GPLv3

it is unclear if someone can or can't distribute a gpl3 proof of concept

an example: someone discover a new kind of security flaw and make a gpl code that exploit it in order to demonstrate that this is a real security flaw what is unclear is the "illegaly" term this term depends a lot on the law of the country where the code is relased: *if the country prohibit spywares,drm,viruses... the person can't distribute his code *if the country does not prohibit spywares,drm,viruses but only prohibit things such as cracking/hacking it will only be illegal when: **the program is included or hidden inside another program in the purpose of cracking/hacking **the program is used in order to crack/hack

The clause isn't bulletproof (and was never intended to be) and does, as you mention, depend on regional laws (which is taken up in other comments).

You've given an example of either a "fair use" of the software--using the GPL software to comment on a flaw--or a use of the software that is not an example of "distribution".

I admit I'm somewhat clueless about the specifics of privacy laws (both in the UK or elseware). This seems to imply that you may not distrabute spyware or DRM monitoring systems under the GPL, or by inference modify existing GPL code to become spyware / DRM monitoring apps and then distrabute that. I'm not pro-spyware, would this clause make GPLv3 incompatable with the 6th clause of the open source definition: 6. No Discrimination Against Fields of Endeavor The license must not restrict anyone from making use of the program in a specific field of endeavor. For example, it may not restrict the program from being used in a business, or from being used for genetic research. In the Sony DRM case, one of the features of their CD player software is that it would look to see which CD was playing then make a HTTP request to a Sony server to lookup extra album information, the HTTP requests are then logged by the webserver along with IP address and the privacy implications there (How much consent and/or knowledge is needed from the end user of the feature before its becomes legal/illegal).

Now Assume that I add a feature (maybe it already exists) to GPLv3 XMMS to do a lookup on www.freedb.org based on the currently playing MP3 or OGG. Does this raise privacy implications, I guess not as many. So where is the source of the problem here, is it that the media player software performs automattic HTTP requests based on its other activities, is it at the webserver end because it performs logging, is it because one company controls both the end user software and the webserver performing the logging, or is it simply a matter of trust, we trust the people running www.freedb.org far more than we trust the people at Sony. Assuming everything is running GPLv3 code, and that with everything combined it is considered illegal, on which piece of software would this clause kick in on and prevent redistrabution. The term user is not defined specifically, it could mean the person running the code, or making use of the code (as in a remote user accessing a webserver) - or potentually mean other computer users affected in some way by the code. Take a program like nmap, which does port scanning, is this an illegal invasion of privacy, what if you are running it against military or sensitive computers? Who is the user in this case, is it me because I'm running the code on my computer, or my target who is being scanned (what if the RIAA where to run nmap on every IP to visit www.grokster.com).

Now some tools can be used in many different ways, a combination of an ssh client, a bash loop, a dictionary file and rsync could be used in ways that are very easily invade privacy (and all other data files) on a users machine, though individually and in combination are also very ligitimate tools.

Then you have an intresting possible (though rather insignificant) perversion of the GPLv3. One day Gator Corp (of spyware fame) decides to release all its products under the GPLv3. As copyright holder it can give as many copies as it likes away, but when anybody starts copying the code themselves, they are sued by Gator for violation of section 3 of the GPLv3, "thou shall use use GPLed spyware". I'm pretty sure such a case would be dismissed on the basis of unclean hands, but it only takes one SCO to tie up the court for years. Another potentual issue is with privacy related bugs. I create a app v0.1 which I later find has a fairly serious privacy flaw. I correct this in v0.2, but does this now mean that others can no longer distrabute v0.1 of my code.

Everybody is asying that this clkause is stupid. If it is illegal, then the licence does not need to say it.

RMS: This better not be in draft 2!