D-bus model proposal for pay for access features - LicenseService at OpenBMC

Patrick Williams patrick at stwcx.xyz
Sat Oct 7 06:38:26 AEDT 2023 

On Fri, Oct 06, 2023 at 01:17:46PM -0400, Brad Bishop wrote:

> The legal/DMCA concerns are interesting.  I do wonder if the concerns 
> could be generalized to all the code, though, and not just a license 
> service.  Licensing features may not be in every OpenBMC users business 
> model, but doesn't every business have just as much incentive to go 
> after developers for public disclosure of -anything- that could impact 
> its business?  What makes the DMCA applicable to a license service only, 
> and not, for example, any old security vulnerability in foocorp-ipmi-oem 
> or foocorp-misc?

I'm not a lawyer and you'll need to talk to your own legal team for
advice on this matter.

In the broad sense, DMCA was suppose to be about copyright
circumvention (such as what the license server is protecting) but it has
been used in ways greatly beyond that scope.  I previously linked to the
EFF's "Unintended Consequences: 16 years under DMCA" article that
describes many of the ways they feel DMCA has been applied well beyond
that scope.

The Library of Congress publishes all of the exceptions to the DMTF in a
(currently) 15 page regulation[1].  There is generally an exception
documented here for "good-faith security research".  My understanding is
that "any old security vulnerability" would fall under this exception as
long as the security vulnerability isn't primarily used for copyright
circumvention.

Applicable to this discussion is some work the Software Freedom
Conservancy has done[2].  Jailbreaking [some] devices is now a covered
exemption.  It is possible that circumventing license keys in a way that
allows you to run a raw open source image *might* be a DMCA-exempted
activity.  Where it becomes more of a grey area is if the method to
jailbreak would also allow you to install an unpaid copy of the
hypothetical BMC security update images.

[1] https://www.govinfo.gov/content/pkg/FR-2021-10-28/pdf/2021-23311.pdf
[2] https://sfconservancy.org/news/2021/oct/28/2021-DMCA-final-exemptions-win

There are a lot of grey areas here.  To me, the farther we stay away
from licensing and copyright protection the less likely we are to run
afoul of the DMCA.

-- 
Patrick Williams
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20231006/eb690743/attachment.sig>

More information about the openbmc mailing list