Commit a55d23d1 authored by Jeremy Soller's avatar Jeremy Soller

Free software cleanup

parent 17d817a0
......@@ -9,10 +9,10 @@
- [Introduction]()
- [What is Redox?](./introduction/what_is_redox.md)
- [Why Redox?](./introduction/why_redox.md)
- [Why Free Software?](./introduction/why_free_software.md)
- [Why Rust?](./introduction/why_rust.md)
- [Heartbleed: A case study]()
- [Unsafes](./introduction/unsafes.md)
- [Why MIT?](./introduction/why_mit.md)
- [How Redox compares to other operating systems](./introduction/how_redox_compares_to_other_operating_systems.md)
- [The target of Redox]()
- [Will Redox replace Linux?](./introduction/will_redox_replace_linux.md)
......
......@@ -3,12 +3,12 @@ What is Redox?
You might still have the question: What is Redox actually?
Redox is an attempt to make a complete, fully-functioning, general-purpose operating system with a focus on safety, reliability, correctness, and pragmatism.
Redox is an attempt to make a complete, fully-functioning, general-purpose operating system with a focus on safety, freedom, reliability, correctness, and pragmatism.
The goals of Redox
------------------
We want to be able to use it, without obstructions, as a alternative to Linux on our computers. It should be able to run most Linux programs with only minimal modifications.
We want to be able to use it, without obstructions, as a alternative to Linux on our computers. It should be able to run most Linux programs with only minimal modifications. (see [Why Free Software])
We're aiming towards a complete, safe Rust ecosystem. This is a design choice, which hopefully improves correctness and security (see [Why Rust]).
......@@ -23,4 +23,5 @@ This means that a large number of standard programs and libraries will be compat
The key here is the trade off between correctness and compatibility. Ideally, you should be able achieve both, but unfortunately, you can't always do so.
[Why Free Software]: ./introduction/why_free_software.html
[Why Rust]: ./introduction/why_rust.html
Why Free Software?
=======
Redox OS will be packaged only with compatible free software, to ensure that the entire default distribution may be inspected, modified, and redistributed. Software that does not allow these features, i.e. proprietary software, is against the goals of security and freedom and will not be endorsed by Redox OS. We therefore comply with the [GNU Free System Distribution Guidelines](http://www.gnu.org/distros/free-system-distribution-guidelines.html).
To view a list of compatible licenses, please refer to the [GNU List of Licenses](http://www.gnu.org/licenses/license-list.html).
For more information about free software, [please view this page](http://www.gnu.org/philosophy/free-sw.html).
Free Software is Secure
-------------------------------------
Redox OS is predominately MIT X11-style licensed, including all software, documentation, and fonts. There are only a few exceptions to this:
- GNU Unifont, which is GPLv2
- Fira font, which is SIL Open Font License 1.1
- Oxygen icons from KDE, which are LGPLv3
- Newlib C library, which is GPLv2
- NASM, which is BSD 2-clause
The MIT X11-style license has the following properties:
- It gives you, the user of the software, complete and unrestrained access to the software, such that you may inspect, modify, and redistribute your changes
- *Inspection* Anyone may inspect the software for security vulnerabilities
- *Modification* Anyone may modify the software to fix security vulnerabilities
- *Redistribution* Anyone may redistribute the software to patch the security vulnerabilities
- It is compatible with GPL licenses - Projects licensed as GPL can be distributed with Redox OS
- It allows for the incorporation of GPL-incompatible free software, such as OpenZFS, which is CDDL licensed
- The microkernel architecture means that driver maintainers could choose their own free software license to meet their needs
Proprietary Software is not Secure
----------------------------------
Consider the following clause, from [Microsoft Windows 10's EULA](https://www.microsoft.com/en-us/Useterms/Retail/Windows/10/UseTerms_Retail_Windows_10_English.htm):
```
c. Restrictions. The manufacturer or installer and Microsoft reserve all
rights (such as rights under intellectual property laws) not expressly
granted in this agreement. For example, this license does not give you
any right to, and you may not:
(i) use or virtualize features of the software separately;
(ii) publish, copy (other than the permitted backup copy), rent, lease, or
lend the software;
(iii) transfer the software (except as permitted by this agreement);
(iv) work around any technical restrictions or limitations in the software;
(v) use the software as server software, for commercial hosting, make the
software available for simultaneous use by multiple users over a
network, install the software on a server and allow users to access it
remotely, or install the software on a device for use only by remote
users;
(vi) reverse engineer, decompile, or disassemble the software, or attempt to
do so, except and only to the extent that the foregoing restriction is
permitted by applicable law or by licensing terms governing the use of
open-source components that may be included with the software; and
(vii) when using Internet-based features you may not use those features in any
way that could interfere with anyone else’s use of them, or to try to
gain access to or use any service, data, account, or network, in an
unauthorized manner.
```
These are clauses typical of proprietary software licenses, but disallowed in free software licenses. These clauses makes it possible for Microsoft to sue and seek damages from individuals who attempt to study, modify, or redistribute the software that they have purchased. Redox OS abhors such limitations on your freedom. As Redox OS focuses on security, keep in mind the following:
- *Inspection* Software that cannot be legally studied, cannot have security flaws identified by the community. Crackers will take advantage of this, as they have no problem breaking the law, and will identify security flaws and utilize them for their own gains.
- *Modification* Software that cannot be legally changed, cannot have security flaws fixed by the community. Again, this will lead to identified security flaws being left unfixed for long periods of time.
- *Distribution* Software that cannot be legally distributed, cannot have security flaws patched by the community. This will lead to a number of vulnerable installations, even after an identified security flaw has been fixed.
Why MIT?
=======
As licensing is rather controversial, this is a frequently asked question.
The GPL is good for forcing people who make changes to the source to contribute back. GPL stipulates that source code that is modified, compiled, and then distributed must be published under the GPL license. This prevents a company like Google, for example, from keeping most modifications to the Linux kernel for Android private.
Since operating systems are such an integrated part of our lives, we want as little restriction as possible.
The MIT license opens up a lot of possibilities, which are simply not plausible with, say, the GPL:
- It allows for the distribution of proprietary changes to the Redox operating system. FreeBSD, for example, has been used in both Apple OS X and the Sony PS4
- It allows for the incorporation of GPL-incompatible code into the kernel, like OpenZFS
- MIT is compatible with GPL - Projects licensed as GPL can still be distributed with Redox
- Microkernel architecture means that driver maintainers could choose their own license to meet their needs
We wanted to encourage the use, modification, and packaging of Redox in absolutely all realms. Open source should be open, for everyone. We do not desire limiting the usage of the software. Therefore, MIT was the license of choice.
But what if someone "steals" the source code?
---------------------------------------------
What if Apple comes along and decides that Redox would be a good base for their next OS X?
We wouldn't mind if they did that. In order to successfully steal a project, you'd have to make _some_ improvements over the upstream version. You can't sell an apple for $2, if another person stands right next to you, giving them away for free. For this reason, making a (potentially proprietary) fork interesting requires putting some time and money into it.
There is nothing wrong with building on top of Redox. You can't _unfairly_ abuse our project by making proprietary extensions. That's simply not possible. For a fork to gain interest, you will have to put effort into it no matter what.
Building on top of Redox, whether it gets to upstream or not, is a thing we appreciate.
---------------------------------------------------------------------------------------
We like to have a decentralized structure of the project, allowing people to do whatever they want, no matter how they intend to share it.
Copyleft licenses are upstream-centric, whereas permissive licenses can be thought of as more downstream-centric. We happen to prioritize downstream more than upstream.
......@@ -17,7 +17,7 @@ Take Linux for example:
- Legacy until infinity: Old syscalls stay around forever, drivers for long-unbuyable hardware stay in the kernel as a mandatory part. While they can be disabled, running them in kernel space is unnecessary, and can be a source of system crashes, security issues, and unexpected bugs.
- Huge codebase: To contribute, you must find a place to fit in to nearly _25 million lines of code_, in just the kernel. This is due to Linux's monolithic architecture.
- Restrictive license: Linux is licensed under GPL2, preventing some use cases that we would like to allow. More on this in [Why MIT?].
- Non-permissive license: Linux is licensed under GPL2, preventing the use of other free software licenses inside of the kernel. More on our use of the MIT X11-style license in [Why Free Software].
- Lack of memory safety: Linux has had numerous issues with memory safety throughout time. C is a fine language, but for such a security critical system, C is difficult to use safely.
### BSD
......@@ -48,7 +48,7 @@ We have to admit, that we do like the idea of writing something that is our own
- User space written mostly in Rust
- Orbital, a new GUI
[Why MIT?]: why_mit.html
[Why Free Software]: why_free_software.html
[jails]: https://www.freebsd.org/doc/handbook/jails.html
[ZFS]: https://www.freebsd.org/doc/handbook/zfs.html
[reliability]: http://wiki.minix3.org/doku.php?id=www:documentation:reliability
What Redox is
=============
Redox is a general purpose operating system and surrounding ecosystem written in pure Rust. Our aim is to provide a fully functioning Unix-like microkernel.
Redox is a general purpose operating system and surrounding ecosystem written in pure Rust. Our aim is to provide a fully functioning Unix-like microkernel, that is both secure and free.
We have modest compatibility with POSIX, allowing Redox to run many programs without porting.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment