Use the Source! A Revolution in Grassroots Software Right to Repair

SFC launches key tool in the fight for user rights at FOSDEM

February 3, 2024

Software Freedom Conservancy (SFC) today announced at FOSDEM an innovative new community tool in the software right to repair: Use The Source. Use The Source is an elegant collaborative platform for users to catalog, find and test source code candidates for real products to verify their reproducibility and reinstallability. Users can discuss whether their device’s software is repairable, so they know if the device can be fixed or updated, especially to fix security vulnerabilities or otherwise adapt it to their needs.

Most consumer electronics ship with software that is provided under various copyleft licenses that (ostensibly) guarantee the consumers’ right to software repair. Owners of these devices have a right to receive the complete source code for that software. Sadly, too often, the source isn’t provided at all. Even when some source is provided, the provided source is usually incomplete.

Use The Source seeks to be a hub for collaboration in solving this problem. Based on the ideals and methodologies behind successful FOSS projects, Use The Source provides device owners an outlet to share and discuss how they reviewed source code candidates that companies provide to them, so they can determine, with the community’s help, whether they can truly repair and modify the device’s software. SFC encourages device owners to first test the offers for source code for all their products, and then share the source candidates they have received.

This Use The Source initiative harkens back to the beloved but now defunct mailing lists of gpl-violations.org. In their heyday, these mailing lists were a central place for those who cared about their rights under copyleft licenses to learn from each other. On those lists, the early FOSS community learned how to make effective use of compliant source, and how to demand that source if none is provided or it is incomplete.

SFC is acutely aware that, for the last decade since those resources disappeared, the skills and knowledge in the FOSS community has atrophied. SFC feels an obligation to use our expertise to launch a community to rebuild these skills in the volunteer core of FOSS, and to otherwise teach and educate about what we know and how we do.

As always, SFC plans to follow its Principles of Community-Oriented GPL Enforcement in this process. SFC has developed a timeline for companies who wish to actively participate in resolving any concerns, based on the security concerns that are implicated when source candidates are not in compliance with copyleft terms. Our process balances the urgent need to publish and discuss source candidates with the common desire of for-profit companies to remain anonymous while they correct inadvertent GPL violations.

SFC encourages anyone interested to review the source code candidates on our Use The Source platform, and to submit any source code candidates they find, so the community can build its knowledge and experience in reviewing and assessing source candidates for their compliance with the copyleft licenses that companies choose to use. You can also join our ccs-review mailing list, where the public can engage with SFC and other official Use The Source commenters in discussing the published source candidates as well. Source candidates and comments from Use The Source will auto-post to the ccs-review list so you can see and react to what we’re doing in real time. We hope that our discussions will eventually lead to a much higher percentage of source candidates being in compliance with the software right to repair licenses they use. With compliant source code candidates, device owners can keep themselves secure, adapt to their future needs, and ensure others can do the same, by themselves or by working with the community or third-party repair services to give them the freedoms that software right to repair licenses have always intended to convey.