Mark Shuttleworth mark at canonical.com
Mon Sep 22 09:12:23 UTC 2008

Chip Bennett wrote:
>> Maybe Canonical has an
>> agreement with Mozilla to get a part of the Google money to have these
>> services enabled, or maybe they just see it from a marketing point of
>> view and want the brand recognition that firefox carries, for example to
>> maintain their deal with Dell who might prefer something with Firefox
>> since they have the choice between so many distros. 
> Personally, I choose to assume that Mark Shuttleworth/Canonical have no 
> ulterior motives with respect to the anti-phishing/malware services enabled 
> by default in Ubuntu, and that Mark Shuttleworth's view represents a 
> philosophical difference of opinion with respect to whether or not shipping 
> Firefox with those services enabled by default results in Firefox no longer 
> conforming to the requirements for free software.
We do have agreements in place with Mozilla, and they are in the process 
of being updated, but as far as I'm aware there's no commercial 
dimension to the anti-phishing service at all.

The question about what sorts of terms of service would be incompatible 
with the spirit of free software is a very interesting one, and I know 
there's lots of good debate and discussion going on within our community 
and within Canonical. Theres nothing like a consensus on the matter 
(don't confuse the AGPL for terms of service for services).

At this stage, my own compass suggests that we are OK if:

 - the terms appear to be basically reasonable
 - the terms don't prevent you from working with anyone else
 - the terms don't prevent you from studying the service itself

For "basically reasonable" I ask myself "will most *aware* people want 
this on"? By "aware" I mean people who are sensitive to issues of 
licensing and data protection and their rights. Most people are 
oblivious to those things, but the group of people cc'd on this bug are 
probably "aware". And I'm pretty sure that the substantial majority of 
folks cc'd on the bug have left the anti-phishing service active. I 
certainly have. I would think it nuts to surf the web without it.

The middle one is, I think, important because we don't want to see 
lock-in. One could go further and look for data portability and 
protection, but I don't yet see any consensus about that.

And the last one is important people it's analogous to one of the 
fundamental benefits of the four freedoms, the ability to learn from the 
software one is using. I think it likely someone tries to wedge a 
service in somewhere that says "you can't study this" (the way BitKeeper 
did) and I think that would be non-free.

I'm sure, as the discussion evolves, we'll get a better framework, and 
I'm not speaking for the whole CC here, just myself. There are serious 
members of the community who are extremely aware of these issues who 
have been part of the process in driving to a resolution, and as far as 
I'm aware we are all comfortable with this latest round of proposals. 
There is still some detailed due-diligence under way on the specific 
language used and compatibility with each of the licenses in play, and 
if problems turn up there, we'll work with Mozilla to get them 
addressed. Our interest here is in getting to a positive outcome, which 
for me means helping Mozilla as well as helping our users.

There is no doubt in my mind that the right thing to do is leave the 
anti-phishing service on, and leave Firefox in main. I don't believe we 
are abusing the trust our users place in us, and in fact, most of the 
other courses of actions would feel like abandoning that trust in favour 
of making an unnecessary statement.


You received this bug notification because you are a member of Mozilla
Bugs, which is subscribed to firefox-3.0 in ubuntu.

More information about the Ubuntu-mozillateam-bugs mailing list