What is Libreware?
Libreware, or libre software, refers to software that can be modified by its users, in the sense that the user can change any aspect of the program, including removing any unwanted parts, changing any behaviors, and adding any new features they wish.
Essentially, the idea is that when you run a program in your computer, the program is making your computer do things, according to what the program's developers intents. If the developer wants to do something that you don't want your computer to do, you have no way to stop it. You depend on the developer adding options, adding support for features you need, or removing unwanted behaviors, because you can't modify the program yourself. According to Richard Stallman, one of the proponents of libre software, the idea that a developer can just force your computer to do things you don't want it to do is akin to "slavery," hence to obtain true freedom in software, you must be able to change any part of the program you wish.
Libre software is also called free software, however, the word "free" has two meanings: "free as in free beer," you don't pay for it, and "free as in freedom," you have the liberty to do whatever you want. The first is commonly called freeware, the second is libreware. To disambiguate, the term "libre" started being used.
From this you also see the terms free and open source software (FOSS), and free/libre open source software (FLOSS).
In practice, libreware implies a few things.
First, the software must be open source. The programs your computer executes are instructions called machine code, but in almost all cases programmers don't program by editing this machine code directly, instead, they edit what's called the "source code" of the program. This source code goes through a program called a "compiler" that turns the source code into machine code. In order for a program to be editable, and thus libre, it must make its source code available, and the compiler or other tools necessary to build the program must also be available.
As you can imagine, in order for something to be truly libre, every one of the countless components associated to it must also be libre, otherwise you end up with a source code that you can edit, but that you can't actually turn into a program because one of its parts isn't available to you.
Most large applications are developed by teams, not by single developers, consequently, it's necessary to be able to exchange the source code you altered with your peers. This carries copyright issues, as source code is copyrightable. To deal with this, the published source code must be licensed in such way that allows for redistribution of derivatives. It seems that, often, it's difficult to change the license of an open source software that has been contributed to by many authors, since that would require all of the authors agreeing on the change.
Notably, Aseprite is an open source software that is free if you know how to build it, but has a paid version that gives you the binaries (the compiled executable files) for a fee. A fork of this software before the change in licensing called Libresprite exists.
These details keep pilling up, and the result is something called the GPL (GNU Public License) and the LGPL (Lesser GPL). Essentially, any program that uses a GPL-licensed subprogram must become GPL itself, while any program that uses a LGPL subprogram allow the user to change the subprogram, and any changes made to this subprogram must have its source code published in the LGPL license. This means it's not possible, for example, to make an application that is only 1 file which contains LGPL-licensed libraries, because then you wouldn't be able to replace those libraries (not that anyone ever does that), consequently, LGPL-licensed libraries need to be dynamic linked (becoming separate .dll files on Windows).
Notably, Qt is a GUI toolkit that has a commercial version and multiple modules, some of them LGPL-licensed, some of them GPL-licensed. It seems Qt makes money selling commercial licenses to car companies. In this case, even the LGPL license would mean that users are legally allowed change the car's software system, and as the companies find that preposterous they purchase the commercial license.
One particular issue that arose in the first two versions of GPL is now known as tivoization (from a product called TiVo). Essentially, someone uses a GPL-licensed software, but their hardware or system doesn't allow replacing one program by another. This can occur if the hardware or system checks if the software has been tampered with. To do so, it could generate a hash code that identifies what a non-tampered installation looks like, then generate a hash of what's currently installed, and compare the two: if they don't match, the software changed. If the system does this and then refuses to run with non-trusted software, it breaches the spirit of libre software, because "trusted" in this sense means only that the developer trusts it, and the user has no way to make their own alterations trusted.
This issue was patched in GPLv3. Some software still uses GPLv2, notably the Linux kernel, because the tivoization clause severely limits the freedom of what hardware can run a software, which feels counterproductive.
A recent consequence of this issue is that Microsoft has refused to sign a version of GRUB (a bootloader) that was relicensed under GPLv3, under fears that if they signed it, they would be legally required to hand the private key they used to sign it. Essentially, Microsoft has a private key it uses to cryptographically sign programs it trusts. This sort of key can only be used to sign an exact version of a program: if the program changes even by one byte, the signature won't be recognized anymore. Without it, the system won't trust the program, but if you gave the private key to everyone, it would make the private key pointless since it wouldn't mean Microsoft trusts that exact program any longer.
Code submitted for UEFI signing must not be subject to GPLv3 or any license that purports to give someone the right to demand authorization keys to be able to install modified forms of the code on a device. Code that is subject to such a license that has already been signed might have that signature revoked. For example, GRUB 2 is licensed under GPLv3 and will not be signed.
https://techcommunity.microsoft.com/t5/hardware-dev-center/updated-uefi-signing-requirements/ba-p/1062916 (accessed 2024-06-21)
Leave a Reply