Ubuntu, Firefox Under Fire – From the Inside
The brouhaha is nothing new to Open Source software projects. In fact, if there is ever a day when someone, somewhere is not screaming about bad decisions or better ways, then that's a day when progress isn't being made. The news that users were storming the gates at Canonical and Mozilla HQ, though, caught us a little by surprise.
The melee at hand has to do with End User License Agreements, those annoying little popups we've all seen which insist that we click accept to sell our souls and possibly our firstborn children to Satan or someone worse. Users of proprietary systems are particularly familiar, as nearly any proprietary offering with half a legal team behind it has one — Open Source users are perhaps a bit less so, if only because the only licensing agreement most of us ever see is the GPL.
As we understand it — and we're not lawyers here — the issue revolves around Mozilla's trademark policy. As anyone who has used IceWeasel will likely know, Mozilla has fairly strict rules about who is allowed to use the Firefox name and identifying symbols — not the code, mind you, just the marks that say to the user "You're getting the official Mozilla experience." One of Mozilla's well-known conditions on the use of its trademarks is the requirement (with certain exceptions) that anything being distributed as Firefox be the unmodified binary version released by Mozilla — anyone is welcome to make changes to the code (in accordance with the license), but if you do, you can't distribute the changed code as "Firefox." This makes perfect sense: Ubuntu is based on Debian, but it doesn't call itself Debian, because it's not; neither should an altered Firefox call itself Firefox.
So why the kerfluffle? Because the out-of-the-box version of Firefox, so to speak, includes and EULA — an EULA which was activated during the development of Intrepid Ibex. Users weren't happy about the sudden appearance of what has been described as an awfully non-open-sounding EULA when opening Firefox for the first time under Intrepid. Being the good, red-blooded Open Source users they are, as Ubuntu's users — and we suspect, probably some interested users from other distributions too — shared their concerns with Ubuntu/Canonical, in the form of a bug report where we understand grew quite heated. Many called for the elimination of the EULA — including eliminating Firefox along with it, if necessary — while others advocated alternative browsers including IceWeasel or Epiphany, as well as Ubuntu compiling its own version — which it has done, under the name "abrowser."
Chief Ubunt Mark Shuttleworth weighed in as well saying that Ubuntu/Canonical prefer to keep Firefox, and calling for users to share thoughts on how the two could come to an agreement. Mozilla Foundation Chairperson Mitchell Baker — also CEO of the Mozilla Corporation — announced yesterday morning that Mozilla had heard the people, and would be acting quickly. Posting on her blog, Baker acknowledged that "yes, the content of the license agreement is wrong" (emphasis hers), noting that Mozilla had prepared, but had not at that time distributed, correct language affirming user rights and highlighting the Open Source licensing involved. She went on to note that while presenting an accurate license might have caused less of a stir, the presentation of the license at all has "issues," which Mozilla is currently working to resolve.
Saying that Mozilla had "shot ourselves in the foot here," Baker committed Mozilla to fixing the issues with the license and its presentation, and inviting public input on that process. She also (later) posted a copy of the revised license, though a quick look at the comments there suggest the revisions may have done little to abrogate user concerns.
During an interview with InternetNews.com, Baker explained the licensing history in more depth, saying that "when we first shipped Firefox the idea of shipping Firefox under a binary source code license seemed odd so we created a EULA and we're now coming to the conclusion that is not necessary." She went on to say that the new license is intended to inform users of the software's Open Source license: "[D]ear end user you're using FOSS software and here are the open source licenses to look at." Comparing it to the notices included in GPL-licensed software, she rejected use of the term "EULA" as having the connotation of restricted terms, saying "we won't be doing that." Mozilla, she says, just wants "something, something to explain the license."
As of this writing, there doesn't appear to be a resolution — though we assume talks continue — and it's doubtful the matter will ever be fully resolved. However, Mozilla has managed to work out agreements with other distributions, including Red Hat, so there is at least some hope that when Ubuntu 8.10 hits the virtual shelves next month, Firefox will still be there.
Justin Ryan is a Contributing Editor for Linux Journal.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Server Hardening
- May 2016 Issue of Linux Journal
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The Humble Hacker?
- The US Government and Open-Source Software
- The Death of RoboVM
- BitTorrent Inc.'s Sync
- Open-Source Project Secretly Funded by CIA
- New Container Image Standard Promises More Portable Apps
- ACI Worldwide's UP Retail Payments
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide