[Mystlix]

I might be mistaken, but at least in Europe (but I believe it's the same case for the US) reverse engineering proprietary software in order to fix critical bugs, add necessary features or port it somewhere else out of necessity is allowed, provided you don't share the modified program. Of course being able to share your fixes would be great, but in a sense Software Right to Repair already exists and is in a much better shape that the Hardware's one

[progbits]

The problem is that most people who would need and benefit of those changes don't have the time or skill to make them themselves. So being able to share and distribute the modified version is an absolute bare minimum for the right to repair.

[noduerme]

Hiring your own people to branch and maintain the software for your own purposes is not "distribution". If you're a company relying on software you don't own, and you need it to do something different, you can hire coders to maintain it in your direction. That's totally different from reselling it.

[pabs3]

When the people you are hiring are an external contractor, that probably counts as distribution though.

[7steps2much]

It only counts as distribution if you give it to them and they start using the software as well.

If you send them the software, they reverse engineer it and fix bugs that's not distribution.

If you send it to them, they fix bugs and then start using it themselves that is distribution.

[noduerme]

No, I don't think so. If the company has the right to edit the code, then it can contract that out. If someone paid the company to clone or use the code, that would be distribution.

[pabs3]

From the FSF's GPL FAQ:

However, when the organization transfers copies to other organizations or individuals, that is distribution. In particular, providing copies to contractors for use off-site is distribution.

https://www.gnu.org/licenses/gpl-faq.html#InternalDistributi...

[noduerme]

For use off-site. Hiring a programmer off-site to maintain it isn't "use". Giving it to someone to use in a productive way in furtherance of your business or in exchange for money would be "use".

[Jiro]

Distribution matters because it triggers legal consequences--you need a license to distribute. The FSF can't rewrite the law. So they can't say "doing X is distribution" and then claim that doing X requires a license.

So whether the FSF calls something distribution in their own FAQ is irrelevant, unless the FSF is your lawyer and giving you legal advice.

[denton-scratch]

Quite. Being allowed to fix the OS yourself, but not share the result, is like being allowed to fix your car yourself, but being forbidden to set up business as a mechanic-for-hire.

I used to be able to fix a Morris Minor; but I wouldn't dream of trying to fix anything but the bodywork on a modern car.

[White_Wolf]

You made me wonder if sharing a patcher that modifies the program files would be legal under the EU law.

[noduerme]

IANAL but sharing the patcher probably wouldn't be. Sharing the code it patched, or a patched version of that code, would be piracy.

[Mystlix]

Sorry, what farmer has the ability to repair a design problem in an engine? In reality the vast majority of fixes are just temporary patches using materials that quickly degrade and need to be constantly replaced.

[Robotbeat]

More than you think. Farmers often know how to weld, etc.

[pabs3]

In the EU it sounds like the modifications allowed are limited to "within its intended purpose", which could block some modifications, although it would be hard to discover modifications you made locally without sharing them.

https://en.wikipedia.org/wiki/Computer_Programs_Directive

Wikipedia says that software ToS can override the legality of reverse engineering in the USA:

https://en.wikipedia.org/wiki/Reverse_engineering#Legality

It also sounds like in the US the modifications allowed are only for circumventing DRM, and only for interoperability, not for adding features or fixing bugs.

[noduerme]

This is true in America as well. You stated it exactly. The recipient of a binary or a set of scripts who has a right to use them in production also has a right to repair them, just not to distribute them.

I don't understand what contract law has to do with this case. I was actually mildly alarmed to hear that they think using GPL software somehow enters them into a contract. If I read it correctly. That could become quite nasty and be very bad for FOSS if a court upheld the idea, since it's often corporations relying on FOSS and not the other way around.

[pabs3]

The article clearly states that the GPL is both a license and a contract:

But many lawyers have advised us that contract law is a useful parallel avenue. This approach has the advantage of empowering users of the software who are not necessarily copyright holders. The mantra of “the GPL is not a contract” is a mistruth that has been so often repeated that it became widely accepted and typically unchallenged. (We expect you'll hear this theory repeated even more loudly now that the our Vizio lawsuit brought the question to the forefront in a federal court case.) Yet, prominent legal experts outside of FOSS social circles have long scoffed at the assertion. Indeed, case law in the USA has held the opposite. In multiple cases, courts have been convinced, specifically, that the GPL operates as both a contract and a copyright license. The law appears clear on this, and this is among the reasons why we believe our motion to remand will succeed. In short, we'll say it plainly here and now for everyone: the GPL operates both as a copyright license and as a contract; litigation can proceed under either of those legal theories. Our motion to remand in the Vizio case explains the legal details as to why that's true.

[noduerme]

The article asserts that in their opinion, it's a valid legal theory that GPL constitutes a contract. One hopes the courts will put a limit to what that "contract" entitles the users of GPL software to sue coders for.

[pabs3]

Agreed with the second part, hopefully users of GPL software would only be able to sue for GPL violation and only be able to obtain GPL compliance, rather than damages of any kind. Also, at least with GPLv3 there are some ways to get the license back by coming into compliance.

[pabs3]

They assert that it has been courts opinions too.

[noduerme]

True. They assert it. I think as a brief, they doth protest enough to make you wonder how much is settled law and how much is looking for precedent.

[pabs3]

They are absolutely looking to create precedent on the "third-party beneficiary of the GPL" idea, which will be great for users of GPL software if it happens.

As IANAL, I'm unable to judge if the cases they cite in the motion back up the "GPL is a contract too" idea though.

[DarylZero]

There's really no such thing as settled law. E.g. Roe.

[Terry_Roll]

In Europe, I understand it as only legal to reverse engineer to fix bugs, thats it.

Now Copyright is a bit more difficult, because the process of reverse engineering code to fix a bug can also mean copyright can be discovered, ie learning how something works, like a driver for some hardware to work in an operating system or app.

[7steps2much]

You are allowed to add necessary features or port the software as well. Of course, what counts as a "necessary feature" is always up to debate, but if you for example own a software that only runs on Microsoft DOS and you want to port it to Windows 10, that's allowed.

Also, as far as copyright/patents are concerned those aren't a Problem with reverse engineering. If you reverse engineering something and you then discover copyrighted code while fixing a bug that's not a problem. Knowing of that code is not copying it.

If you were to copy that code or use knowledge you gained by reverse engineering to build your own product that would be an issue though.

[Terry_Roll]

I dont think I've ever sold software, just a licence to use said software, so I think my old dos programs will be safe.

> If you were to copy that code or use knowledge you gained by reverse engineering to build your own product that would be an issue though.

And thats the hard part, how do you prove a thought process existed before you had your thought confirmed by seeing it used in some code that you are reverse engineering? Even if I had written such thought down, proving the date & time on the piece of paper isnt back dated is also tricky.

[foxfluff]

> In Europe, I understand it as only legal to reverse engineer to fix bugs, thats it.

Yep. AIUI doing such things as reverse-engineering to analyze malware (or to detect otherwise malicious behavior, such as breaches of GDPR) is not permitted.

[MaxBarraclough]

> [...] allowed, provided you don't share the modified program

Would it be legal to share the binary diff of the fix, provided it contained none of the original binary?

[jevoten]

To see the absurd legal overreach of these laws, write "examining how it works" instead of "reverse engineering".