Slashdot Mirror
Using GPL/BSD Code In Closed Source Projects?
Dan asks: "I am considering writing a program that will use code from OpenSSH and OpenSSL as the base for my network protocol in a closed source project. How can I do this without breaking the GPL/BSD license? If I isolate the borrowed code in a shared library, and then open the source for that whole .so or .dll file, is that sufficient? Or do I also need to open the API for that shared library as well?
It seems to me to be quite reasonable to include code from open source projects in closed source projects, as long as the areas that it touches are open as well. For example: if I develop a network chess game with a protocol based on OpenSSH, it would seem to me to be reasonable to open up the code for the protocol, but not the code to make the entire game...that would seem silly. Any thoughts on this?"
-E
Send mail here if you want to reach me.
While RMS would have preferred that we open sourced the whole application, the fact that we have released independently-usable programs as a result of our work is enough to satisfy the GPL and stave off a little of the grumbling. That is also why RMS says it's okay to call GPL'ed CORBA components from proprietary programs -- every little piece that's GPL'ed helps further his goal of being able to do everything with free software. The requirement is that the GPL'ed component be a complete, independently usable program or component -- this gives RMS something that he can personally run as part of his totally-free system. Just releasing a few unusable fragments of code (or a CORBA component that requires proprietary components in order to be useful) won't do the job.
Regarding network protocols, I wouldn't use 'ssh' or 'openssh' anyhow. Investigate 'openssl', and write your own protocol based upon it. I could not use OpenSSL for the closed source project that I worked on because of the RSA patent (which is now expired so it's not a problem for you, back then it WAS a problem) so I wrote my own Diffie-Hellman based protocol, but nobody should have to go through that hassle nowdays.
-E
Send mail here if you want to reach me.
The rule (well, the law, I should say) is that if the library is GPL'ed, then programs that use the library must be GPL'ed. If you don't agree to that, you have no right under copyright law to use the library, and can be sued for a $100,000 copyright violation for each instance of shipping a proprietary product that uses the library (so if you sold 100,000 copies of your program... whoa, can you count that high?!). Note, however, that I can use 'tapeinfo', 'loaderinfo', and 'scsitape' from a proprietary product without the proprietary product itself being GPL'ed. What matters is that these are complete, useful programs. The fact that they can be called from shell scripts or Python scripts that are not themselves GPL'ed is irrelevant.
-E
Send mail here if you want to reach me.
Aside from the fact that both the products you mention are BSD licence, meaning you can do what the hell you like with the code as long as you retain the author's copyright notice -- let's just explore the hypothetical situation if they had been GPL code.
If you really want to disrespect the wishes of GPL code authors, you might want to look at what the TiVo guys did to implement their proprietary filesystem on Linux.
What they did (or near as dammit) was write something akin to the NFS mounting code, except using UNIX sockets instead of IP sockets. This code had to be part of the Linux kernel, and was hence GPL. Then they wrote a closed-source piece of filesystem code which ran as root in userland. The GPL code in the kernel would then mount the filesystem being exported by the closed-source fileserver code.
This was legal, if not in the spirit of things.
So, you could write a program which proxies IPC messages and SSLifies them, and make it GPL. In fact such a thing might be a valuable tool to the community, since they could easily reuse it in all sorts of situations. Your closed-source program would use this GPL'd component's services to reach the outside world in an SSLified manner.
Oh, by the way, we call SSL TLS these days, for some reason unknown to me...
--
If it's BSD, all you have to do is give proper credit.
If it's LGPL, then you can isolate the code in a shared library and Open-Source that, while keeping the rest closed. It does have to be a shared library, however; static ones won't do.
If it's GPL, your chances are slim, but all is not lost. Ask the authors of the code for permission to use their code in your project. You never know; they just might let you do it.
----------
If you're doing closed-source work, don't even look at GPL code, lest you be accused of stealing code somewhere down the line. And if someone calls you on a suspected GPL violation, how can you prove your innocence? Show them the code? Even if you are inspired by how a piece of GPL code did something, and implement something similar, that's kinda suspect as well.
Play it safe, don't invite the wrath of GPL zealots upon yourself and your project, just steer clear of GPL code altogether.
Why don't you buy the commercial version of SSH? You can pay your way, and your customers can pay theirs, and eveyrone will be happy.
If you're unwilling to pay yourself, then maybe you should reconsider your model.
I can only assume Dan is planning on compiling a high-tech spam list with the email addresses from all the flames he gets.
Somehow I doubt the slashdot crowd is going to be overly sympathetic to the stated goal of, essentially, figuring out the LEAST you can do in terms of contribution for what you've taken.
While you may be totally legally clear by just returning all the network side of your app to GPL, I think the moral idea is that if you are clearly benefitting from "borrowed" code, you should be loaning out your own code at more than the bare minimum required so that others can benefit.
The other (comprimise) way of doing this would be neither to give back the chess game nor just your network patches, but something in-between. Develop a generalized gaming network protocol based on OpenSSH that could be used by other game developers for backgammon and checkers, so that while you may be selling your closed-source chess game, you make it easier for others to create similarly polished (and compatible!) games (GPLed or not).
---------------------------------------------
Recursive: Adj. See Recursive.
> As a political tool, hey, whatever you can get away with to force other people to release THEIR code, no matter that it has nothing to do with YOUR contribution.
Nice spin. Completely bogus. I can't "force" you to do anything. However, I can withhold my permission for you to use my code.
It's not like using GPL'd code is your only choice when you start a new project. You could write it yourself, like I did. Or you could hire someone else to write it. Or you could obtain it through a license which may or may not cost money, depending on what you want and who is licensing it to you.
The problem with critics of the GPL is that they assume they have some kind of intrinsic right to use GPL'd code, and thus bitch about the restrictions on it. The fact is, however, no one has any intrinsic rights to it at all. You can use it under a license, just like you could with code from Sun or Microsoft. If you don't like the cost or terms of the license, you have to shop elsewhere, whether you're dealing with Sun, Microsoft, or me.
--
Sheesh, evil *and* a jerk. -- Jade
AFAIK, IANAL and all that.
You'll be wanting to read the OpenSSL licence then?
But it seems fine to me. OpenSSL is released under a variant of the BSD licence (enforced credit-where-it's-due), which is more or less carte blanche to do what you like provided you put some thank you's in the appropriate pages. Apart from that, fine, tunnel what you like. Try hacking around with stunnel first (/usr/ports/security/stunnel/).
Dave
I write a blog now, you should be afraid.
I cant say I agree that GPL forces anyone to open their code. Indeed it does use the force of the state, so this is debatable, but I tend to think that GPL is about not wanting to aid other people in writing non-free software. This would be because non-free software is considered a Bad Thing in that it reduces freedom and causes social harm. Now RMS is not coming out and saying "Thou shalt not harm others with non-free software" (although I wouldn't be suprised if he did say this), he's just saying "If you want to go and build fences and hurt people you can do it without my help and without the help of free software".
How we know is more important than what we know.
(Assume that I'm the author of the aforementioned code. I'm not, but...)
If you want to use MY code, you have to agree to the terms I give on it. And my terms for using MY code within your program are that you have to release the source code for the entire application.
GPL code is not public domain. You have to satisfy MY price to distribute MY code. Otherwise, you have no rights under copyright law. If you don't like the terms I offer, you can either negotiate other terms with me (which will probably require monetary renumeration), or you don't use the code.
If you want code without these restrictions, either reimplement it yourself, or use public domain. You have no right to use my code.
The GPL is designed to prevent exactly this. While the BSD and, to a lesser extent, the LGPL, has a main purpose of seeing the code in use, hopefully in a free way, the GPL has a main goal of making as much code open as possible. In this, it sacrifices the convenience of the developer for freedom. While this is a goal that you may or may not agree with, it is one that you should respect before trying to use GPL'ed code in a closed application.
Your option under the GPL is this: Open your code or use a closed-source library. Perhaps, instead of trying to find a way to include open code without violating the license, you should explore either one of the above options. Anything else would violate the spirit, if not the letter, of the General Public License.
--
Friends don't let friends misuse the subjunctive.
The true benefit of BSD code is that you don't have to publish your source if you use somebody else's code. Depending on the version of the BSD license you may have to obey the advertising clause, but other than that you're home free. Nothing to give back _ever_.
--
Eric is chisled like a Greek Godess
marotti.com
The GPL exists to protect the authors of Free Software from having their work stolen (yes, I said "stolen") by people who aren't willing to give back to the community.
Seriously, why would you think that you can freely partake of the efforts of a programmer without giving him some sort of compensation? The author of GPLed code, I'm sure, *rejoices* every time he sees a project GPLed because it used his code. That's what he charges for his code: that people who use it must also contribute to Free Software.
Honestly, I don't think it's moral to used GPLed code without GPLing your product that takes advantage of it, regardless of whether you can find a legal loophole for doing so. Doing so violates the intent of the author.
Jeremy
Looking for a Python IRC bot?
GPL/BSD, whatever floats your boat, it is your code, do whatever. But I personally believe that the GPL can be dangerous, as it actually discourages the reuse of code. And this can seriously hurt a program. Here is an example: Bison is a wonderful tool, a really nice LALR(1) parser generator, and far superior to YACC. However, when you use Bison, it includes a large quantity of code in order to create the parser generator used by the program. 7 or 8 years ago, Bison was under the GPL, and, since it includes a good hunk of itself in any program compiled by bison, the output of Bison was under the GPL. Therefore any program which used Bison to construct it was under the GPL. As a result, nobody used Bison, outside of GCC and class projects. Since then, they changed Bison's liscence so the output is under the LGPL. As a result, it can now be used as a general purpose tool, like GCC.
Nicholas C Weaver
nweaver@cs.berkeley.edu
Test your net with Netalyzr
I'm planning to rob a bank. If I dress up really decently, and use polite language (and a nice looking gun) while adressing the bank staff, will I get away with it?
It seems to me quite reasonable for the bank to give me some of their money. They've got so much of it.
But never mind, I assume you wrote this out of ignorance and innocence, and not bad will... so here's the answer:
It seems to me to be quite reasonable to include code from open source projects in closed source projects
...
it would seem to me to be reasonable to open up the code for the protocol, but not the code to make the entire game...that would seem silly
Why?
All I can observe is:
That being said, you are lucky that OpenSSL and OpenSSH are both BSD licensed programs (IIRC) and thus you can do with it whatever you want. But I am really concerned about your attitude towards Open Source. Why the heck is it "silly" to make your own program open? Why on earth did you choose it to be closed anyway?
I know I sound like a hippie father trying to understand why his son joined the army, but please do consider this. Open Source has got tons of benefits (see here for more info) PLUS idealistic advantages (see here for more info). Why go closed? Your program would hardly have any impact to the Linux community in closed source form, nor would people contribute to your work, etc.
It's... It's...
"We can confirm that Debian does *not* ship the version with the trojan horse. Our version predates it." [CA-2002-28]
The GPL is pretty clear that you must release all of the code that you link with any GPL'd code you use. Section 2 spells it out about as clearly as possible:
2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions:- a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change.
- b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License.
- c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.)
It's hard to speak for other authors/programmers, but it's been my impression that many choose the GPL specifically because of these terms.The fact that your application has a requirement to be closed source doesn't give you a right to use other people's code in violation of their license terms. Just because it would "really help" you doesn't change a thing. As far as the GPL is concerned, you're out of luck (at least that's how I read it, IANAL). I personally don't like closed source software, and when I release code under the GPL, I want it to help whoever gets it, and other GPL'd projects, but never a closed-source-friendly code base.
But never is a really long time... copyright does eventually expire, and in the meantime, you can always contact the author and ask if they'll release it to you under a license more to your liking. Offering money probably helps your chances.
PJRC: Electronic Projects, 8051 Microcontroller Tools
The GPL is more than a political statement. It is a choice that I or another programmer make about how their work is to be used. I am sorry that the terms of the GPL hinder your work, but you have no more right to demand to use the code that I or any other programmer who published under the GPL writes for free then you have a right to force your plumber to work for free or your doctor to work for free.
This is really what the GPL is about. It is about making an intentional choice about how your labors as a programmer can be used by others.
I choose to contribute to the GPL software community. I do not choose to give my work away for free. My payment for my work is the other contributions of the other memebers of the community, including those of people who modify or reuse my code. You don't have to contribute to this community if you don't want to, you just can't use our resources for purposes which don't contribute.
When code is published under an open source license it is a choice by the programmers writing that code to make it available to others under a specific set of restrictions. It is wrong of you to try to take the work of those programmers and use it in ways they explicitely do not approve of by virtue of their choice of licensing agreement.
If they choose to publish under a BSD style license you are free to reuse their code and incorporate it into a closed source product. That was the way the people who wrote the code intended you to use it.
Many of us who publish under the GPL feel differently about how we want our work used. We do not object to others who are contributing to our community on the same terms reusing our code, but we do object to people simply taking our work and using it as a free ride. When you release derived works under the GPL you are in a sense paying us for our work by enriching our community. When you simply take our labor and use it in your closed source product you are stealing our work as surely as someone who pirates your closed source software is stealing yours.
Please respect the wishes of those of us who choose to contribute our time, efforts, and talents under the GPL and respect both the letter and the spirit of that license.
it would seem to me to be reasonable to open up the code for the protocol, but not the code to make the entire game...that would seem silly. Any thoughts on this?
:)
I see you're new here
What you're missing is that the GPL is a political tool, not a source code license.
As a source code license, of COURSE it is utterly ludicrous that you should have to open up source code unrelated to what you're using.
As a political tool, hey, whatever you can get away with to force other people to release THEIR code, no matter that it has nothing to do with YOUR contribution.
This also puts me in an annoying situation. I write free-as-in-beer software to download flight data from the Ball Varios variometers. Now, there's a number of GPL projects it would be nice to include code from, graphing libraries for instance; but if I did, I would have to open ALL the source, which includes the part that communicates with the hardware device, although that obviously has nothing to do with a graphing library for instance.
This is a problem, because the Ball varios are certified by FAI as being acceptable as documentation of a world record flight. And one of FAI's conditions for that certification is that the protocols for communicating with these devices may not be made public. Which means, not releasing the source code containing those protocols. Which means, I can't use any GPLd code at all, no matter how completely unrelated it is to the actual problem and how perfectly willing I'd be to contribute back any work I did to the source I used.
So my users lose out on functionality they'd get quicker otherwise, and the Open Source community loses out on the work I would put towards something licensable.
Now whose interests exactly is the GPL serving here? Nobody's that I can see.
(Don't bother saying "change FAI's mind". They have no motivation to do so whatsoever; there's no way you'd ever get even time to explain the CONCEPT of Open Source, never mind why their certification process should accomodate the GPL...)
If you want to ditribute this for no benefit to you/your company, then you'll not have any problem in distributing the source code.
If you want to distribute this project for your own benefit (which may or may not involve money) then you have a moral responsibility to share the code because your code has only come into existance because someone else shared their code with you.
That's the morality of it; the legality of it is that any project which depends on GPL'd code (source or binary) to work must be GPL'd too. "Depends" on here means that the GPL'd section is either the basis of actual code or so important to the project that it must be offered by you to the users of the project.
An interesting legal point here seems to be that if you are so sure that the GPL'd parts are already available to the user that you can refuse to supply them, then you need not GPL your own material. So a binary for *nix which calls the "touch" command need not be GPL'd unless you distribute it with the binary or code for "touch". Seek legal advice before trying this approach.
If you have a problem with this then don't use other people's code (at least people that release code under the GPL).
Those /.ers who are comparing this with DVD are skipping the morality section and the legality angle.
No one sane is arguing that copying movies and/or music and distributing the copies without permission is right or legal. It has never been either. But preventing fair use (ie I make a copy of a CD to listen to in my car, or a copy of a DVD on my hard drive so I can play it back under Linux) is not moral or legal (really, it's not legal according to US law, getting a judge that understands this seems difficult though).
Revolutions occur when the gap between moral and legal grows too wide for too many people.
TWW
"Encyclopedia" is to "Wikipedia" what "Library" is to "Some people at a bus stop"
In fact, GPL is a license like a binary-only license, only that you get a much better deal: not only do you get the executables, you also get the source code. You can even redistribute it, and you don't have to pay for it. And if you want to reuse the code commercially, you can license it from its author.
But that doesn't make the GPL a "political tool" (a political tool for what, one might ask?) any more or less than it makes your favorite binary-only, costly, we-own-your-firstborn-son license a political tool. At best, one might argue that the GPL is used as a marketing tool by some companies.
As a political tool, hey, whatever you can get away with to force other people to release THEIR code, no matter that it has nothing to do with YOUR contribution.
You aren't forced to do anything. If you don't like the license, don't use the code and don't contribute to it. In fact, in some cases, I would fully agree that it is a bad idea to base one's software on a GPL'ed library.
There are a bunch of pragmatic exceptions to that rule, involving "system libraries". But it is unlikely that authors who placed their code under the GPL intended those exceptions in your case. Even if you can legally get away exploiting a loophole in the GPL, I would consider that unethical.
If in doubt, contact the author and have them clarify any ambiguities in writing. They may ask you to sign a separate commercial license and pay for it. And, given that you intend to charge for your software, you should be happy to pay for their software.
If it's covered by the BSD license, the intent and letter of the license should be clear: you can almost certainly use it.
Personally, I do not hold with principles or morals, but I try not to rile others unduly. What is the point? If you feel the same, you should have a similar attitude.
You know exactly what to do-
Your kiss, your fingers on my thigh-
You know exactly what to do-
Your kiss, your fingers on my thigh-
I think of little else but you.