第一個方法是透過 RHEL 目前公開提供的 container image:

One option is through the usage of UBI container images which are based on RHEL and available from multiple online sources (including Docker Hub). Using the UBI image, it is easily possible to obtain Red Hat sources reliably and unencumbered. We have validated this through OCI (Open Container Initiative) containers and it works exactly as expected.

另外一種方式是透過雲端服務的 cloud instance 跑 RHEL:

Another method that we will leverage is pay-per-use public cloud instances. With this, anyone can spin up RHEL images in the cloud and thus obtain the source code for all packages and errata. This is the easiest for us to scale as we can do all of this through CI pipelines, spinning up cloud images to obtain the sources via DNF, and post to our Git repositories automatically.

這兩個方法都不需要同意 RHEL 目前在網站上的 TOS 與 EULA,而且短時間內應該不好防堵:前者要關掉的話,應該有一堆既有 RHEL 客戶在用會直接抱怨,真的要硬幹的話得給這些客戶時間從 public repository 轉移到要認證的 repository 上;而後者要堵的話,除非 IBM & Red Hat 決定直接不做雲端生意?

看起來 Rocky Linux 與 AlmaLinux 用這套方法可以撐一陣子,直到 IBM & Red Hat 想出新方法來搞?

Imgur 改變使用條款,把 Imgur 的圖片都搬回本機上

Hacker News 上看到 Imgur 的使用者條款改變的消息:「Imgur will ban explicit images on its platform this month」,在 TechCrunch 文章標題提到的東西對 blog 影響不大,反倒是公告裡面另外提到的事情比較傷。

Imgur 在「Imgur Terms of Service Update [April 19, 2023]」這邊提到了:

Our new Terms of Service will go into effect on May 15, 2023. We will be focused on removing old, unused, and inactive content that is not tied to a user account from our platform as well as nudity, pornography, & sexually explicit content.

所以很少被存取的內容也會有機會被移除掉,這導致一堆小的 blog 或是 forum 用到的內容也會爛掉。

所以決定先搬出來,掃了一下 WordPress 資料庫裡面的內容,把檔案先拉下來,弄個 CloudFront 擋在前面 (有 free quota 的關係),然後把資料庫裡面的連結整批換掉。

另外是新的內容要丟哪裡,所以用 PHP 寫了一個很簡單的 self-hosted image server,程式碼在 GitHub 上面可以翻到:「i.gslin.com」。

裡面除了 PHP 以外,也練了一下 javascript,收 paste 事件把 image/png 的資料用 fetch() 傳到 server 端處理。

現在功能還很陽春,但至少能開始用,之後再逐步加功能上去。等功能變多變複雜之後,可能會用 Composor 掛套件上去... 但現在還算簡單,一個 upload.php 處理所有事情就好。

Let's Encrypt 更新了 ToS

在「Let's Encrypt’s subscriber agreement changes on Sept 21 (letsencrypt.org)」這邊看到的,Let's Encrypt 有提供 diff 的內容,在「LE-SA-v1.2-v1.3-diff.docx」這邊,你也可以用 Google Docs Viewer 看:「LE-SA-v1.2-v1.3-diff.docx」。

看起來主要是用語上的改變 (可能是律師的建議?),除了 revoke 的章節外看起來沒什麼大變化。而 revoke 的章節部份增加了這兩段文字:

You warrant to ISRG and the public-at-large, and You agree, that before providing a reason for revoking Your Certificate, you will have reviewed the revocation guidelines found in the “Revoking Certificates” section of the Let’s Encrypt documentation available at https://letsencrypt.org/docs/ , and that you will provide Your corresponding revocation reason code with awareness of such guidelines.

You acknowledge and accept that ISRG may modify any revocation reason code provided by You if ISRG determines, in its sole discretion, that a different reason code for revocation is more appropriate or is required by industry standards.

不確定自動化的 client 需不需要重新再 accept 一次?

Atlassian 在 ToS 內禁止使用者討論 Cloud 產品的效能

Hacker News Daily 上看到的:「Atlassian Cloud ToS section 3.3(I) prohibits discussing performance issues (atlassian.com)」,引用的頁面是「Atlassian Cloud Terms of Service」這邊。

翻了下 Internet Archive,看起來在 2018/11/01 生效的版本就有這條了:「20181102013014」。

出自這條:

3.3. Restrictions. Except as otherwise expressly permitted in these Terms, you will not: [...]; (i) publicly disseminate information regarding the performance of the Cloud Products; [...]

這個條文已經生效兩年多了,不過我猜就是被大家批一批還是依舊...

這類條款類似於 OracleMicrosoft 在資料庫系統上面的條款 (可以參考「Is it against license to publish Oracle and SQL Server performance test?」這邊的回答),看起來除非從法律層級禁止,不然應該只會有愈來愈多公司納入這類條款...

Square 在使用條款裡禁止 AGPLv3+ 的軟體

雖然 AGPL 系列的確不是什麼好貨色,也的確有不少人批評過,但 Square 直接透過自家的平台服務攻擊 AGPLv3+ 就很稀奇了?

在「Square’s terms of service forbid use of AGPL-licensed software in online stores (squareup.com)」這邊看到的,公告的條款 (尚未生效) 是「Additional Point of Sale Terms of Service」這個站台,出自於這段:

B. Content Restrictions. In addition to the restrictions set forth in these Additional Product Terms, the General Terms and Payment Terms, you will not:

[...]

15. use, under any circumstance, any open source software subject to the GNU Affero General Public License v.3, or greater;

是直接指名而不是誤殺,不知道是發生什麼事情...

現在 Hacker News 上有些人猜測是律師團認為 AGPL 會反過來影響 Square 自己的程式碼也被感染?反正現在變成 PR 事件了,加上資訊也不足,先蹲著看...

dehydrated 0.4.0 的新要求

dehydrated 出 0.4.0 了,剛剛把 PPA for dehydrated 更新了,已經安裝過的使用者可以直接升級使用。

這次主要的改變在於建立帳號時必須先同意 Let's Encrypt 的使用條款:

dehydrated now asks you to read and accept the CAs terms of service before creating an account

這邊可以用 dehydrated --register --accept-terms 表示同意並且建立帳號。

法國法院認為 Facebook 條款違反消費者保護法令

在「France says Facebook must face French law in nudity censorship case」這邊提到法院認為 Facebook 的使用條款中要求必須在加州法院解決的條件,使得法國的使用者難以提出訴訟,違反法國的消費者保護法令而無效:

The Terms of Service add, "The laws of the State of California will govern this Statement, as well as any claim that might arise between you and us, without regard to conflict of law provisions.”

The appeals court agreed that Facebook’s Terms of Service were “abusive” and "violated French consumer law by making it difficult for people in France to sue,” according to the BBC.

引用的 BBC 報導可以在「Paris court rules against Facebook in French nudity case」這邊看到:

The Paris high court decided that the company's argument was "abusive" and violated French consumer law, by making it difficult for people in France to sue.

維基百科的使用條款更新,強制揭露利益衝突問題

維基百科昨天的使用條款修訂公告中,提到了「揭露利益衝突」的問題:「Making a change to our Terms of Use: Requirements for disclosure」,這份文件的最後方有簡體中文版的說明,對於看英文比較不通順的人可以先看中文版的說明。

在新版的「Terms of Use」裡面,有一個專門的章節「Paid contributions without disclosure」:

These Terms of Use prohibit engaging in deceptive activities, including misrepresentation of affiliation, impersonation, and fraud. As part of these obligations, you must disclose your employer, client, and affiliation with respect to any contribution for which you receive, or expect to receive, compensation. You must make that disclosure in at least one of the following ways:

  • a statement on your user page,
  • a statement on the talk page accompanying any paid contributions, or
  • a statement in the edit summary accompanying any paid contributions.

這段修正可以從「Difference between revisions of "Terms of Use" - Wikimedia Foundation」這邊看到完整的 diff。

這是對於「付費編輯」的反制:國外甚至有專門收費找人編輯維基百科的公司在運作 (可以參考 2013 年 10 月的「Wikimedia Foundation Executive Director Sue Gardner’s response to paid advocacy editing and sockpuppetry」這篇文章),這次在使用條款內直接增訂這一部份,將本來只是社群規範的項目變成直接上法院反制。

早該這麼做了,這件事情意義重大...

維基百科開始對公關公司反擊了...

維基百科對於針對維基百科條目「美化」的公關公司反擊了:「Wikimedia Foundation sends cease and desist letter to WikiPR」,PDF 可以在「2013-11-19_C&D_letter_to_WikiPR_from_Cooley.pdf」取得。

主要是以使用者條款作為依據,要求對方禁止對維基百科上的文章「美化」(像是移除負面的事實),不過看起來這種事情只會轉入地下,不會消失... :p