Legality of charging for Linux?

[Eelectricity]

The point isn't to annex code from companies like some sort of software-conquistador. The point is to preserve the end-user freedoms.

But the entire idea is essentially moot. Ask around any distro for the formal code audit for the code that makes up that distro. You'll hear crickets.
The point is that end-users don't look at code and programmers look at code but only when required. Consider the recent debacle with bash.

Everyone likes the idea of open source but nothing much is done with that open source and "states" freely place backdoors and other questionable code in open source all over the place and everywhere.

But still please show some code that came out of an enforcement just for the heck of it. So far all I have seen is that lawyers make money, the FSF gets money. And no one really knows what code lurks where.

It places a false trust into open source.

That is why openssl never bother signing packages for so long. They were sending a clear message to the enlightened.

 

[K7SN]

People still use CDs/DVDs? I haven't used one since 2007...

I do, I write software and once a month I make two DVDs of all my work still stored on a hard drive. I have all the code I written since the 1980s accessible on those relative inexpensive CDs and DVDs.

OP - I feel you will not get rich but the CD/DVD does ship as First Class if the package is rectangular and less than a 1/4 thick. Cost of shipping about 60 cents and up to three days delivery. How much you charge for your time, effort and profit will reflect on how eager customers are willing to wait to save a a few dollars. The point is that many first time Unix or Linux costumers are naïve and may will order once but don't expect much repeat business.

Back in the shareware business we sent 5 inch floppy's for half what it costs now but had about $22 profit each mailing (Postage, mailing folders, media costs and Gas to go to the Post Office) and twice a week to pick up $100 or so each time was well worth the effort. Today you will probably have something like PayPal or Credit Card costs and website maintenance (fixed overhead). Frankly, I am a bit doubtful of the success or your plan.

 

[Red Squirrel]

Counterpoint: if you want to make money selling GPL software, distribute the software for free and charge an arm and a leg for enterprise support.

Yep to me that's the way it should be done anyway for commercial software. Microsoft stuff should be free and perhaps even open source, but charge for support (like they already do). Companies will not use software if they can't get support so they'll pay for that, but personal users can still use and know the software. It's win win for everyone.

 

[Essence_of_War]

But the entire idea is essentially moot. Ask around any distro for the formal code audit for the code that makes up that distro. You'll hear crickets.
The point is that end-users don't look at code and programmers look at code but only when required. Consider the recent debacle with bash.

...

I think we're not communicating clearly. I've tried to explain that the purpose of the GPL isn't to "liberate" non-free software. The purpose of the GPL is to give developers a tool to protect the freedoms of end-users, while simultaneously protecting themselves from a proprietary, modified version of their own work. I don't know how we've gotten onto the topic of code liberation via enforcement actions, but it isn't relevant to the discussion at hand.

Everyone likes the idea of open source but nothing much is done with that open source and "states" freely place backdoors and other questionable code in open source all over the place and everywhere.

I don't know why you would expect that non-free or closed-source software would be any "safer" from backdoors and state actors than free and open-source software. But the great thing about free and open source software is that if you really are suspicious of that you can fork it, and study and develop it in secret to expose them.

 

[ninaholic37]

Everyone likes the idea of open source

Not everyone. Steve Ballmer once described Linux as a Cancer.

but nothing much is done with that open source

There's lots of forks of Firefox, and lots of Linux distros that are based off or derive parts from other distros. I have many programs where the original author(s) posted the source code, and others were able to continue enhancing and perfecting it for years because of this availability. Having the source code to a program is much easier than trying to understand a "black box" even if you're not looking to customize or improve something.

The point is that end-users don't look at code and programmers look at code but only when required.

I think most people/groups who make their code open source enjoy coding and are proud of their work, and are perfectionists. Many enjoy coding so much that they do it for free. Do you know any open source programmers who disagree?

 

[Crusty]

But the entire idea is essentially moot. Ask around any distro for the formal code audit for the code that makes up that distro. You'll hear crickets.
The point is that end-users don't look at code and programmers look at code but only when required. Consider the recent debacle with bash.

Everyone likes the idea of open source but nothing much is done with that open source and "states" freely place backdoors and other questionable code in open source all over the place and everywhere.

But still please show some code that came out of an enforcement just for the heck of it. So far all I have seen is that lawyers make money, the FSF gets money. And no one really knows what code lurks where.

It places a false trust into open source.

That is why openssl never bother signing packages for so long. They were sending a clear message to the enlightened.

That's hardly the case, you're asking the developers to do something that is not needed and then get upset when they don't do it. They don't need to provide an audit for the source code, they just need to make sure you can access it.

In particular, with Debian you can use apt-get to download the source code for any package you wish, no need to ask a human for it. There is no reason for the maintainers of a distribution to be able to produce an audit-able tarball of every single line of code going into the distribution when they already provide a means to access to the code directly. Aptitude does not now know to use 'red tape' to prevent you from getting access to the source code.

I think you'll find any distribution that uses a package manager would have the same response. Hell, to even install Gentoo you have to have access to the source code...

 

[Eelectricity]

I don't know why you would expect that non-free or closed-source software would be any "safer" from backdoors and state actors than free and open-source software.

Thank you for solidifying my point. Neither can be trusted. That's part of my point. I had other points that you missed.

One other point is that open source has no formal security code audits.

The fact that source is open makes many that use open source think they are secure because the distro has made sure it's secure. It is a false sense of security that's perpetrated.

 

[Eelectricity]

That's hardly the case, you're asking the developers to do something that is not needed

It is needed. It is badly needed. But it won't happen anytime soon. But there are some distros that are working hard toward doing it right.

 

[Essence_of_War]

One other point is that open source has no formal security code audits.

The fact that source is open makes many that use open source think they are secure because the distro has made sure it's secure. It is a false sense of security that's perpetrated.

This has nothing to do with the topics at hand, namely, questions of cost to distribute binaries and associated responsibilities for source under the GPL.

 

[h4rm0ny]

Do I have to provide the source code, if I'm only re-distributing something that some upstream entity has created, and they offer the source code, if I'm not modifying that in any way?

Does OSDisc.com provide source code to their distros?

You have to make available the source code for any GPL software you provide. So it wouldn't have to be on the disc, you could have it publically available on your website, guarantee to send a copy of the source code promptly on request, and so forth. But you're in violation of the GPL if you failed to provide the source and there's no expiration date built into the GPL so the simplest and most rock-solid way of complying with the GPL is to include the source for any GPL'd parts with the binaries at the time. Given that you're providing it by disc after all.

But what you're really asking is can you burn an Ubuntu iso (or whatever) and not worry about the source code part. Yes, you can get away with this because the source code is available via Ubuntu and I think any court would be happy enough to accept directing your customers to Ubuntu's repositories to comply is a sufficient way to comply with the GPL. And Ubuntu gain from this because they're distributing their product with lower costs.

Ultimately the answer is: "Yes, you can do this and you wont get into trouble for it". I mean so long as you give people the product they're paying you for.

 

[h4rm0ny]

Thank you for solidifying my point. Neither can be trusted. That's part of my point. I had other points that you missed.

One other point is that open source has no formal security code audits.

The fact that source is open makes many that use open source think they are secure because the distro has made sure it's secure. It is a false sense of security that's perpetrated.

There are formal audits of much Open Source code. GNU/Linux runs most of the world's Internet backbone with IIS making up the rest. You think nobody ever professionally audits that software? Like most software, it depends what it is.

As to security and bugs, "Open Source" is no more nor less bug free than "Closed Source" because these are both vast categories encompassing everything from some near-abandoned GPL'd software to the Django framework on one side; and from Adobe FLASH to MS Excel on the other. You can't meaningfully say one is better than the other and being Open Source does not mean it's better tested. Nor does it mean it's worse. The security advantage of Open Source is verifiability. It doesn't mean you get fewer accidental bugs, it means you get less deliberate subversion. It is very hard to hide your NSA backdoor in Open Source code. There have been like one or two VERY clever ways of sort-of backdooring Open Source (and I'm including when the NSA hid a cryptographic weakness in a mathematical algorithm when RSA unwisely trusted them), and that's about it.

So if you're looking for bug free software, pick what has the lowest bugs. If you're looking for verifiability, Open Source has a clear and indisputable advantage there.