2007年6月20日 星期三

Linus戰FSF-part2

上一篇裡,我提到了Linus一直在Linux.Kernel裡與FSF的信徒論戰GPLv2筆GPLv3好的論點,其中一篇文章讓我非常同意,因此我在這邊擷取他的文章,並翻譯一下,讓大家了解Linus為何如此排斥GPLv3的原因(這篇算是Linus說得最明白直接的一篇):

Some people can be "bad" for the community. They may simply be disruptive
and not productive at all. They may troll the mailing lists without
actually ever doing something good, or they may do other "bad" things.

In fact, let's make it *very* specific: let's say that the bad person is a
cracker, and specializes in finding security holes, and writing exploits
for them, and selling those exploits to spammers.

Most of us might agree that that is a "bad" person for the community, no?

Now, by your own logic, let's look at what that means for the license.
Should we write into our copyright license that you cannot try to find
security holes? Would that be a good addition to the GPLv2?

Now, I stated that in a way where the answer is obvious: that would be a
*horrible* addition to the GPLv2. I think everybody can agree on that. It
would be really stupid to say "you cannot look for security holes" just
because *some* people who do it are bad.

Now, think about that for a moment, and then go back to your question
about whether Tivo is bad for the community, and whether being bad for the
community should mean that the license should be written to say "go away
and don't use future improvements to our software".

See where I'm trying to take you?

I think that even people who *do* think that what Tivo did was "bad",
should think very deeply about the issue whether you should try to lock
out "bad uses" in your license. Yes, the answer may be "yes, you should".
But I'm arguing that the answer _may_ also be: "No, you shouldn't, becasue
it turns out that you might lock out _good_ people too".

So in my cracker/spammer example, by trying to lock out the bad people,
the obvious (and _stupid_ - don't get me wrong, I'm not at *all*
suggesting anything like that should ever be done) license addition of
"don't expose security problems" actually just causes more problems than
it solves (if it solves anything at all - really bad people don't actually
tend to even care about the license!).

有些人對社群造成壞影響,他們可能只是搗亂且不事生產,他們可能只是看文卻不做好事,甚至只做壞事。
讓我們舉個極端點的例子:這個人是個鬼客(cracker),專找漏洞且寫一堆壞程式,甚至把壞程式賣給垃圾郵件業者作壞事。我們大部分都會同意這個人在社群中是個壞蛋,不是嗎?
現在用你(與Linus戰的FSF擁護者)的邏輯,讓我們看看你提到的那份許可證,我們該在版權許可證寫「你不可試著找出安全漏洞」,這對GPLv2是個好的新增條件嗎?我要說這對GPLv2真是個糟糕透頂的新條件,我想大家都同意。因為某些人作壞事所以就設下這樣的條件真是蠢斃了。
現在想一下,回到你聲稱Tivo對社群有害的問題上,難道對社群有害就應該在許可證上寫:「滾開,別再我們的軟體上做任何改進!」
清楚我想告訴你甚麼了嗎?
我想即使人們認為Tivo做的是壞事,也應該深思「要不要將別作壞事寫在許可證上」的議題,答案也許是「你當然該寫在上面」,但我認為答案也許也會是:「你不應該這樣做,因為這樣搞你也會把好人排拒在外。」
所以上面的例子裡,如果你試圖阻擋壞人,這個加在許可證上的條件:「不可嘗試找出安全漏洞」解決了一些問題,但是製造更多問題!(就算他解決了任何問題,真正的壞蛋才不管許可證寫些啥東西!)

我相信這是Linus對GPLv2為何優於GPLv3最主要的論點,GPLv2容許tivoization,而將此行為訴諸市場決定,而不像GPLv3在許可證以道德標準封殺。

1 則留言:

shelandy 提到...

魚幫兔老弟:

這兩篇文是今年目前為止我見過最棒的。固然Linus 老大寫的好,一語中的。不過您的整理也功不可沒

其實我有在想,其實開放軟體大環境劣幣驅逐良幣的關鍵在於良幣太少,而不是劣幣的存在。

我有打算弄個開放軟體新聞獎,丁丁獎跟噹噹獎:
丁丁就是給那些主流媒體"人才"製造出來的,如我評的這篇
http://shelandy.blogspot.com/2006/04/blog-post.html#links
噹噹就是給那些真的能震聾發聵的新聞,像您這兩篇。

還在評估中,希望您繼續加油

PS.(我可以猜到魚幫兔的由來,不過"企鵝幫魚"是不同的人,還是純粹對仗工整而已?)