Phoronix: The ZFS Linux Module Goes Into Closed Beta
We reported last month that a native ZFS module was coming to Linux and would be released in mid-September. Rather than using ZFS-FUSE that runs the Sun/Oracle ZFS file-system under the FUSE module so that it lives outside the Linux kernel (and runs rather slowly as our benchmarks show), this new ZFS module is native to Linux and open-source but due to the CDDL license it's being distributed as a module and will not be included in the mainline Linux kernel. This module has now entered a closed beta testing process...
Michael: Your benchmarks are flawed. zfs-fuse runs at virtually platter speed and can keep up with the best of them. There are certain tweaks required in order to obtain this performance though. Anyone serious in using ZFS would best be advised to understand how to work it.
As for this closed source zfs blob module... the hostility of the developers clearly proves to me that they lack the discipline required to write a filesystem driver that anyone could actually depend on. Here's one ZFS user who has no interest in risking anything to them.
KQ Infotech is only letting 25 people beta test this module, so good luck getting in (we are in, ...)
Of course you are in. It's free publicity for them.
I understand that there are people and businesses out there who are trying to find ways to monetize on open source code. Code that they did not create and do not hold the copyrights of. Incorporating such code in your own product is one way of doing it, but this has to be done by respecting the license of the code you are using. With all this closed beta and restricting access and all I get the impression that they are not very willing to release the source code. Question is by not doing so are they complying with the CDDL?
Originally Posted by CDDL
Any Covered Software that You distribute or otherwise make available in Executable form must also be made available in Source Code form and that Source Code form must be distributed only under the terms of this License..
If they release the source code to any of their beta testers, then by the CDDL, the beta testers are explicitly allowed to distribute the code. The article Michael wrote does not indicate whether what you get with the closed beta is the code, or a module. Can you please clarify that much, Michael? If they give any beta tester their source and NOT a binary module, then not only do they comply with all licenses, but their "closed" beta just became open to the public.
And yeah, I think monraaf has it spot on that distributing a binary-only module whose source is a derivative work of a CDDL work indeed violates the CDDL. IANAL though.
The arrogance of this project astounds. It stinks of imminent failure as soon as these guys run out of money. Either that, or they'll get sued into oblivion by the SFLC. Good question, though: has the CDDL ever held up in court? The GPL has, in at least one jurisdiction I can think of, but I don't recall the CDDL ever being tested anywhere in any sort of litigation.
The developers come on Phoronix and make angry ad-hominem attacks to users who attempt to refute their arguments. They make sweeping generalities about other ZFS implementations, then they tell us -- while their code is still in the development stages -- that it is going to be many times faster than anything we've seen. We have been down this road before. It's all well and good to claim that you have something great coming down the pipe, but to then attack the projects that compete with you, without providing any evidence that your product is superior, is an extremely unprofessional blunder.
Then they say it will be open source, yet closed. It's like they want the control of a proprietary product, along with the good PR of an open product. You can't have both, especially not with the license your work is derived from. Pick one!
Distributing the binary-only module without source may violate the CDDL, because the CDDL is actually a rather good copyleft license (see here for details). It is noteworthy that, although both the GPL v2 and the CDDL 1.0 are copyleft licenses, they are incompatible in the same way that a GPLv2-only work and a GPLv3-only work are incompatible.
While presumably an individual would be allowed to link a CDDL module into the GPL Linux kernel, I believe that doing so makes both the kernel and the linked module non-distributable. So, in order for this to be legal at all, each user entity must build from source, and then they can't give away their binaries to anyone. The original author of the derived work is not an exception to this rule. Therefore, it can be argued that distributing the binary-only module also violates the GPL license of the kernel.
Violating the CDDL alone may not be enough to get the SFLC going after them, but they're also probably violating the GPL. There is a lot of history of binary modules being distributed for the Linux kernel, though, and a lot of them are licensed under more restrictive licenses than the CDDL. I know at least a few core kernel developers who consider these binary modules to be a derivative work, and therefore violating the GPL; I happen to agree with them. If you disagree, that's fine; but the case about their violating the CDDL is a much stronger claim (from what I can tell) than the case regarding their violating the GPL.
And if they think they're going to sell this thing as a closed source product, effectively commercializing the derivative work of two incompatible copyleft licenses in a way that definitely violates one and possibly violates the other, they're in for one hell of a lawsuit.
You can, because people participating in closed beta tests are not considered as the "general public", which is the target group licenses like CDDL and GPL apply to.
It doesn't matter if you're giving binary copies to your mother. The strictest legal interpretation of copyright law would say that any copies sent outside of the legal entity "KQ Infotech" are distributed; all distributed copies fall under the scope of the CDDL. And no, they can't arbitrarily change the license their code is under, because they are creating a derivative work whose license says that derived works have to be under the same license. That's copyleft.
To make this legal, KQ Infotech would have to employ their beta testers. The legal definition of "employ" may depend on jurisdiction, but presumably it involves monetary compensation in exchange for labor. You can't be employed by someone for free. Labor laws such as minimum wage come into play.
Now, I haven't done a careful reading of the CDDL to determine if it would work out the same there, but you said "licenses like CDDL and GPL", so at least for the GPL case it is a breach of license to convey a copy of the binaries without also conveying a copy of the source.
As the original author of the derivative work, your entity has three choices that do not breach the terms of a typical copyleft license such as the GPL:
1. Don't distribute the work to any other legal entity at all. This is always legal.
2. Distribute source code only, under the same license, which allows and requires any recipient entities to follow the same license terms.
3. Distribute source code and binaries, where the binaries are built directly from the sources without modification. The various copyleft licenses do take some pains to clarify in legal terms exactly what it means to have a binary that is directly built from a given set of unmodified sources, but I'm being a wee bit sloppy here.
Each time KQ Infotech makes a copy of either the source or binaries, if they wind up in the possession of a person who is not also legally employed by KQ Infotech, then the transfer of this copy is called "conveying" or "distributing" the copy to that person. This distribution falls under the terms listed above. KQ Infotech seems to be making up a fourth, incorrect possibility, which says something like "Distribute binaries without source code." But if this were possible, the legal effect of copyleft licenses would be completely compromised, and it wouldn't be copyleft at all.