Slashdot Mirror
Sun Finds & Exploits Hole in the GPL *Update*
chrisd writes "Sun is shipping binaries (no source code for you!) of some of Donald Beckers work, saying in their defense that "It says that anyone using its kit is responsible for ensuring that how it's used doesn't violate licenses, and that's not Sun's problem."" Update: 09/15 11:30 PM by CT :The article is somewhat confusing here: this is essentially a cross compiler, and Sun isn't distributing anything in violation of the GPL, and if they used their compiler to distribute binary drivers, that wouldn't violate the GPL either, assuming that they distributed the original driver source code as well.
Huh? I don't get how Sun's kit is any worse than e.g. Napster. It's all in how you use it, right? Just because SOME people MIGHT use it to abuse the GPL doesn't mean Sun should withdraw it. Or is this just another example of double standards in the free software world?
Ok, I've read the article and some of the posts here on /.
2 conclusions:
- those linuxgram folks are clueless and probably dishonest
- Becker is an arrogant asshole who clearly doesn't grasp open source
Sun never asked his permission to convert them to Solaris binaries...
But Becker knows one thing - he wants Sun to stop peddling the kit, which he says includes "explicit instructions on taking a copyrighted work and converting it to unlicensed use with the Solaris operating system."
What a jerk!
If you want anyone who uses your code to suck your dick or give you money (is there any significant difference?), then you release it under a closed source license, not the GPL. The GPL is about writing better code, it's about the pleasure and pride of seeing your code used by many. It's about free software. Nobody needs to thank you for this. It's better if they do but you must be prepared to see people just take it. And expecting users to ask you for permission is blantantly against the spirit of the GPL.
When you release under the GPL, you allow user to do whatever they want with the code, provided:
- that the source comes along with it - the status of which is not clear in the article, so I assume that Sun is ok with that.
- that any derived work becomes GPL - and under no circumstances could Sun's kit (more or less a compiler) be considered as derived from GPL code.
All in all,it appears that Becker is an arrogant, self-conscious kid. I'm afraid that the open source movement is increasingly populated by religious fanatics. Those guys see GPL as a tool for power and totally forgot (or chose to ignore) the real message: freedom.
Donald, if you don't want others to use your code freely, get a job in Redmond.
Just my 2c.
- I will fight for the right to be right - Bowie, 1971
It would have been really helpful if the poster of this article had actually said what piece of software Sun was distributing. For those who haven't read the article, it seems to be a pieve of software that converts Linux driver binaries to Solaris/x86 ones (note that this only seems to work for drivers). The software itself is, I believe, proprietary (but does not use any GPL'd code itself).
This isn't a GPL breach, in letter or in spirit. The author of the article is correct: it is the responsibility of driver porters to ensure that their drivers don't violate licenses, not Sun's. In the case of GPL'd drivers, they do this by providing the sources, which they must do for the Linux drivers. Since the Sun toolkit seems to be little more than a recompiler (less than that, actually; more like a relinker) it hasn't actually modified the source any more than a compiler does.
Maybe I'm wrong about the software's nature; I'd appreciate corrections if that is the case. But it looks like a lot of people are blowing this out of proportion. Sun is not violating the GPL. It has created software which could, theoretically, be used as an aid in GPL violation, but isn't intended for that purpose (rather like Napster and DeCSS can be used in violating more restrictive, and some might say unethical, licenses but are not intended for that purpose).
I'll admit, this looks a bit fishy. But I support Napster and DeCSS; because of that I can't cry out against this driver converter without being a hypocrite.
----------
Now, if Sun itself is distributing object code derived from GPL software, they have an obligation to follow the GPL with regard to distributing source. It is also unclear whether or not they are doing this. If they are not, then they are in clear violation of the GPL, and I don't see where Bruce sees the gray area. (And, FWIW, they should have asked RMS about this, not Bruce.)
So, in essence, from what we know: 1) the idea of compiling source intended for Linux into a Solaris object code is not objectionable nor a violation of the GPL even if the compiler is not GPL'd; and 2) if Sun uses GPL'd code in their compiler, they must include the source. So on #1, Becker is wrong, and on #2, Perens is wrong. If Sun indeed is using GPL'd code and not including source, then they need to be taken to task. Otherwise, they are not doing anything to violate the GPL.
Another avenue, which the GPL doesn't try to use, is contract law. You can require an exchange of rights in a contract that would cover linking.
Why a double-standard? It's the way it's used. The GPL restrictions work to keep software free. Most people's restrictions work to do the exact opposite.
Thanks
Bruce
Bruce Perens.
Not well. The only case was Nintendo vs. Goloob games. Goloob made some device that gave you special powers, invulnerability, etc. in Nintendo games. Nintendo asserted that Goloob's device created a derived work. The opinion in this case was not conclusive.
Let me ask this: If I have a program that makes a call to, e.g. execlp("someprogram", {"someprogram", "filename"}); Does that make my program a derivative of someprogram?
No. And that is a problem where the GPL is concerned because with CORBA you can server-ize any program and use that to circumvent the GPL. It is argued that this might not stand because you could show a court that server-izing was a device explicitly used to circumvent the copyright.
Regarding whether or not MS holds a copyright on every program that links agains MS libraries, they do something even worse. They don't license those libraries and their own executables for use on an operating system that is not a Microsoft product.
My goal is to keep free software free. If it turns out that all of the free software I write is used as a subroutine library for any proprietary software that cares to pick it up, what incentive would I have to write free software?
Thanks
Bruce
Bruce Perens.
Thanks
Bruce
Bruce Perens.
What's the problem here?
Is it that the binary might or might not have new code in it introduced by the compiler? If that's the case, the same could be said if, say, Metrowerks distributed the source for these drivers with its compiler. Essentially the GPL under this interpretation forbids shipping binaries of GPL'ed code compiled with a non-GPL compiler. Also, it would mean that any code compiled with a GPL'ed compiler would become GPL'ed if the compiler introduced any foreign code (I don't know if gcc does or not).
I don't think this is a huge concern anyway. The compiler can't pull but so many "dirty tricks" simply because it can't know what the code is supposed to ultimately do. And compilers work at such a low level that the question of what is or isn't "foreign" code with respect to a given set of source is non-trivial, especially with an optimizing compiler.
Is the concern over the fact that Sun isn't shipping the driver source with the driver binaries? Assuming that this is the only concern, does anyone really care? Unless they've changed the source, does it matter to me whether I get the source for tulip.o from Sun or from Donald Becker? More specifically, if I put tulip.o binaries on my FTP site as a convenience for my user-group, am I obligated to distribute tulip.c myself? Is it not enough to say "get the source from the author?" Under a particularly strict reading of the GPL, it would be unacceptable to have tulip.c and tulip.o in the same directory as separate files -- they would have to be zipped together so as to be sure that Section 3 of the GPL could not be breached inadvertently.
Or is Becker just throwing a tantrum because he doesn't like seeing his work used for something outside the scope of his intent (to write a Linux driver)? This is, I hope, a remote possibility, because in itself that attitude defeats the whole point of the GPL, but one that occurs to me to toss out.
-- Old Man Kensey
The problem is that Sun's been tooting their horn quite a bit recently about being part of this free software/open source _community_. People who don't play nice with their neighbours tend to get ostracized from communities surprisingly quickly. I expect that the GNOME Foundation will crucify them over this, for example. I also wouldn't be surprised if Don throws an anti-Sun clause in the next release of any of his drivers.
It might be legal, fair, or whatever, but unless it's nice they chances of success in the long run are pretty low.
c.
Log in or piss off.
You know something? Assume the following happened and imagine the "community response."
Imagine that someone produces a tool that somehow modified VXD and WDM drivers intended for Windows so that they could drive all that hardware on Linux. Do you think people are really going to say:
"Well... since the Microsoft license agreement to driver developers licenses drivers only for use with the Windows kernel we can't use this tool."
Or do you think that they would just say "Fuck the man mirror it with your copy of DeCSS?"
Funny how the "opensource/freedom of information" mob feels no remorse in flagrantly violating choice laws yet comes crying back with this "oh please save us IP law" when they so much as get brushed against by a large company.
Why should anyone care if I can load linux drivers into my Solaris, BSDi, Win32, MacOS kernel? Oooh you're going to lose your precious market share? What happened to producing the best work you could?
~GoRK
Sun is ... saying "It says that anyone using its kit is responsible for ensuring that how it's used doesn't violate licenses, and that's not Sun's problem."
When i first read that, i didn't realize that the quote was from the author of the article -- i was shocked, thinking a Sun spokesperson said that.
CmdrTaco: You really should have edited that submission to make it more clear.
--
--
Mod up a post Rob doesn't like and you'll never mod again
Now, it's been a long time since I had to build drivers into a Sun operating system (so long that it was probably SunOS rather than Solaris), but AFAIK it does not support dynamic loading of driver modules the way Linux does. (And even if it does, that could be argued as irrelevant -- it's a matter of dynamic vs static linking.)
Now, if Becker's drivers were released under the LGPL, which explicitly allows linking with proprietary code, this would be a non-issue. However, the general intent of the GPL is to not allow such linking, static or dynamic -- although the latter has been argued as insufficiently made clear in the GPL. And there's the problem.
If the drivers are statically linked into a Solaris kernel, then that's pretty clearly a GPL violation. If dynamically loaded, then it may be as Bruce Perens states, violating the spirit of the GPL (vs LGPL). Whether it also violates the letter of the GPL may end up being up to a judge to decide.
No, no, no. It ain't ME babe,
It ain't ME you're looking for.
-- Alastair
Hey look, it's not like anyone (Sun) is hiding the source code. The main principal behind GPL is that no one can horde the source code -- ever. The Sun binary is just a transliteration of the Linux binary. The original source code for any of those driver binaries can be found thousands of sites all across the 'Net.
Sun isn't changing the source code much less adding any features to the source code. Changes like that would have to be distributed.
I don't think this is a hole in anything.
The only thing Sun must do, in my mind, is include a few URL pointers to driver source.
This is a boring sig
From the article: "Sun's controversial little kit takes open source Linux drivers and converts them into Solaris binaries. "
OK, here's the deal: The kit itself is just a piece of software - it no more "encourages" licens violations than GCC does. But any product of the kit was originally made from some code. Chances are, that code was under copyright and license. So, distributing the modified binary is distributing a derivative work - this is only allowed under the terms of the license the original code was under (in this case, the GPL). So, Sun must distribute the source to Becker's drivers if it distributes binaries of them (for any system).
-Dave Turner.
Become a FSF associate member before the low #s are used
Sure, if SUN was just providing the (what appears to be) compiler then there would be no issue. If they included the source code to the GPL code they ship as example binaries, there would be no issue. In that case it would be simular to Napster distrubuting an MP3 with permission of the artist or Xerox buying dictionaries to include with their photocopier.
To me this sounds like the definition of a compiler. Ok, so maybe it does a bunch of additional magic to convert the API's, but nothing to get our panties in a knot over.
Sure, an unscrupulous party could use this to "compile" an open source Linux driver into a Solaris binary, and "forget" to ship the source with it, but the same is true for any compiler. So what's the problem with this? If we attack Sun for this, we should also surrender to the MPAA, because admittedly DeCSS could be used for infringment.
> To his surprise, the kit used the Linux eepro100 and Tulip network drivers as examples. Becker wrote those drivers. Sun never asked his permission to convert them to Solaris binaries.
Again, what's the problem? That's just as if an application developer complainted that sb compiled his app for an Alpha, whereas he had developped it on an Intel. Nobody does the GPL say (or intend) that applications should only be run on the platform that they were developped for. If that was the case, we would be hypocrites for denying the MPAA the right to restrict their movies to the Windows platform (or to a given regions).
> Now Perens has ruled, or should one say opined, that Sun is perfectly within its legal rights -
So, how fair is Slashdot. IS this a case of a tool that can be used for illegal (or immoral in this case, at it has been shown to be legal), but can also be used for legal (and moral) activities and should be left alone? OR will everyone get up in arms because this isn't against the RIAA ir MPAA or Microsoft, but against the beloved GPL. They aren't resonsible for how their software is used, that's the user's job. They have no control over it. And they have no legal obligation to limit it's used to things that everyone else deems okay. This tool has to stay on the market, because it can be (and actually is) used for legal purposes.
"Information wants to be expensive" - Stewart Brand, the same guy who said "Information wants to be free"
Second, I would like to say I love the GPL and do not want to see it legally weakened. That is, in fact, the reason I have thought about this. Because if the GPL makes (what a court deems to be) over-broad claims, that would definitely weaken the GPL. So don't flame me ;-)
But, I have been thinking for a long time that the GPL's claim to limit who can and can't link to GPL'd code might be tenuous. It is very easy, when I can point to a program and say "that program's source code contains my source code" to say that that code should therefore be GPL'ed. I can argue though, that a program that links to your library doesn't somehow become one program, it merely uses your code, and remains a separate entity that can be distributed under seperate copyrights. I think that one might find that a court might entertain the idea that linking code doesn't make it a derivative program.
To illustrate, let me argue it this way. Copyright, If I understand it correctly, allows you to specify terms upon which people can obtain a copy of your work, and make copies/derivatives; however, once someone _has_ a copy, I think, you can't really specify how they can use it(there are some exceptions, e.g. public performances, etc; and of course companies try to limit people's usage all the time, so I could be wrong here). So, if I have legally obtained a copy of your source-code, and this source-code is in the form of a library (or module in this case, which is similar), I might (I don't know, IANAL, and as far as I know no court has ever ruled on this) be able to make the case that "my" code (in this case sun's solaris x86 kernel; in the previous sentence, and for a bit following, when I say "my" I am speaking from the hypothetical standpoint of a defendant making a case in a GPL lawsuit) was distributed legally, and that the user got the GPL'ed code legally (assuming the module's/library's source code is included), and that the GPL cannot limit the user from using the two together.
Let's look at this another way: if a commercial software company said that their library X couldn't be linked against program Y, even though I paid for library X and got it legally, and paid for program Y and got it legally, because company Y hadn't paid a fee to the maker of library X, then we on slashdot would all be crying that this library distributor was making a draconian claim to rights that they didn't have: namely the claim that they could control how I used their software after I had gotten it legally. Why do we apply a double-standard to free-software?
This is what I got from the article:
So the complaint, as I read it, seems to be that sun has a released a kit (binary only, it would seem), that is somehow in gross violation of the GPL - but I say, not unless the program itself was written with GPLed code and the source isn't being given a way.What it does to other binary files outside of that is a moot point.
But does it take the source or the binary? That's the real question. It sounds like it takes the binary...which, itself, should be distributed with the source code. However, I believe the problem is that, given the binary, you can modify it, and release it without the source. I agree that's a problem, and would violate the spirit, if not the letter of the GPL.HOWEVER, I didn't see anywhere that SUN itself has actually done that.
There is this:
I still don't see anywhere in the article that said these were distributed without source code, but the complaint seems to be that SUN didn't ask Becker's permission. To which I reply: why should they? Their use of the code doesn't seem to be, in itself, a violation of the GPL or any other moral codes. The code is open source, it's out there ready to be used by anybody, even SUN, or even Microsoft - if you release something under GPL, you need to accept that.The problem actually arises, it seems, from SUN linking the GPLed code to their non-GPLed code (as runtime modules). According to GPL, they would have to release the source to Solaris in order to do this (remember the difference between GPL and LGPL, this is GPL we are talking about).
I guess it's a sticky issue...but I think people are reading this the wrong way, I don't think the issue is even about Becker's source code at all, but that an non-open source operating system is using GPLed (and not LGPLed) drivers.
So the question that needs to be addressed is: are binary files created from GPL code subject to the same restrictions as the source code? So it's not the source code, and it's not even the binary created from the source code - it's the binary created from the binary, and the violation is not releasing the source to the operating system that uses it.
Difficult question.
----------
Stupid sexy Flanders.
C'mon! Wake up!
This is the napster to kernel drivers, the Xerox machine to books. Remember, it's not Napster's problem that users violate copyright with the service. Nor is it Xerox's probolem that people photocopy copyrighted works on machines. We can have it one way or the other. If it's not Napster's fault, and if it's not Xerox's fault. Then Sun cannot possibly be held accountable for what people do with their software.
Remember, it is the responisibility of the user to ensure that no copyrighted source code is converted to binary drivers.