Use the Source! A Revolution in Grassroots Software Right to Repair

Mon Feb 5 17:06:53 UTC 2024

    Use the Source! A Revolution in Grassroots Software Right to Repair
       SFC launches key tool in the fight for user rights at FOSDEM

URL: https://sfconservancy.org/news/2024/feb/03/use-the-source-launched/

Social media:
  https://social.sfconservancy.org/notice/AeZuz7AzbSL17wENAe

Software Freedom Conservancy (SFC) today announced at FOSDEM an
innovative new community tool in the software right to repair: Use The
Source [0]. Use The Source is an elegant collaborative platform for
users to catalog, find and test source code candidates for real products
to verify their reproducibility and reinstallability. Users can discuss
whether their device's software is repairable, so they know if the
device can be fixed or updated, especially to fix security
vulnerabilities or otherwise adapt it to their needs.

Most consumer electronics ship with software that is provided under
various copyleft licenses that (ostensibly) guarantee the consumers'
right to software repair. Owners of these devices have a right to
receive the complete source code for that software. Sadly, too often,
the source isn't provided at all. Even when some source is provided, the
provided source is usually incomplete.

Use The Source seeks to be a hub for collaboration in solving this
problem. Based on the ideals and methodologies behind successful FOSS
projects, Use The Source provides device owners an outlet to share and
discuss how they reviewed source code candidates that companies provide
to them, so they can determine, with the community's help, whether they
can truly repair and modify the device's software. SFC encourages device
owners to first test the offers for source code for all their products,
and then share the source candidates they have received.

This Use The Source initiative harkens back to the beloved but now
defunct mailing lists of gpl-violations.org [1]. In their heyday, these
mailing lists were a central place for those who cared about their
rights under copyleft licenses to learn from each other. On those lists,
the early FOSS community learned how to make effective use of compliant
source, and how to demand that source if none is provided or it is
incomplete.

SFC is acutely aware that, for the last decade since those resources
disappeared, the skills and knowledge in the FOSS community has
atrophied. SFC feels an obligation to use our expertise to launch a
community to rebuild these skills in the volunteer core of FOSS, and to
otherwise teach and educate about what we know and how we do.

As always, SFC plans to follow its Principles of Community-Oriented GPL
Enforcement [2] in this process. SFC has developed a timeline [3] for
companies who wish to actively participate in resolving any concerns,
based on the importance of promptly fixing source candidates that are
not in compliance with copyleft terms [4]. Our process balances the
urgent need to publish and discuss source candidates with the common
desire of for-profit companies to remain anonymous while they correct
inadvertent GPL violations.

SFC encourages anyone interested to review the source code candidates on
our Use The Source [5] platform, and to submit any source code
candidates they find, so the community can build its knowledge and
experience in reviewing and assessing source candidates for their
compliance with the copyleft licenses that companies choose to use. You
can also join our ccs-review mailing list [6], where the public can
engage with SFC and other official Use The Source commenters in
discussing the published source candidates as well. Source candidates
and comments from Use The Source will auto-post to the ccs-review list
so you can see and react to what we're doing in real time. We hope that
our discussions will eventually lead to a much higher percentage of
source candidates being in compliance with the software right to repair
licenses they use. With compliant source code candidates, device owners
can keep themselves secure, adapt to their future needs, and ensure
others can do the same, by themselves or by working with the community
or third-party repair services to give them the freedoms that software
right to repair licenses have always intended to convey.

[0] https://sfconservancy.org/usethesource/
[1] https://web.archive.org/web/20141022025510/http://lists.gpl-violations.org:80/pipermail/legal/
[2] https://sfconservancy.org/copyleft-compliance/principles.html
[3] https://sfconservancy.org/usethesource/ccirt-process/
[4] https://sfconservancy.org/blog/2024/feb/03/ccirt-security-and-software-right-to-repair/
[5] https://sfconservancy.org/usethesource/
[6] https://lists.sfconservancy.org/mailman/listinfo/ccs-review